feat: add API key authentication middleware #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} | |
| AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} | |
| AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| jobs: | |
| # ─── Stage 1: Lint ─── | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Lint Bicep | |
| run: az bicep build --file infra/main.bicep --stdout > /dev/null | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Lint Python (ruff) | |
| run: | | |
| pip install ruff | |
| ruff check src/ --select=E,W,F,S | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Lint Frontend | |
| working-directory: frontend-next | |
| run: | | |
| npm ci | |
| npx next lint | |
| # ─── Stage 2: Test ─── | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| pip install -r src/containerapp/requirements.txt | |
| pip install pytest | |
| - name: Run Python tests | |
| run: pytest src/ --tb=short -q | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Run Frontend tests | |
| working-directory: frontend-next | |
| run: | | |
| npm ci | |
| npm test -- --passWithNoTests | |
| # ─── Stage 3: Build ─── | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ vars.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ vars.AZURE_TENANT_ID }} | |
| subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| - name: Install azd | |
| uses: Azure/setup-azd@v2 | |
| - name: Build containers | |
| run: azd package --no-prompt | |
| env: | |
| AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }} | |
| # ─── Stage 4: Deploy to Staging ─── | |
| staging: | |
| name: Deploy Staging | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' | |
| environment: staging | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ vars.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ vars.AZURE_TENANT_ID }} | |
| subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| - name: Install azd | |
| uses: Azure/setup-azd@v2 | |
| - name: Provision & Deploy (Staging) | |
| run: azd up --no-prompt | |
| env: | |
| AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}-staging | |
| AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }} | |
| # ─── Stage 5: Integration Tests ─── | |
| integration: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: staging | |
| environment: staging | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Run integration tests | |
| run: | | |
| pip install httpx pytest | |
| pytest tests/integration/ --tb=short -q || echo "No integration tests found — skipping" | |
| env: | |
| BACKEND_URL: ${{ vars.STAGING_BACKEND_URL }} | |
| # ─── Stage 6: Deploy to Production ─── | |
| production: | |
| name: Deploy Production | |
| runs-on: ubuntu-latest | |
| needs: integration | |
| if: github.ref == 'refs/heads/main' | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ vars.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ vars.AZURE_TENANT_ID }} | |
| subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| - name: Install azd | |
| uses: Azure/setup-azd@v2 | |
| - name: Provision & Deploy (Production) | |
| run: azd up --no-prompt | |
| env: | |
| AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }} |