Code deploy #293
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code deploy | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: ["main", "main-*"] | |
| paths: ["code/**", ".github/workflows/code**"] | |
| workflow_dispatch: | |
| inputs: | |
| BASELINE: | |
| description: "Baseline branch" | |
| required: true | |
| default: "main" | |
| ENVIRONMENT: | |
| description: "Deploy environment" | |
| required: true | |
| type: choice | |
| options: | |
| - azure-develop | |
| - azure-pro | |
| default: "azure-develop" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| deploy: | |
| name: Deploy to Container Apps | |
| runs-on: ubuntu-24.04 | |
| environment: ${{ github.event.inputs.ENVIRONMENT && github.event.inputs.ENVIRONMENT || 'azure-develop' }} | |
| env: | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_ACR_USERNAME: ${{ secrets.AZURE_ACR_USERNAME }} | |
| AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }} | |
| AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }} | |
| AZURE_CONTAINER_NAME: "backend" | |
| AZURE_WEB_PUBSUB_ENDPOINT: ${{ vars.AZURE_WEB_PUBSUB_ENDPOINT }} | |
| AZURE_WEB_PUBSUB_VALID_ORIGIN: ${{ vars.AZURE_WEB_PUBSUB_VALID_ORIGIN }} | |
| AZURE_WEB_PUBSUB_HUB_NAME: ${{ vars.AZURE_WEB_PUBSUB_HUB_NAME }} | |
| AZURE_STORAGE_ACCOUNT_NAME: ${{ vars.AZURE_STORAGE_ACCOUNT_NAME }} | |
| AZURE_STORAGE_ROOMS_CONTAINER_NAME: ${{ vars.AZURE_STORAGE_ROOMS_CONTAINER_NAME }} | |
| AZURE_STORAGE_IMAGES_CONTAINER_NAME: ${{ vars.AZURE_STORAGE_IMAGES_CONTAINER_NAME }} | |
| AZURE_CS_ENDPOINT: ${{ vars.AZURE_CS_ENDPOINT }} | |
| AZURE_CS_TIMEOUT_SECS: ${{ vars.AZURE_CS_TIMEOUT_SECS }} | |
| PERSIST_FREQUENCY_SEG: ${{ vars.PERSIST_FREQUENCY_SEG }} | |
| AZURE_LOG_LEVEL: ${{ vars.AZURE_LOG_LEVEL }} | |
| AZURE_DATABASE_HOST: ${{ vars.AZURE_DATABASE_HOST }} | |
| AZURE_DATABASE_PORT: ${{ vars.AZURE_DATABASE_PORT }} | |
| AZURE_DATABASE_NAME: ${{ vars.AZURE_DATABASE_NAME }} | |
| AZURE_DATABASE_USERNAME: ${{ secrets.AZURE_DATABASE_USERNAME }} | |
| AZURE_DATABASE_SSL: ${{ vars.AZURE_DATABASE_SSL }} | |
| AZURE_DATABASE_CLOUD_CREDENTIALS: ${{ vars.AZURE_DATABASE_CLOUD_CREDENTIALS }} | |
| AZURE_DATABASE_FORCE_SYNC: ${{ vars.AZURE_DATABASE_FORCE_SYNC }} | |
| FEATURE_WORKLOADS: ${{ vars.FEATURE_WORKLOADS }} | |
| FEATURE_THREADS: ${{ vars.FEATURE_THREADS }} | |
| LITELLM_ENDPOINT: ${{ vars.LITELLM_ENDPOINT }} | |
| LITELLM_API_KEY: ${{ secrets.LITELLM_API_KEY }} | |
| LOG_LEVEL: ${{ vars.LOG_LEVEL }} | |
| AZURE_CS_API_KEY: ${{ secrets.AZURE_CS_API_KEY }} | |
| AI_PASSWORD: ${{ secrets.AI_PASSWORD }} | |
| steps: | |
| - name: Get input parameters | |
| run: | | |
| BASELINE_BRANCH=${{ github.event.inputs.BASELINE || 'main' }} | |
| echo "BASELINE_BRANCH=${BASELINE_BRANCH#refs/heads/}" >> "$GITHUB_ENV" | |
| - name: Checkout merge commit | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.BASELINE_BRANCH }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Create .env.production file | |
| working-directory: code | |
| run: | | |
