Trigger container apps deployment #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trigger container apps deployment | |
| # When this action will be executed | |
| on: | |
| # Automatically trigger it when detected changes in repo | |
| push: | |
| branches: | |
| [ main ] | |
| paths-ignore: | |
| - 'README.md' | |
| - '.github/workflows/**' | |
| # Allow mannually trigger | |
| workflow_dispatch: | |
| env: | |
| major-version: 'v1' | |
| minor-version: '0' | |
| location: 'southcentralus' | |
| resource-group-name: 'brd-scus-test-rg' | |
| log-analytics-workspace-name: 'brdscusworkspace00111' | |
| aca-env-name: 'dev-env' | |
| registry-name: 'brdscuscontainerreg000111' | |
| registry-sku: 'Standard' | |
| image-name: 'todo-blazorclient' | |
| container-name: 'todo-blazorclient-aca' | |
| api-container-name: 'todo-webapi-aca' | |
| api-container-rg-name: 'brd-scus-test-rg' | |
| jobs: | |
| build-infra: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| acr-username: ${{ steps.encrypt-secrets.outputs.acr-username }} | |
| acr-password: ${{ steps.encrypt-secrets.outputs.acr-password }} | |
| steps: | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Create Resource Group | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az group create -l ${{ env.location }} -n ${{ env.resource-group-name}} | |
| - name: Create Log Analytics Workspace | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az monitor log-analytics workspace create --resource-group ${{ env.resource-group-name }} --workspace-name ${{ env.log-analytics-workspace-name }} | |
| # Get the Client_ID and CLIENT_SECRET, run each separately and wait for it to complete | |
| LOG_ANALYTICS_WORKSPACE_CLIENT_ID=$(az monitor log-analytics workspace show --query customerId -g ${{ env.resource-group-name }} -n ${{ env.log-analytics-workspace-name }} --out tsv) | |
| LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$(az monitor log-analytics workspace get-shared-keys --query primarySharedKey -g ${{ env.resource-group-name }} -n ${{ env.log-analytics-workspace-name }} --out tsv) | |
| echo "::add-mask::$LOG_ANALYTICS_WORKSPACE_CLIENT_ID" | |
| echo "::add-mask::$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET" | |
| echo LOG_ANALYTICS_WORKSPACE_CLIENT_ID=$LOG_ANALYTICS_WORKSPACE_CLIENT_ID >> $GITHUB_ENV | |
| echo LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET >> $GITHUB_ENV | |
| - name: Create Container Registry | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az acr create -n ${{ env.registry-name }} -g ${{ env.resource-group-name }} --sku ${{ env.registry-sku }} --admin-enabled true | |
| ACR_USERNAME=$(az acr credential show -n ${{ env.registry-name }} --query username --out tsv) | |
| ACR_PASSWORD=$(az acr credential show -n ${{ env.registry-name }} --query passwords[0].value --out tsv) | |
| echo "::add-mask::$ACR_PASSWORD" | |
| echo ACR_USERNAME=$ACR_USERNAME >> $GITHUB_ENV | |
| echo ACR_PASSWORD=$ACR_PASSWORD >> $GITHUB_ENV | |
| - name: Create Container App Environment | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| #Allow az cli to get extensions without prompts and containerapp needs an extension | |
| az config set extension.use_dynamic_install=yes_without_prompt | |
| az containerapp env create --name ${{ env.aca-env-name }} \ | |
| --resource-group ${{ env.resource-group-name }} \ | |
| --location ${{ env.location }} \ | |
| --logs-workspace-id $LOG_ANALYTICS_WORKSPACE_CLIENT_ID \ | |
| --logs-workspace-key $LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET | |
| - name: Encrypt secrets | |
| id: encrypt-secrets | |
| run: | | |
| ACR_PASSWORD_ENCRYPTED=$(gpg --symmetric --batch --passphrase ${{ secrets.GPG_SECRET_SIGNING_PASSPHRASE }} --output - <(echo $ACR_PASSWORD) | base64 -w0) | |
| echo "acr-username=$ACR_USERNAME" >> $GITHUB_OUTPUT | |
| echo "acr-password=$ACR_PASSWORD_ENCRYPTED" >> $GITHUB_OUTPUT | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: build-infra | |
| steps: | |
| - name: Decrypt Secrets | |
| id: decrypt-secrets | |
| run: | | |
