|
| 1 | +# This workflow will build a docker image, push it to ghcr.io, and deploy it to an Azure WebApp. |
| 2 | +name: Build and Deploy to dev |
| 3 | + |
| 4 | +on: |
| 5 | + workflow_call: |
| 6 | + inputs: |
| 7 | + application-type: |
| 8 | + description: 'application type - one of api, worker, ui' |
| 9 | + required: true |
| 10 | + type: string |
| 11 | + application-name: |
| 12 | + description: 'application name - one of clearlydefined-api, cdcrawler, clearlydefined; all will have `-dev` appended to the name' |
| 13 | + required: true |
| 14 | + type: string |
| 15 | + |
| 16 | +# There are secrets and environment variables that need to be set that control what is pushed to |
| 17 | +# ghcr and Azure. |
| 18 | +# |
| 19 | +# Org Secrets: |
| 20 | +# AZURE_CREDENTIALS: service principal that has access to the Azure apps |
| 21 | +# |
| 22 | +# Repo Secrets: |
| 23 | +# AZURE_WEBAPP_PUBLISH_PROFILE_DEV: publish profile for the Azure WebApp being deployed to |
| 24 | +# |
| 25 | +# Environment Variables from inputs: |
| 26 | +# APPLICATION_TYPE: type of application that is being deployed; used to add a label to the Docker image (values: api | ui | worker) |
| 27 | +# AZURE_WEBAPP_NAME: name of the Azure WebApp being deployed |
| 28 | +# |
| 29 | +# Environment Variables from workflow context: |
| 30 | +# DEPLOY_DOCKER_TAG: the tag used for deploying a specific Docker image to Azure. |
| 31 | +# DOCKER_IMAGE_NAME: name of the Docker image that is being built and pushed to ghcr.io. |
| 32 | +# |
| 33 | +# Environment Variables set here: |
| 34 | +# DEPLOY_ENVIRONMENT: environment that the code is being deployed to; used to add a label to the Docker image (values: dev | prod) |
| 35 | + |
| 36 | +env: |
| 37 | + APPLICATION_TYPE: ${{ inputs.application-type }} |
| 38 | + AZURE_WEBAPP_NAME: ${{ inputs.application-name }}-dev |
| 39 | + DEPLOY_DOCKER_TAG: ${{ github.sha }} |
| 40 | + DOCKER_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ github.repository }}-dev |
| 41 | + DEPLOY_ENVIRONMENT: dev |
| 42 | + |
| 43 | +jobs: |
| 44 | + verify-secrets: |
| 45 | + name: Secret Verification |
| 46 | + runs-on: ubuntu-latest |
| 47 | + steps: |
| 48 | + - name: Verify Secrets |
| 49 | + run: | |
| 50 | + missing=false |
| 51 | +
|
| 52 | + secret_value=$(echo '${{ secrets.AZURE_CREDENTIALS }}') |
| 53 | + single_line_value=$(echo -n "$secret_value" | tr -d '\n') |
| 54 | + len=${#single_line_value} |
| 55 | + if [[ ${len} -le 0 ]]; then |
| 56 | + echo "Secret AZURE_CREDENTIALS does not have a value" |
| 57 | + missing=true |
| 58 | + fi |
| 59 | + |
| 60 | + secret_value=$(echo '${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_DEV }}') |
| 61 | + single_line_value=$(echo -n "$secret_value" | tr -d '\n') |
| 62 | + len=${#single_line_value} |
| 63 | + if [[ ${len} -le 0 ]]; then |
| 64 | + echo "Secret AZURE_WEBAPP_PUBLISH_PROFILE_DEV does not have a value" |
| 65 | + missing=true |
| 66 | + fi |
| 67 | +
|
| 68 | + if [[ $missing == true ]]; then |
| 69 | + exit 1 |
| 70 | + fi |
| 71 | + echo "Required secrets all have values" |
| 72 | +
|
| 73 | + build-and-deploy: |
| 74 | + name: Build and Deploy |
| 75 | + needs: verify-secrets |
| 76 | + runs-on: ubuntu-latest |
| 77 | + steps: |
| 78 | + - name: Log beginning deploy |
| 79 | + run: echo "Deploying ${{ github.repository }} to ${{ env.AZURE_WEBAPP_NAME }}" |
| 80 | + |
| 81 | + - uses: actions/checkout@v4 |
| 82 | + |
| 83 | + - name: Log into ghcr registry |
| 84 | + |
| 85 | + with: |
| 86 | + registry: ghcr.io |
| 87 | + username: ${{ github.actor }} # user that kicked off the action |
| 88 | + password: ${{ secrets.GITHUB_TOKEN }} # token created when the action launched (short lived) |
| 89 | + |
| 90 | + - name: Build and push Docker image |
| 91 | + env: |
| 92 | + DOCKER_TAGS: | |
| 93 | + ${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }} |
| 94 | + |
| 95 | + with: |
| 96 | + context: . |
| 97 | + push: true |
| 98 | + file: Dockerfile |
| 99 | + tags: ${{ env.DOCKER_TAGS }} |
| 100 | + labels: | |
| 101 | + env=${{ env.DEPLOY_ENVIRONMENT }} |
| 102 | + type=${{ env.APPLICATION_TYPE }} |
| 103 | +
|
| 104 | + - name: Login for Azure cli commands |
| 105 | + |
| 106 | + with: |
| 107 | + creds: ${{ secrets.AZURE_CREDENTIALS }} |
| 108 | + |
| 109 | + # v3.0.1 passes when AZURE_WEBAPP_PUBLISH_PROFILE_DEV isn't set, but should fail. |
| 110 | + # Added secret check above to ensure it is set. |
| 111 | + - name: Deploy to Azure WebApp |
| 112 | + |
| 113 | + with: |
| 114 | + app-name: ${{ env.AZURE_WEBAPP_NAME }} |
| 115 | + publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_DEV }} |
| 116 | + images: '${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}' |
| 117 | + |
| 118 | + # set configs after deploy in case the deploy fails |
| 119 | + - name: Set DOCKER configs in Azure web app |
| 120 | + |
| 121 | + with: |
| 122 | + app-name: ${{ env.AZURE_WEBAPP_NAME }} |
| 123 | + app-settings-json: | |
| 124 | + [ |
| 125 | + { |
| 126 | + "name": "DOCKER_CUSTOM_IMAGE_NAME", |
| 127 | + "value": "${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}", |
| 128 | + "slotSetting": false |
| 129 | + }, |
| 130 | + { |
| 131 | + "name": "DOCKER_REGISTRY_SERVER_URL", |
| 132 | + "value": "https://ghcr.io", |
| 133 | + "slotSetting": false |
| 134 | + }, |
| 135 | + { |
| 136 | + "name": "BUILD_SHA", |
| 137 | + "value": "${{ github.sha }}", |
| 138 | + "slotSetting": false |
| 139 | + } |
| 140 | + ] |
0 commit comments