-
Notifications
You must be signed in to change notification settings - Fork 0
197 lines (175 loc) · 6.43 KB
/
cd.yml
File metadata and controls
197 lines (175 loc) · 6.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
name: CD
on:
workflow_dispatch:
push:
branches: [main]
permissions:
id-token: write
contents: read
env:
ENVIRONMENT: dev
INSTANCE: "125"
RESOURCE_GROUP: rg-dev-125
BACKEND_APP_NAME: app-ops-demo-api-dev-125
FRONTEND_APP_NAME: app-ops-demo-web-dev-125
SQL_SERVER_NAME: sql-ops-demo-dev-125
SQL_DATABASE_NAME: programdb
ACR_NAME: acropsdemodev125
IMAGE_NAME: program-approval-api
jobs:
build-and-push-backend:
name: Build and Push Backend Container
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
timeout-minutes: 20
outputs:
image-tag: ${{ steps.meta.outputs.tags }}
steps:
- uses: actions/checkout@v4
- name: Azure Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Set image metadata
id: meta
run: |
SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
TAG="${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }}:${SHORT_SHA}"
echo "tags=$TAG" >> "$GITHUB_OUTPUT"
echo "Image tag: $TAG"
- name: Build and push Docker image via ACR Tasks
run: |
SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
az acr build \
--registry "${{ env.ACR_NAME }}" \
--image "${{ env.IMAGE_NAME }}:${SHORT_SHA}" \
--image "${{ env.IMAGE_NAME }}:latest" \
--file backend/Dockerfile \
backend/
build-frontend:
name: Build Frontend
runs-on: ubuntu-latest
defaults:
run:
working-directory: frontend
steps:
- uses: actions/checkout@v4
- name: Set up Node 20
uses: actions/setup-node@v4
with:
node-version: "20"
cache: npm
cache-dependency-path: frontend/package-lock.json
- name: Install dependencies
run: npm ci
- name: Build for production
run: npm run build
env:
VITE_API_BASE_URL: https://${{ env.BACKEND_APP_NAME }}.azurewebsites.net/api
- name: Upload frontend artifact
uses: actions/upload-artifact@v4
with:
name: frontend-artifact
path: frontend/dist
deploy-backend:
name: Deploy Backend Container
runs-on: ubuntu-latest
needs: [build-and-push-backend]
permissions:
contents: read
id-token: write
timeout-minutes: 15
environment: dev-125
steps:
- name: Azure Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy container to App Service
run: |
IMAGE="${{ needs.build-and-push-backend.outputs.image-tag }}"
# Update the container image — ACR pull uses managed identity
# (acrUseManagedIdentityCreds set by infrastructure).
az webapp config set \
--resource-group "${{ env.RESOURCE_GROUP }}" \
--name "${{ env.BACKEND_APP_NAME }}" \
--linux-fx-version "DOCKER|${IMAGE}" \
--startup-file "" \
--only-show-errors
- name: Configure App Service settings for Entra ID auth
run: |
az webapp config appsettings set \
--resource-group "${{ env.RESOURCE_GROUP }}" \
--name "${{ env.BACKEND_APP_NAME }}" \
--settings \
SPRING_PROFILES_ACTIVE=azuresql \
SPRING_DATASOURCE_URL="jdbc:sqlserver://${{ env.SQL_SERVER_NAME }}.database.windows.net:1433;database=${{ env.SQL_DATABASE_NAME }};encrypt=true;trustServerCertificate=true;hostNameInCertificate=*.database.windows.net;loginTimeout=60;authentication=ActiveDirectoryManagedIdentity;msiClientId=${{ vars.SQL_IDENTITY_CLIENT_ID }};connectRetryCount=3;connectRetryInterval=10;" \
APP_CORS_ALLOWED_ORIGIN="https://${{ env.FRONTEND_APP_NAME }}.azurewebsites.net" \
--only-show-errors
- name: Restart App Service
run: |
az webapp restart \
--resource-group "${{ env.RESOURCE_GROUP }}" \
--name "${{ env.BACKEND_APP_NAME }}" \
--only-show-errors
deploy-frontend:
name: Deploy Frontend
runs-on: ubuntu-latest
needs: [build-frontend, deploy-backend]
environment: dev-125
steps:
- name: Download frontend artifact
uses: actions/download-artifact@v4
with:
name: frontend-artifact
path: frontend-artifact
- name: Azure Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy to Azure App Service
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.FRONTEND_APP_NAME }}
package: frontend-artifact
smoke-test:
name: Smoke Test
runs-on: ubuntu-latest
needs: [deploy-backend, deploy-frontend]
environment: dev-125
steps:
- name: Health check — Backend API
run: |
URL="https://${{ env.BACKEND_APP_NAME }}.azurewebsites.net/api/health"
echo "Checking $URL ..."
echo "Waiting 60s for container cold start..."
sleep 60
for i in $(seq 1 20); do
STATUS=$(curl -s -o /dev/null -w '%{http_code}' "$URL" --max-time 30 || true)
if [ "$STATUS" = "200" ]; then
echo "Health check passed (HTTP $STATUS) on attempt $i"
exit 0
fi
echo "Attempt $i/20: HTTP $STATUS — retrying in 30s..."
sleep 30
done
echo "Health check failed after 20 attempts (~11 min)."
exit 1
- name: Health check — Frontend
run: |
STATUS=$(curl -s -o /dev/null -w '%{http_code}' \
"https://${{ env.FRONTEND_APP_NAME }}.azurewebsites.net/")
if [ "$STATUS" = "200" ]; then
echo "Frontend health check passed"
else
echo "Frontend health check failed with status $STATUS"
exit 1
fi