feat: add autdev pr

Author: waxb

.github/workflows/azure-pr-deploy.yml

@@ -0,0 +1,176 @@
+name: Azure Container Apps PR Deployment
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, closed]
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+env:
+  AZURE_CONTAINER_REGISTRY: dotinc.azurecr.io
+  AZURE_RESOURCE_GROUP: rg-brease-pr-${{ github.event.number }}
+  AZURE_LOCATION: westeurope
+  API_APP_NAME: brease-api-pr-${{ github.event.number }}
+  CONTAINER_APP_ENVIRONMENT: brease-pr-${{ github.event.number }}-env
+
+jobs:
+  deploy:
+    if: github.event.action != 'closed'
+    runs-on: ubuntu-latest
+    concurrency:
+      group: pr-${{ github.event.number }}
+      cancel-in-progress: true
+    outputs:
+      api-url: ${{ steps.get-api-url.outputs.url }}
+      
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Debug OIDC token
+        run: |
+          echo "GitHub context:"
+          echo "Event: ${{ github.event_name }}"
+          echo "Ref: ${{ github.ref }}"
+          echo "SHA: ${{ github.sha }}"
+
+      - name: Azure Login
+        uses: azure/login@v2
+        with:
+          client-id: 2bfd5f96-2fa1-44ff-af35-17722c04027f
+          tenant-id: 760d74d4-e9ad-46f8-bbae-e20bce9596ab
+          subscription-id: 5533053b-de97-432f-908a-c7018c458532
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Azure Container Registry
+        run: az acr login --name dotinc
+
+      - name: Build and push API image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./apps/api
+          push: true
+          file: ./apps/api/Dockerfile
+          tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/brease-api:pr-${{ github.event.number }}
+
+      - name: Create resource group
+        run: |
+          az group create \
+            --name ${{ env.AZURE_RESOURCE_GROUP }} \
+            --location ${{ env.AZURE_LOCATION }}
+
+      - name: Create Container App Environment
+        run: |
+          az containerapp env create \
+            --name ${{ env.CONTAINER_APP_ENVIRONMENT }} \
+            --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \
+            --location ${{ env.AZURE_LOCATION }}
+
+      - name: Deploy API service
+        run: |
+          az containerapp create \
+            --name ${{ env.API_APP_NAME }} \
+            --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \
+            --environment ${{ env.CONTAINER_APP_ENVIRONMENT }} \
+            --image ${{ env.AZURE_CONTAINER_REGISTRY }}/brease-api:pr-${{ github.event.number }} \
+            --registry-server ${{ env.AZURE_CONTAINER_REGISTRY }} \
+            --cpu 0.5 \
+            --memory 1Gi \
+            --min-replicas 1 \
+            --max-replicas 2 \
+            --ingress external \
+            --target-port 4400 \
+            --env-vars \
+              PORT=4400 \
+              NODE_ENV=staging \
+              INFISICAL_PROJECT_ID=642ed4939db25595ac7eb9cd \
+              INFISICAL_ENVIRONMENT=staging \
+              INFISICAL_CLIENT_ID=cd3cc75e-d3bc-4b42-ba5d-6b68f56afa78 \
+              INFISICAL_CLIENT_SECRET=b8791a2f3571a3a24c8d938c627f31490427b7466ef7e335782bd1023d145b9a
+
+      - name: Get API URL
+        id: get-api-url
+        run: |
+          URL=$(az containerapp show \
+            --name ${{ env.API_APP_NAME }} \
+            --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \
+            --query properties.configuration.ingress.fqdn \
+            --output tsv)
+          echo "url=https://$URL" >> $GITHUB_OUTPUT
+
+      - name: Comment on PR
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-deployment
+          message: |
+            ## 🚀 Brease PR Environment Deployed Successfully!
+            
+            **API Service**: ${{ steps.get-api-url.outputs.url }}
+            **OpenAPI Docs**: ${{ steps.get-api-url.outputs.url }}/docs
+            **Health Check**: ${{ steps.get-api-url.outputs.url }}/health
+            
+            **Resources Created:**
+            - Resource Group: `${{ env.AZURE_RESOURCE_GROUP }}`
+            - Container App Environment: `${{ env.CONTAINER_APP_ENVIRONMENT }}`
+            - API Service: `${{ env.API_APP_NAME }}`
+            
+            **API Testing:**
+            ```bash
+            # Test the API endpoint
+            curl ${{ steps.get-api-url.outputs.url }}/health
+            
+            # View OpenAPI documentation
+            open ${{ steps.get-api-url.outputs.url }}/docs
+            ```
+            
+            > 💡 This environment will be automatically cleaned up when the PR is merged or closed.
+
+  cleanup:
+    if: github.event.action == 'closed'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Azure Login
+        uses: azure/login@v2
+        with:
+          client-id: 2bfd5f96-2fa1-44ff-af35-17722c04027f
+          tenant-id: 760d74d4-e9ad-46f8-bbae-e20bce9596ab
+          subscription-id: 5533053b-de97-432f-908a-c7018c458532
+
+      - name: Delete resource group
+        run: |
+          if az group exists --name ${{ env.AZURE_RESOURCE_GROUP }}; then
+            echo "Deleting resource group: ${{ env.AZURE_RESOURCE_GROUP }}"
+            az group delete \
+              --name ${{ env.AZURE_RESOURCE_GROUP }} \
+              --yes \
+              --no-wait
+          else
+            echo "Resource group ${{ env.AZURE_RESOURCE_GROUP }} does not exist"
+          fi
+
+      - name: Clean up container images
+        run: |
+          # Delete PR-specific images from ACR
+          az acr repository delete \
+            --name dotinc \
+            --repository brease-api \
+            --tag pr-${{ github.event.number }} \
+            --yes || true
+
+      - name: Comment on PR
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-deployment
+          message: |
+            ## 🧹 Brease PR Environment Cleaned Up
+            
+            All Azure resources for this PR have been deleted:
+            - Resource Group: `${{ env.AZURE_RESOURCE_GROUP }}`
+            - Container image: `brease-api:pr-${{ github.event.number }}`
+            
+            > ✅ Cleanup completed successfully.

apps/api/Dockerfile

@@ -10,11 +10,25 @@ RUN go build -v -o /brease .
 
 
 FROM debian:bookworm
-# Update package lists and install ca-certificates
+# Update package lists and install ca-certificates and Infisical CLI
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
     apt-get update --fix-missing && apt-get install -y \
     ca-certificates \
+    curl \
+    bash \
+    && curl -1sLf 'https://artifacts-cli.infisical.com/setup.deb.sh' | bash \
+    && apt-get update && apt-get install -y infisical \
     && rm -rf /var/lib/apt/lists/*
+
 COPY --from=builder /brease /usr/local/bin/
-CMD ["brease"]
+
+# Create startup script that fetches secrets and runs the app
+RUN echo '#!/bin/bash\n\
+    set -e\n\
+    echo "Fetching secrets from Infisical..."\n\
+    INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=$INFISICAL_CLIENT_ID --client-secret=$INFISICAL_CLIENT_SECRET --plain --silent)\n\
+    infisical run --projectId=$INFISICAL_PROJECT_ID --env=staging brease\n\
+    ' > /usr/local/bin/start.sh && chmod +x /usr/local/bin/start.sh
+
+CMD ["/usr/local/bin/start.sh"]