-
Notifications
You must be signed in to change notification settings - Fork 0
196 lines (170 loc) · 8.97 KB
/
deploy-aca-package.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
name: Trigger container apps deployment
# When this action will be executed
on:
# Automatically trigger it when detected changes in repo
push:
branches:
[ main ]
paths-ignore:
- 'README.md'
- '.github/workflows/**'
# Allow mannually trigger
workflow_dispatch:
env:
major-version: 'v1'
minor-version: '0'
location: 'southcentralus'
resource-group-name: 'brd-scus-test-rg'
log-analytics-workspace-name: 'brdscusworkspace00111'
aca-env-name: 'dev-env'
registry-name: 'brdscuscontainerreg000111'
registry-sku: 'Standard'
image-name: 'todo-blazorclient'
container-name: 'todo-blazorclient-aca'
api-container-name: 'todo-webapi-aca'
api-container-rg-name: 'brd-scus-test-rg'
jobs:
build-infra:
runs-on: ubuntu-latest
outputs:
acr-username: ${{ steps.encrypt-secrets.outputs.acr-username }}
acr-password: ${{ steps.encrypt-secrets.outputs.acr-password }}
steps:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Create Resource Group
uses: azure/CLI@v1
with:
inlineScript: |
az group create -l ${{ env.location }} -n ${{ env.resource-group-name}}
- name: Create Log Analytics Workspace
uses: azure/CLI@v1
with:
inlineScript: |
az monitor log-analytics workspace create --resource-group ${{ env.resource-group-name }} --workspace-name ${{ env.log-analytics-workspace-name }}
# Get the Client_ID and CLIENT_SECRET, run each separately and wait for it to complete
LOG_ANALYTICS_WORKSPACE_CLIENT_ID=$(az monitor log-analytics workspace show --query customerId -g ${{ env.resource-group-name }} -n ${{ env.log-analytics-workspace-name }} --out tsv)
LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$(az monitor log-analytics workspace get-shared-keys --query primarySharedKey -g ${{ env.resource-group-name }} -n ${{ env.log-analytics-workspace-name }} --out tsv)
echo "::add-mask::$LOG_ANALYTICS_WORKSPACE_CLIENT_ID"
echo "::add-mask::$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET"
echo LOG_ANALYTICS_WORKSPACE_CLIENT_ID=$LOG_ANALYTICS_WORKSPACE_CLIENT_ID >> $GITHUB_ENV
echo LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET >> $GITHUB_ENV
- name: Create Container Registry
uses: azure/CLI@v1
with:
inlineScript: |
az acr create -n ${{ env.registry-name }} -g ${{ env.resource-group-name }} --sku ${{ env.registry-sku }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -n ${{ env.registry-name }} --query username --out tsv)
ACR_PASSWORD=$(az acr credential show -n ${{ env.registry-name }} --query passwords[0].value --out tsv)
echo "::add-mask::$ACR_PASSWORD"
echo ACR_USERNAME=$ACR_USERNAME >> $GITHUB_ENV
echo ACR_PASSWORD=$ACR_PASSWORD >> $GITHUB_ENV
- name: Create Container App Environment
uses: azure/CLI@v1
with:
inlineScript: |
#Allow az cli to get extensions without prompts and containerapp needs an extension
az config set extension.use_dynamic_install=yes_without_prompt
az containerapp env create --name ${{ env.aca-env-name }} \
--resource-group ${{ env.resource-group-name }} \
--location ${{ env.location }} \
--logs-workspace-id $LOG_ANALYTICS_WORKSPACE_CLIENT_ID \
--logs-workspace-key $LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET
- name: Encrypt secrets
id: encrypt-secrets
run: |
ACR_PASSWORD_ENCRYPTED=$(gpg --symmetric --batch --passphrase ${{ secrets.GPG_SECRET_SIGNING_PASSPHRASE }} --output - <(echo $ACR_PASSWORD) | base64 -w0)
echo "acr-username=$ACR_USERNAME" >> $GITHUB_OUTPUT
echo "acr-password=$ACR_PASSWORD_ENCRYPTED" >> $GITHUB_OUTPUT
build:
runs-on: ubuntu-latest
needs: build-infra
steps:
- name: Decrypt Secrets
id: decrypt-secrets
run: |