| ACR_PASSWORD_DECRYPTED=$(gpg --decrypt --quiet --batch --passphrase ${{ secrets.GPG_SECRET_SIGNING_PASSPHRASE }} --output - <(echo ${{ needs.build-infra.outputs.acr-password }} | base64 --decode)) | |
| echo "::add-mask::$ACR_PASSWORD_DECRYPTED" | |
| echo "value $ACR_PASSWORD_DECRYPTED" | |
| echo ACR_PASSWORD_DECRYPTED=$ACR_PASSWORD_DECRYPTED >> $GITHUB_ENV | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Get Client Container url | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az config set extension.use_dynamic_install=yes_without_prompt | |
| API_CONTAINER_URL=$(az containerapp show -n ${{ env.api-container-name }} -g ${{ env.api-container-rg-name }} --query properties.configuration.ingress.fqdn --out tsv) | |
| echo API_CONTAINER_URL=$API_CONTAINER_URL >> $GITHUB_ENV | |
| - name: Checkout to the branch | |
| uses: actions/checkout@v2 | |
| - name: Replace AppSettings variables | |
| uses: microsoft/variable-substitution@v1 | |
| with: | |
| files: 'wwwroot/appsettings.json' | |
| env: | |
| message: This is from dev | |
| TodoApiBaseUrl: https://${{ env.API_CONTAINER_URL }}/ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Log in to container registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.registry-name }}.azurecr.io | |
| username: ${{ needs.build-infra.outputs.acr-username }} | |
| password: ${{ env.ACR_PASSWORD_DECRYPTED }} | |
| - name: Build and push container image to registry | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| tags: ${{ env.registry-name }}.azurecr.io/${{ env.image-name }}:${{ env.major-version }}.${{ env.minor-version }}.${{ github.run_number }} | |
| file: ./Dockerfile | |
| context: ./ | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: [build, build-infra] | |
| steps: | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Get Container Registry Credentials | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| ACR_USERNAME=$(az acr credential show -n ${{ env.registry-name }} --query username --out tsv) | |
| ACR_PASSWORD=$(az acr credential show -n ${{ env.registry-name }} --query passwords[0].value --out tsv) | |
| echo "::add-mask::$ACR_PASSWORD" | |
| echo ACR_USERNAME=$ACR_USERNAME >> $GITHUB_ENV | |
| echo ACR_PASSWORD=$ACR_PASSWORD >> $GITHUB_ENV | |
| - name: Deploy to containerapp | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az config set extension.use_dynamic_install=yes_without_prompt | |
| az containerapp create -n ${{ env.container-name }} -g ${{ env.resource-group-name }} \ | |
| --image ${{ env.registry-name }}.azurecr.io/${{ env.image-name }}:${{ env.major-version }}.${{ env.minor-version }}.${{ github.run_number }} \ | |
| --environment ${{ env.aca-env-name }} --registry-server ${{ env.registry-name }}.azurecr.io \ | |
| --registry-username ${{ env.ACR_USERNAME }} \ | |
| --registry-password ${{ env.ACR_PASSWORD }} \ | |
| --ingress external --target-port 80 \ | |
| --env-vars message='test is a test again' value=foobar \ | |
| --revisions-mode multiple --revision-suffix ${{ env.major-version }}${{ env.minor-version }}${{ github.run_number }} | |
| PREV_REVISION=$(az containerapp revision list -n ${{ env.container-name }} -g ${{ env.resource-group-name }} --query "sort_by(@, &properties.createdTime)[].name | reverse(@) | [1]" -o tsv) | |
| az containerapp ingress traffic set -n ${{ env.container-name }} -g ${{ env.resource-group-name }} --revision-weight latest=50 $PREV_REVISION=50 | |
| - name: Check site before traffic split | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az config set extension.use_dynamic_install=yes_without_prompt | |
| az containerapp show -n ${{ env.container-name }} -g ${{ env.resource-group-name }} --query properties.configuration.ingress.fqdn --out tsv | |
| #list oldest active revision | |
| #az containerapp revision list -n todo-blazorclient-aca -g red-scus-test-rg --query "sort_by(@, &properties.createdTime)[0].name" -o tsv | |
| #list all revisions sorted by recent | |
| #az containerapp revision list -n todo-blazorclient-aca -g red-scus-test-rg --query "sort_by(@, &properties.createdTime)[].name | reverse(@)" -o tsv | |
| #deactivate revision | |
| #az containerapp revision deactivate -g red-scus-test-rg --revision todo-blazorclient-aca--v102 |