@@ -11,10 +11,7 @@ concurrency:
1111
1212permissions :
1313 contents : read
14- packages : write
15-
16- env :
17- REGISTRY : ghcr.io
14+ id-token : write # required for OIDC authentication with Azure
1815
1916jobs :
2017 ci :
@@ -36,28 +33,31 @@ jobs:
3633 id : meta
3734 run : echo "tag=dev-${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
3835
39- - name : Log in to GitHub Container Registry
40- uses : docker /login-action@v3
36+ - name : Azure Login
37+ uses : azure /login@v2
4138 with :
42- registry : ${{ env.REGISTRY }}
43- username : ${{ github.actor }}
44- password : ${{ secrets.GITHUB_TOKEN }}
39+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
40+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
41+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
42+
43+ - name : Log in to ACR
44+ run : az acr login --name ${{ vars.ACR_NAME }}
4545
4646 - name : Build and push API image
4747 uses : docker/build-push-action@v6
4848 with :
4949 context : .
5050 file : Dockerfile.api
5151 push : true
52- tags : ${{ env.REGISTRY }}/${{ github.repository_owner }}/shed-builder-api:${{ steps.meta.outputs.tag }}
52+ tags : ${{ vars.ACR_LOGIN_SERVER }}/shed-builder-api:${{ steps.meta.outputs.tag }}
5353
5454 - name : Build and push UI image
5555 uses : docker/build-push-action@v6
5656 with :
5757 context : .
5858 file : Dockerfile.ui
5959 push : true
60- tags : ${{ env.REGISTRY }}/${{ github.repository_owner }}/shed-builder-ui:${{ steps.meta.outputs.tag }}
60+ tags : ${{ vars.ACR_LOGIN_SERVER }}/shed-builder-ui:${{ steps.meta.outputs.tag }}
6161
6262 deploy :
6363 name : Deploy to Dev
@@ -71,19 +71,27 @@ jobs:
7171 - name : Setup Helm
7272 uses : azure/setup-helm@v4
7373
74- - name : Configure kubectl
75- uses : azure/setup-kubectl@v4
74+ - name : Azure Login
75+ uses : azure/login@v2
76+ with :
77+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
78+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
79+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
7680
77- - name : Set kubeconfig
78- run : echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > $HOME/.kube/config
81+ - name : Get AKS credentials
82+ uses : azure/aks-set-context@v3
83+ with :
84+ resource-group : ${{ vars.RESOURCE_GROUP }}
85+ cluster-name : ${{ vars.AKS_CLUSTER_NAME }}
7986
8087 - name : Deploy with Helm
8188 run : |
8289 helm upgrade --install shed-builder deploy/helm/shed-builder \
8390 --namespace dev --create-namespace \
84- --set api.image.repository=${{ env.REGISTRY }}/${{ github.repository_owner }}/shed-builder-api \
91+ --set api.image.repository=${{ vars.ACR_LOGIN_SERVER }}/shed-builder-api \
8592 --set api.image.tag=${{ needs.build-and-push.outputs.image-tag }} \
86- --set ui.image.repository=${{ env.REGISTRY }}/${{ github.repository_owner }}/shed-builder-ui \
93+ --set ui.image.repository=${{ vars.ACR_LOGIN_SERVER }}/shed-builder-ui \
8794 --set ui.image.tag=${{ needs.build-and-push.outputs.image-tag }} \
8895 --set postgres.password=${{ secrets.DB_PASSWORD }} \
96+ --set storage.accountName=${{ vars.STORAGE_ACCOUNT_NAME }} \
8997 --wait --timeout 5m
0 commit comments