-
Notifications
You must be signed in to change notification settings - Fork 6
101 lines (89 loc) · 4.81 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Release
env:
# deploymentNameBuild: ${{ github.event.inputs.deploymentNameBuild }}
# location: ${{ github.event.inputs.location }}
resourceGroup: '${{ secrets.PREFIX }}-rg'
releaseBicepPath: './deploy/release/${{ secrets.WORKFLOW_NAME }}-deploy-api.bicep'
logicAppName: '${{ secrets.PREFIX }}-la'
appInsightsName: '${{ secrets.PREFIX }}-ai'
workflowPath: './${{ secrets.WORKFLOW_NAME }}'
apimNameValueSig: '${{ secrets.WORKFLOW_NAME }}-sig'
frontDoorIdNamedValue: '${{ secrets.PREFIX }}-fd-id'
on:
# Only trigger, when the build workflow succeeded
workflow_run:
workflows: ["Build"]
types:
- completed
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# inputs:
# deploymentNameBuild:
# description: 'Deployment Name Build'
# required: true
# location:
# description: 'Location for deployment'
# required: true
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# LOGIN TO AZURE. THE LOGGED IN SESSION IS ACTIVE TILL A LOGOUT ACTION IS CALLED (OR THE JOB FINISHED)
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: true
# SET CORRECT AZURE CONTEXT
- name: 'Set context to subscription'
uses: azure/powershell@v1
with:
inlineScript: |
Set-AzContext -Subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
azPSVersion: "latest"
# GET APIM INSTANCE NAME
- name: 'Retrieve API Management Instance Name'
uses: azure/powershell@v1
with:
inlineScript: |
$apimName = az apim list --resource-group '${{ env.resourceGroup }}' --subscription '${{ secrets.AZURE_SUBSCRIPTION_ID }}' --query '[].{Name:name}' -o tsv
echo "APIM_NAME=$apimName" >> $Env:GITHUB_ENV
azPSVersion: "latest"
# GET STORAGE ACCOUNT NAME AND KEY
- name: 'Retrieve Storage Account Name & Key Name'
uses: azure/powershell@v1
with:
inlineScript: |
$storageAccountName = az storage account list -g '${{ env.resourceGroup }}' --subscription '${{ secrets.AZURE_SUBSCRIPTION_ID }}' --query '[].{Name:name}' -o tsv
$storageKey = az storage account keys list -g '${{ env.resourceGroup }}' -n $storageAccountName --query '[0].{Name:value}' -o tsv
echo "SA_NAME=$storageAccountName" >> $Env:GITHUB_ENV
echo "SA_KEY=$storageKey" >> $Env:GITHUB_ENV
azPSVersion: "latest"
# DEPLOY WORKFLOW TO LOGIC APP
- name: 'Deploy Workflow to Logic App'
uses: azure/powershell@v1
with:
inlineScript: |
az storage file upload --account-name '${{ env.SA_NAME }}' --account-key '${{ env.SA_KEY }}'--share-name '${{ env.logicAppName }}' --path 'site/wwwroot/host.json' --source './host.json'
az storage directory create --account-name '${{ env.SA_NAME }}' --account-key '${{ env.SA_KEY }}' --name 'site/wwwroot/${{ secrets.WORKFLOW_NAME }}' --share-name '${{ env.logicAppName }}'
az storage file upload --account-name '${{ env.SA_NAME }}' --account-key '${{ env.SA_KEY }}' --share-name '${{ env.logicAppName }}' --path 'site/wwwroot/${{ secrets.WORKFLOW_NAME }}/workflow.json' --source './${{ secrets.WORKFLOW_NAME }}/workflow.json'
azPSVersion: "latest"
# RETRIEVE SAS KEY LOGIC APP WORKFLOW AND STORE IT IN APIM NAMED VALUE
- name: 'Retrieve SAS Key and store in API Management as Named Value'
uses: azure/powershell@v1
with:
inlineScript: |
.\deploy\release\get-saskey-from-logic-app.ps1 -subscriptionId '${{ secrets.AZURE_SUBSCRIPTION_ID }}' -resourceGroup '${{ env.resourceGroup }}' -logicAppName '${{ env.logicAppName }}' -workflowName '${{ secrets.WORKFLOW_NAME }}' -apimName '${{ env.APIM_NAME }}' -apimNamedValueSig '${{ env.apimNameValueSig }}'
azPSVersion: "latest"
# DEPLOY API TO API MANAGEMENT
- name: 'Deploy API definition to API Management'
uses: azure/powershell@v1
with:
inlineScript: |
New-AzResourceGroupDeployment -Name '${{ secrets.DEPLOYMENT_NAME_RELEASE }}' -ResourceGroupName '${{ env.resourceGroup }}' -apimName '${{ env.APIM_NAME }}' -appInsightsName '${{ env.appInsightsName }}' -logicAppName '${{ env.logicAppName }}' -workflowName '${{ secrets.WORKFLOW_NAME }}' -workflowSigNamedValue '${{ env.apimNameValueSig }}' -frontDoorIdNamedValue '${{ env.frontDoorIdNamedValue }}' -apiName '${{ secrets.API_NAME }}' -apiPath '${{ secrets.API_PATH }}' -TemplateFile '${{ env.releaseBicepPath }}'
azPSVersion: "latest"
# LOGOUT
- name: logout
run: |
az logout