Skip to content

Commit a94409a

Browse files
Karacs PéterKaracs Péter
Karacs Péter
authored and
Karacs Péter
committed
deploy infra
1 parent 77310fc commit a94409a

1 file changed

Lines changed: 70 additions & 30 deletions

File tree

‎.github/workflows/deploy.yml‎

Lines changed: 70 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,20 @@
1-
### Complete GitHub Actions Workflow
2-
3-
name: Build and Deploy Bicep Template
1+
name: Build and Deploy Infrastructure and Application
42

53
on:
64
push:
75
branches:
86
- main
7+
workflow_dispatch:
8+
9+
env:
10+
REGISTRY_NAME: PeterAppRegistry
11+
IMAGE_BASE_NAME: python-flask-app
12+
REGISTRY_LOGIN_SERVER: PeterAppRegistry.azurecr.io
13+
APP_SERVICE_NAME: peterAppService
14+
KEY_VAULT_NAME: PeterAppRegistry-kv
915

1016
jobs:
11-
build:
17+
build-bicep:
1218
runs-on: ubuntu-latest
1319

1420
steps:
@@ -26,37 +32,14 @@ jobs:
2632
with:
2733
creds: ${{ secrets.AZURE_CREDENTIALS }}
2834

29-
- name: Create Key Vault
30-
run: |
31-
az keyvault create --name myKeyVault --resource-group myResourceGroup --location northeurope
32-
3335
- name: Build Bicep Template
3436
run: |
3537
# Validate the Bicep template
3638
az bicep build --file main.bicep
3739
38-
- name: Get ACR credentials
39-
id: get-acr-credentials
40-
run: |
41-
ACR_NAME="PeterAppRegistry" # Replace with your ACR name
42-
ACR_CREDENTIALS=$(az acr credential show --name $ACR_NAME --query "{username: username, password: passwords[0].value}" -o json)
43-
echo "REGISTRY_USERNAME=$(echo $ACR_CREDENTIALS | jq -r .username)" >> $GITHUB_ENV
44-
echo "REGISTRY_PASSWORD=$(echo $ACR_CREDENTIALS | jq -r .password)" >> $GITHUB_ENV
45-
46-
- name: Retrieve secrets from Key Vault
47-
id: get-secrets
48-
run: |
49-
SECRET_USERNAME=$(az keyvault secret show --name acr-username --vault-name myKeyVault --query value -o tsv)
50-
SECRET_PASSWORD1=$(az keyvault secret show --name acr-password1 --vault-name myKeyVault --query value -o tsv)
51-
SECRET_PASSWORD2=$(az keyvault secret show --name acr-password2 --vault-name myKeyVault --query value -o tsv)
52-
echo "REGISTRY_USERNAME=$SECRET_USERNAME" >> $GITHUB_ENV
53-
echo "REGISTRY_PASSWORD1=$SECRET_PASSWORD1" >> $GITHUB_ENV
54-
echo "REGISTRY_PASSWORD2=$SECRET_PASSWORD2" >> $GITHUB_ENV
55-
56-
deploy:
40+
deploy-infrastructure:
5741
runs-on: ubuntu-latest
58-
needs: build # Ensure this job runs after the build job
59-
42+
needs: build-bicep
6043
steps:
6144
- name: Checkout code
6245
uses: actions/checkout@v2
@@ -74,4 +57,61 @@ jobs:
7457

7558
- name: Deploy Bicep Template
7659
run: |
77-
az deployment group create --resource-group myResourceGroup --template-file main.bicep --parameters acrAdminUserEnabled=true containerRegistryImageName=PeterAppRegistry containerRegistryImageVersion=latest adminCredentialsKeyVaultSecretUserName=$REGISTRY_USERNAME adminCredentialsKeyVaultSecretUserPassword1=$REGISTRY_PASSWORD1 adminCredentialsKeyVaultSecretUserPassword2=$REGISTRY_PASSWORD2
60+
az deployment group create \
61+
--resource-group BCSAI2024-DEVOPS-STUDENTS-A-DEV \
62+
--template-file main.bicep \
63+
--parameters main.parameters.json
64+
65+
build-and-push-container:
66+
needs: deploy-infrastructure
67+
runs-on: ubuntu-latest
68+
steps:
69+
- name: Checkout code
70+
uses: actions/checkout@main
71+
72+
- name: Azure login
73+
uses: azure/login@v1
74+
with:
75+
creds: ${{ secrets.AZURE_CREDENTIALS }}
76+
77+
- name: Get ACR credentials from Key Vault
78+
run: |
79+
ACR_USERNAME=$(az keyvault secret show --name "acr-admin-username" --vault-name ${{ env.KEY_VAULT_NAME }} --query "value" -o tsv)
80+
ACR_PASSWORD=$(az keyvault secret show --name "acr-admin-password1" --vault-name ${{ env.KEY_VAULT_NAME }} --query "value" -o tsv)
81+
echo "::add-mask::$ACR_PASSWORD"
82+
echo "ACR_USERNAME=$ACR_USERNAME" >> $GITHUB_ENV
83+
echo "ACR_PASSWORD=$ACR_PASSWORD" >> $GITHUB_ENV
84+
85+
- name: Login to Azure Container Registry
86+
uses: azure/docker-login@v1
87+
with:
88+
login-server: ${{ env.REGISTRY_LOGIN_SERVER }}
89+
username: ${{ env.ACR_USERNAME }}
90+
password: ${{ env.ACR_PASSWORD }}
91+
92+
- name: Set image version
93+
id: image-version
94+
run: echo "::set-output name=version::$(echo ${GITHUB_REF#refs/heads/})-$(date +'%Y.%m.%d.%H.%M')"
95+
96+
- name: Build and push image
97+
working-directory: .
98+
run: |
99+
docker build . -t ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_BASE_NAME }}:${{ steps.image-version.outputs.version }}
100+
docker build . -t ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_BASE_NAME }}:${{ github.ref_name }}-latest
101+
docker push ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_BASE_NAME }}:${{ steps.image-version.outputs.version }}
102+
docker push ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_BASE_NAME }}:${{ github.ref_name }}-latest
103+
104+
deploy-container:
105+
needs: build-and-push-container
106+
runs-on: ubuntu-latest
107+
steps:
108+
- name: Azure login
109+
uses: azure/login@v1
110+
with:
111+
creds: ${{ secrets.AZURE_CREDENTIALS }}
112+
113+
- name: Deploy to Azure Web App
114+
uses: azure/webapps-deploy@v3
115+
with:
116+
app-name: ${{ env.APP_SERVICE_NAME }}
117+
images: ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_BASE_NAME }}:${{ github.ref_name }}-latest

0 commit comments

Comments
 (0)