-
Notifications
You must be signed in to change notification settings - Fork 1
121 lines (95 loc) · 4.74 KB
/
deploy-app-cfg-srv.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Deploy Config-Server ACA App
env:
APP_NAME: petcliaca
LOCATION: francecentral # westeurope
RG_KV: rg-iac-kv29 # RG where to deploy KV
RG_APP: rg-iac-aca-petclinic-mic-srv # RG where to deploy the other Azure services: ACA, ACA Env., MySQL, etc.
ACA_ENV_NAME: aca-env-pub # ACA Environment name. Ex 'aca-env-pub' or 'aca-env-corp' when deployed to your VNet
DEPLOY_TO_VNET: false
KV_NAME: kv-petcliaca29 # The name of the KV, must be UNIQUE. A vault name must be between 3-24 alphanumeric characters
SET_KV_ACCESS_POLICIES: false # let it to false
SPRING_CLOUD_AZURE_KEY_VAULT_ENDPOINT: https://kv-petcliaca29.vault.azure.net
AZURE_CONTAINER_REGISTRY: acrpetcliaca # The name of the ACR, must be UNIQUE. The name must contain only alphanumeric characters, be globally unique, and between 5 and 50 characters in length.
REGISTRY_URL: acrpetcliaca.azurecr.io # set this to the URL of your registry
REPOSITORY: petclinic # set this to your ACR repository
# ==== APPS ====
API_GATEWAY: api-gateway
ADMIN_SERVER: admin-server
CUSTOMERS_SERVICE: customers-service
VETS_SERVICE: vets-service
VISITS_SERVICE: visits-service
CONFIG_SERVER: config-server
DISCOVERY_SERVER: discovery-server
# ==== Secrets ====
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
SPRING_CLOUD_AZURE_TENANT_ID: ${{ secrets.SPRING_CLOUD_AZURE_TENANT_ID }}
# ==== Versions ====
DEPLOYMENT_VERSION: 2.6.13
AZ_CLI_VERSION: 2.45.0
JAVA_VERSION: 11
on:
workflow_call:
inputs: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs
tag_id:
description: the Image Tag ID
required: true
type: string
workflow_dispatch:
inputs: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
tag_id:
description: the Image Tag ID
required: true
type: string
# required for https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux#set-up-azure-login-with-openid-connect-authentication
permissions:
id-token: write
contents: read
jobs:
deploy-config-server:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Azure Login
uses: azure/login@v1.4.6 # https://github.com/marketplace/actions/azure-login
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# https://github.com/marketplace/actions/azure-container-apps-build-and-deploy
- name: Deploy Config-Server to ACA
# with: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswith
run: |
echo "About to deploy Config-Server ..."
tag_id=${{ inputs.tag_id }}
echo "Image Build tag ID:"$tag_id
imageNameConfigServer="${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CONFIG_SERVER }}:$tag_id"
echo "imageNameConfigServer= " $imageNameConfigServer
az deployment group create --name aca-petclinic-cfg-srv -f iac/bicep/modules/aca/apps/aca-cfg.bicep -g ${{ env.RG_APP }} \
-p appName=${{ env.APP_NAME }} \
-p location=${{ env.LOCATION }} \
-p acrName=${{ env.AZURE_CONTAINER_REGISTRY }} \
-p azureContainerAppEnvName=${{ env.ACA_ENV_NAME }} \
-p imageNameConfigServer=$imageNameConfigServer
shell: bash
- name: Configure Diagnostic-Settings
run: |
echo "ACA does not yet support diagnostic settings, see https://github.com/microsoft/azure-container-apps/issues/382"
# az deployment group create --name aca-petclinic-apps -f iac/bicep/modules/aca/diagnostic-settings.bicep -g ${{ env.RG_APP }}
shell: bash
- name: Configure GitHub-Action-Settings
run: |
echo "To be tested ..."
# az deployment group create --name aca-petclinic-apps -f iac/bicep/modules/aca/gha-settings.bicep -g ${{ env.RG_APP }} \
shell: bash
# security hardening for self-hosted agents: https://github.com/marketplace/actions/azure-login
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners
# if the runner is self-hosted which is not github provided it is recommended to manually logout at the end of the workflow as shown below.
- name: Azure Logout security hardening
run: |
az logout
az cache purge
az account clear
shell: bash