Code deploy #221
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code deploy | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: ["main", "main-*"] | |
| paths: ["code/**", ".github/workflows/code**"] | |
| workflow_dispatch: | |
| inputs: | |
| BASELINE: | |
| description: "Baseline branch" | |
| required: true | |
| default: "main" | |
| ENVIRONMENT: | |
| description: "Deploy environment" | |
| required: true | |
| type: choice | |
| options: | |
| - azure-develop | |
| - azure-pro | |
| default: "azure-develop" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| deploy: | |
| name: Deploy to Container Apps | |
| runs-on: ubuntu-24.04 | |
| environment: ${{ github.event.inputs.ENVIRONMENT && github.event.inputs.ENVIRONMENT || 'azure-develop' }} | |
| env: | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_ACR_USERNAME: ${{ secrets.AZURE_ACR_USERNAME }} | |
| AZURE_ACR_PASSWORD: ${{ secrets.AZURE_ACR_PASSWORD }} | |
| AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }} | |
| AZURE_CONTAINER_ENVIRONMENT_NAME: ${{ vars.AZURE_CONTAINER_ENVIRONMENT_NAME }} | |
| AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }} | |
| AZURE_CONTAINER_NAME: "frontend" | |
| AZURE_CONTAINER_NAME_BACKEND: "backend" | |
| AZURE_IDENTITY_ID: ${{ secrets.AZURE_IDENTITY_ID }} | |
| NEXT_PUBLIC_API_ENDPOINT: ${{ vars.NEXT_PUBLIC_API_ENDPOINT }} | |
| NEXT_PUBLIC_API_V2_ENDPOINT: ${{ vars.NEXT_PUBLIC_API_V2_ENDPOINT }} | |
| NEXT_PUBLIC_API_ENDPOINT_HUB_NAME: ${{ vars.NEXT_PUBLIC_API_ENDPOINT_HUB_NAME }} | |
| CDN_IP_LIST: ${{ secrets.CDN_IP_LIST }} | |
| steps: | |
| - name: Checkout merge commit | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ env.AZURE_TENANT_ID }} | |
| subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} | |
| - name: Get Backend endpoint | |
| run: | | |
| BACKEND_ENDPOINT=https://$(az containerapp show -g ${{ env.AZURE_RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_NAME_BACKEND }} --query properties.configuration.ingress.fqdn --output tsv) | |
| echo "BACKEND_ENDPOINT=$(echo $BACKEND_ENDPOINT)" >> $GITHUB_ENV | |
| - name: Create .env.production file | |
| working-directory: code | |
| env: | |
| NEXT_PUBLIC_API_ENDPOINT: ${{ vars.NEXT_PUBLIC_API_ENDPOINT }} | |
| NEXT_PUBLIC_API_ENDPOINT_HUB_NAME: ${{ vars.NEXT_PUBLIC_API_ENDPOINT_HUB_NAME }} | |
| run: | | |
| touch .env.production | |
| echo NEXT_PUBLIC_API_ENDPOINT=${{ env.NEXT_PUBLIC_API_ENDPOINT }} >> .env.production | |
| echo NEXT_PUBLIC_API_V2_ENDPOINT=${{ env.NEXT_PUBLIC_API_V2_ENDPOINT }} >> .env.production | |
| echo NEXT_PUBLIC_API_ENDPOINT_HUB_NAME=${{ env.NEXT_PUBLIC_API_ENDPOINT_HUB_NAME }} >> .env.production | |
| echo BACKEND_ENDPOINT=${{ env.BACKEND_ENDPOINT }} >> .env.production | |
| - name: ACR Login | |
| run: | | |
| ACR_PASSWORD=$(az acr login --name ${{ env.AZURE_ACR_NAME }} --expose-token --output tsv --query accessToken) | |
| echo "AZURE_ACR_PASSWORD=$(echo $ACR_PASSWORD)" >> $GITHUB_ENV | |
| - name: ACR Login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.AZURE_ACR_NAME }}.azurecr.io | |
| username: ${{ env.AZURE_ACR_USERNAME }} | |
| password: ${{ env.AZURE_ACR_PASSWORD }} | |
| - name: Build image and push it to ACR | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| platforms: linux/amd64 | |
| context: code | |
| tags: ${{ env.AZURE_ACR_NAME }}.azurecr.io/${{ env.AZURE_CONTAINER_NAME }}:${{ github.sha }} | |
| file: code/Dockerfile | |
| - name: Deploy | |
| uses: azure/cli@v2 | |
| env: | |
| GITHUB_SHA: ${{ github.sha }} | |
| with: | |
| azcliversion: latest | |
| inlineScript: | | |
| az containerapp update \ | |
| --name $AZURE_CONTAINER_NAME \ | |
| --resource-group $AZURE_RESOURCE_GROUP \ | |
| --image $AZURE_ACR_NAME.azurecr.io/$AZURE_CONTAINER_NAME:$GITHUB_SHA \ | |
| --revision-suffix $GITHUB_SHA \ | |
| --query properties.configuration.ingress.fqdn |