ACR_PASSWORD_DECRYPTED=$(gpg --decrypt --quiet --batch --passphrase ${{ secrets.GPG_SECRET_SIGNING_PASSPHRASE }} --output - <(echo ${{ needs.build-infra.outputs.acr-password }} | base64 --decode))
echo "::add-mask::$ACR_PASSWORD_DECRYPTED"
echo "value $ACR_PASSWORD_DECRYPTED"
echo ACR_PASSWORD_DECRYPTED=$ACR_PASSWORD_DECRYPTED >> $GITHUB_ENV
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Get Client Container url
uses: azure/CLI@v1
with:
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
API_CONTAINER_URL=$(az containerapp show -n ${{ env.api-container-name }} -g ${{ env.api-container-rg-name }} --query properties.configuration.ingress.fqdn --out tsv)
echo API_CONTAINER_URL=$API_CONTAINER_URL >> $GITHUB_ENV
- name: Checkout to the branch
uses: actions/checkout@v2
- name: Replace AppSettings variables
uses: microsoft/variable-substitution@v1
with:
files: 'wwwroot/appsettings.json'
env:
message: This is from dev
TodoApiBaseUrl: https://${{ env.API_CONTAINER_URL }}/
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Log in to container registry
uses: docker/login-action@v1
with:
registry: ${{ env.registry-name }}.azurecr.io
username: ${{ needs.build-infra.outputs.acr-username }}
password: ${{ env.ACR_PASSWORD_DECRYPTED }}
- name: Build and push container image to registry
uses: docker/build-push-action@v2
with:
push: true
tags: ${{ env.registry-name }}.azurecr.io/${{ env.image-name }}:${{ env.major-version }}.${{ env.minor-version }}.${{ github.run_number }}
file: ./Dockerfile
context: ./
deploy:
runs-on: ubuntu-latest
needs: [build, build-infra]
steps:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Get Container Registry Credentials
uses: azure/CLI@v1
with:
inlineScript: |
ACR_USERNAME=$(az acr credential show -n ${{ env.registry-name }} --query username --out tsv)
ACR_PASSWORD=$(az acr credential show -n ${{ env.registry-name }} --query passwords[0].value --out tsv)
echo "::add-mask::$ACR_PASSWORD"
echo ACR_USERNAME=$ACR_USERNAME >> $GITHUB_ENV
echo ACR_PASSWORD=$ACR_PASSWORD >> $GITHUB_ENV
- name: Deploy to containerapp
uses: azure/CLI@v1
with:
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
az containerapp create -n ${{ env.container-name }} -g ${{ env.resource-group-name }} \
--image ${{ env.registry-name }}.azurecr.io/${{ env.image-name }}:${{ env.major-version }}.${{ env.minor-version }}.${{ github.run_number }} \
--environment ${{ env.aca-env-name }} --registry-server ${{ env.registry-name }}.azurecr.io \
--registry-username ${{ env.ACR_USERNAME }} \
--registry-password ${{ env.ACR_PASSWORD }} \
--ingress external --target-port 80 \
--env-vars message='test is a test again' value=foobar \
--revisions-mode multiple --revision-suffix ${{ env.major-version }}${{ env.minor-version }}${{ github.run_number }}
PREV_REVISION=$(az containerapp revision list -n ${{ env.container-name }} -g ${{ env.resource-group-name }} --query "sort_by(@, &properties.createdTime)[].name | reverse(@) | [1]" -o tsv)
az containerapp ingress traffic set -n ${{ env.container-name }} -g ${{ env.resource-group-name }} --revision-weight latest=50 $PREV_REVISION=50
- name: Check site before traffic split
uses: azure/CLI@v1
with:
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
az containerapp show -n ${{ env.container-name }} -g ${{ env.resource-group-name }} --query properties.configuration.ingress.fqdn --out tsv
#list oldest active revision
#az containerapp revision list -n todo-blazorclient-aca -g red-scus-test-rg --query "sort_by(@, &properties.createdTime)[0].name" -o tsv
#list all revisions sorted by recent
#az containerapp revision list -n todo-blazorclient-aca -g red-scus-test-rg --query "sort_by(@, &properties.createdTime)[].name | reverse(@)" -o tsv
#deactivate revision
#az containerapp revision deactivate -g red-scus-test-rg --revision todo-blazorclient-aca--v102