-
Notifications
You must be signed in to change notification settings - Fork 1
132 lines (105 loc) · 5.54 KB
/
deploy-app-svc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Deploy Customers, Vets & Visits ACA Apps
env:
APP_NAME: petcliaca
LOCATION: francecentral # westeurope
RG_KV: rg-iac-kv29 # RG where to deploy KV
RG_APP: rg-iac-aca-petclinic-mic-srv # RG where to deploy the other Azure services: ACA, ACA Env., MySQL, etc.
ACA_ENV_NAME: aca-env-pub # ACA Environment name. Ex 'aca-env-pub' or 'aca-env-corp' when deployed to your VNet
DEPLOY_TO_VNET: false
KV_NAME: kv-petcliaca29 # The name of the KV, must be UNIQUE. A vault name must be between 3-24 alphanumeric characters
SET_KV_ACCESS_POLICIES: false # let it to false
SPRING_CLOUD_AZURE_KEY_VAULT_ENDPOINT: https://kv-petcliaca29.vault.azure.net
AZURE_CONTAINER_REGISTRY: acrpetcliaca # The name of the ACR, must be UNIQUE. The name must contain only alphanumeric characters, be globally unique, and between 5 and 50 characters in length.
REGISTRY_URL: acrpetcliaca.azurecr.io # set this to the URL of your registry
REPOSITORY: petclinic # set this to your ACR repository
# ==== APPS ====
API_GATEWAY: api-gateway
ADMIN_SERVER: admin-server
CUSTOMERS_SERVICE: customers-service
VETS_SERVICE: vets-service
VISITS_SERVICE: visits-service
CONFIG_SERVER: config-server
DISCOVERY_SERVER: discovery-server
# ==== Secrets ====
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
SPRING_CLOUD_AZURE_TENANT_ID: ${{ secrets.SPRING_CLOUD_AZURE_TENANT_ID }}
# ==== Versions ====
DEPLOYMENT_VERSION: 2.6.13
AZ_CLI_VERSION: 2.45.0
JAVA_VERSION: 11
on:
workflow_call:
inputs: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs
tag_id:
description: the Image Tag ID
required: true
type: string
workflow_dispatch:
inputs: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
tag_id:
description: the Image Tag ID
required: true
type: string
# required for https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux#set-up-azure-login-with-openid-connect-authentication
permissions:
id-token: write
contents: read
jobs:
deploy-services:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Azure Login
uses: azure/login@v1 # https://github.com/marketplace/actions/azure-login
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# https://github.com/marketplace/actions/azure-container-apps-build-and-deploy
- name: Deploy Customers, Vets & Visits services to ACA
# with: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswith
run: |
echo "About to deploy the Customers, Vets & Visits services ..."
tag_id=${{ inputs.tag_id }}
echo "Image Build tag ID:"$tag_id
imageNameCustomersService="${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CUSTOMERS_SERVICE }}:$tag_id"
imageNameVetsService="${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VETS_SERVICE }}:$tag_id"
imageNameVisitsService="${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VISITS_SERVICE }}:$tag_id"
echo "imageNameCustomersService= " $imageNameCustomersService
echo "imageNameVetsService= " $imageNameVetsService
echo "imageNameVisitsService= " $imageNameVisitsService
az deployment group create --name aca-petclinic-svc -f iac/bicep/modules/aca/apps/aca-svc.bicep -g ${{ env.RG_APP }} \
-p appName=${{ env.APP_NAME }} \
-p location=${{ env.LOCATION }} \
-p acrName=${{ env.AZURE_CONTAINER_REGISTRY }} \
-p azureContainerAppEnvName=${{ env.ACA_ENV_NAME }} \
-p kvName=${{ env.KV_NAME }} \
-p kvRGName=${{ env.RG_KV }} \
-p imageNameCustomersService=$imageNameCustomersService \
-p imageNameVetsService=$imageNameVetsService \
-p imageNameVisitsService=$imageNameVisitsService \
-p springCloudAzureKeyVaultEndpoint=${{ env.SPRING_CLOUD_AZURE_KEY_VAULT_ENDPOINT }} \
-p springCloudAzureTenantId=${{ env.SPRING_CLOUD_AZURE_TENANT_ID }}
shell: bash
- name: Configure Diagnostic-Settings
run: |
echo "ACA does not yet support diagnostic settings, see https://github.com/microsoft/azure-container-apps/issues/382"
# az deployment group create --name aca-petclinic-apps -f iac/bicep/modules/aca/diagnostic-settings.bicep -g ${{ env.RG_APP }} \
shell: bash
- name: Configure GitHub-Action-Settings
run: |
echo "To be tested ..."
# az deployment group create --name aca-petclinic-apps -f iac/bicep/modules/aca/gha-settings.bicep -g ${{ env.RG_APP }} \
shell: bash
# security hardening for self-hosted agents: https://github.com/marketplace/actions/azure-login
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners
# if the runner is self-hosted which is not github provided it is recommended to manually logout at the end of the workflow as shown below.
- name: Azure Logout security hardening
run: |
az logout
az cache purge
az account clear
shell: bash