| touch .env | |
| echo AZURE_WEB_PUBSUB_ENDPOINT=${{ env.AZURE_WEB_PUBSUB_ENDPOINT }} >> .env | |
| echo AZURE_WEB_PUBSUB_HUB_NAME=${{ env.AZURE_WEB_PUBSUB_HUB_NAME }} >> .env | |
| echo AZURE_WEB_PUBSUB_VALID_ORIGIN=${{ env.AZURE_WEB_PUBSUB_VALID_ORIGIN }} >> .env | |
| echo AZURE_STORAGE_ACCOUNT_NAME="${{ env.AZURE_STORAGE_ACCOUNT_NAME }}" >> .env | |
| echo AZURE_STORAGE_ROOMS_CONTAINER_NAME=${{ env.AZURE_STORAGE_ROOMS_CONTAINER_NAME }} >> .env | |
| echo AZURE_STORAGE_IMAGES_CONTAINER_NAME=${{ env.AZURE_STORAGE_IMAGES_CONTAINER_NAME }} >> .env | |
| echo PERSIST_FREQUENCY_SEG=${{ env.PERSIST_FREQUENCY_SEG }} >> .env | |
| echo AI_PASSWORD=${{ env.AI_PASSWORD }} >> .env | |
| echo AZURE_CS_ENDPOINT=${{ env.AZURE_CS_ENDPOINT }} >> .env | |
| echo AZURE_CS_API_KEY=${{ env.AZURE_CS_API_KEY }} >> .env | |
| echo AZURE_CS_TIMEOUT_SECS=${{ env.AZURE_CS_TIMEOUT_SECS }} >> .env | |
| echo AZURE_LOG_LEVEL=${{ env.AZURE_LOG_LEVEL }} >> .env | |
| echo DATABASE_HOST=${{ env.AZURE_DATABASE_HOST }} >> .env | |
| echo DATABASE_PORT=${{ env.AZURE_DATABASE_PORT }} >> .env | |
| echo DATABASE_NAME=${{ env.AZURE_DATABASE_NAME }} >> .env | |
| echo DATABASE_USERNAME=${{ env.AZURE_DATABASE_USERNAME }} >> .env | |
| echo DATABASE_SSL=${{ env.AZURE_DATABASE_SSL }} >> .env | |
| echo DATABASE_CLOUD_CREDENTIALS=${{ env.AZURE_DATABASE_CLOUD_CREDENTIALS }} >> .env | |
| echo DATABASE_FORCE_SYNC=${{ env.AZURE_DATABASE_FORCE_SYNC }} >> .env | |
| echo FEATURE_WORKLOADS=${{ env.FEATURE_WORKLOADS }} >> .env | |
| echo FEATURE_THREADS=${{ env.FEATURE_THREADS }} >> .env | |
| echo LITELLM_ENDPOINT=${{ env.LITELLM_ENDPOINT }} >> .env | |
| echo LITELLM_API_KEY=${{ env.LITELLM_API_KEY }} >> .env | |
| echo LOG_LEVEL=${{ env.AZURE_LOG_LEVEL }} >> .env | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ env.AZURE_TENANT_ID }} | |
| subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} | |
| - name: ACR Login | |
| run: | | |
| ACR_PASSWORD=$(az acr login --name ${{ env.AZURE_ACR_NAME }} --expose-token --output tsv --query accessToken) | |
| echo "AZURE_ACR_PASSWORD=$(echo $ACR_PASSWORD)" >> $GITHUB_ENV | |
| - name: ACR Login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.AZURE_ACR_NAME }}.azurecr.io | |
| username: ${{ env.AZURE_ACR_USERNAME }} | |
| password: ${{ env.AZURE_ACR_PASSWORD }} | |
| - name: Build image and push it to ACR | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| platforms: linux/amd64 | |
| context: code | |
| tags: ${{ env.AZURE_ACR_NAME }}.azurecr.io/${{ env.AZURE_CONTAINER_NAME }}:${{ github.sha }} | |
| file: code/Dockerfile | |
| - name: Deploy | |
| uses: azure/cli@v2 | |
| env: | |
| GITHUB_SHA: ${{ github.sha }} | |
| with: | |
| azcliversion: latest | |
| inlineScript: | | |
| az containerapp update \ | |
| --name $AZURE_CONTAINER_NAME \ | |
| --resource-group $AZURE_RESOURCE_GROUP \ | |
| --image $AZURE_ACR_NAME.azurecr.io/$AZURE_CONTAINER_NAME:$GITHUB_SHA \ | |
| --revision-suffix $GITHUB_SHA \ | |
| --query properties.configuration.ingress.fqdn |