-
Notifications
You must be signed in to change notification settings - Fork 0
142 lines (119 loc) · 5.34 KB
/
azure-container-webapp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# This workflow will build and push a Docker container to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-custom-container?tabs=dotnet&pivots=container-linux
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Create a GitHub Personal access token with "repo" and "read:packages" permissions.
#
# 4. Create three app settings on your Azure Web app:
# DOCKER_REGISTRY_SERVER_URL: Set this to "https://ghcr.io"
# DOCKER_REGISTRY_SERVER_USERNAME: Set this to the GitHub username or organization that owns the repository
# DOCKER_REGISTRY_SERVER_PASSWORD: Set this to the value of your PAT token from the previous step
#
# 5. Change the value for the AZURE_WEBAPP_NAME.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
name: Build and deploy a container to an Azure Web App
env:
AZURE_WEBAPP_NAME: KickeventBackend
JWT_SECRET: ${{ secrets.JWT_SECRET }}
KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }}
MYSQL_PASSWORD: ${{ secrets.MYSQL_PASSWORD }}
MYSQL_USER: ${{ secrets.MYSQL_USER }}
on:
push:
branches: [ "master" ]
workflow_dispatch:
permissions:
contents: read
packages: write
id-token: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Log in to GitHub container registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Lowercase the repo name and username
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- name: Curl Runner Ip
run: echo "agentIP=$(curl -s https://api.ipify.org/)" >>${GITHUB_ENV}
- name: Azure Login
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
enable-AzPSSession: true
- name: Whitelist Github Runner IP
uses: azure/CLI@v1
with:
inlineScript: |
az account set --subscription "Azure for Students"
az sql server firewall-rule create \
--resource-group "${{ secrets.AZURE_RESSOURCE_GROUP }}" \
--name "${{ secrets.AZURE_RULE_NAME }}" \
--server "${{ secrets.AZURE_SERVER_NAME }}" \
--start-ip-address ${{ env.agentIP }} \
--end-ip-address ${{ env.agentIP }}
- name: Build and push container image to registry
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
env:
JWT_SECRET: ${{ secrets.JWT_SECRET }}
KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }}
MYSQL_PASSWORD: ${{ secrets.MYSQL_PASSWORD }}
MYSQL_USER: ${{ secrets.MYSQL_USER }}
with:
push: true
tags: ghcr.io/${{ env.REPO }}:${{ github.sha }}
file: ./Dockerfile
secrets: |
JWT_SECRET=${{ secrets.JWT_SECRET }}
KEYSTORE_PASS=${{ secrets.KEYSTORE_PASS }}
MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }}
MYSQL_USER=${{ secrets.MYSQL_USER }}
- name: Remove GitHub Runner IP from Whitelist
if: always()
uses: azure/CLI@v1
with:
inlineScript: |
az account set --subscription "Azure for Students"
az sql server firewall-rule delete \
--resource-group "${{ secrets.AZURE_RESSOURCE_GROUP }}" \
--name "${{ secrets.AZURE_RULE_NAME }}" \
--server "${{ secrets.AZURE_SERVER_NAME }}" \
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Lowercase the repo name and username
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
images: 'ghcr.io/${{ env.REPO }}:${{ github.sha }}'