feat: implement WebFetchTools for public web fetching to enhance data… #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy main to production | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - "src/Dashboard/**" | |
| - ".github/workflows/main.yml" | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| ACR_NAME: crfinopsagent | |
| ACR_LOGIN: crfinopsagent.azurecr.io | |
| IMAGE: crfinopsagent.azurecr.io/finops-agent | |
| WEBAPP_NAME: finops-agent-container | |
| RESOURCE_GROUP: rg-finops-agent | |
| # Cancel in-flight prod deploys when a newer commit lands. | |
| concurrency: | |
| group: prod-deploy | |
| cancel-in-progress: false # don't cancel a half-deployed prod build | |
| jobs: | |
| deploy: | |
| name: Build & Deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Shallow checkout — build number now comes from github.run_number, | |
| # so we don't need full git history any more. | |
| - uses: actions/checkout@v6 | |
| - name: Azure Login (OIDC) | |
| uses: azure/login@v3 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Login to ACR | |
| run: az acr login --name ${{ env.ACR_NAME }} | |
| - name: Set build metadata | |
| id: meta | |
| run: | | |
| echo "sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |
| # Offset so we keep numbering continuous after switching from | |
| # `git rev-list --count HEAD` (which had reached 252) to run_number | |
| # (which restarted at 1 when the workflow file was renamed). | |
| echo "build=$(( ${{ github.run_number }} + 247 ))" >> $GITHUB_OUTPUT | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Build & push Docker image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: src/Dashboard | |
| push: true | |
| provenance: false | |
| tags: | | |
| ${{ env.IMAGE }}:latest | |
| ${{ env.IMAGE }}:${{ steps.meta.outputs.sha }} | |
| build-args: | | |
| BUILD_SHA=${{ steps.meta.outputs.sha }} | |
| BUILD_NUMBER=${{ steps.meta.outputs.build }} | |
| BUILD_BRANCH=main | |
| # Registry-mode cache lives in ACR, shared across all workflows. | |
| # `buildcache-main` is the warm baseline that feature.yml also | |
| # reads from, so feature builds inherit prod's cached layers. | |
| cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache-main | |
| cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache-main,mode=max,image-manifest=true,oci-mediatypes=true | |
| - name: Configure App Service settings | |
| run: | | |
| az webapp config appsettings set \ | |
| --name ${{ env.WEBAPP_NAME }} \ | |
| --resource-group ${{ env.RESOURCE_GROUP }} \ | |
| --settings AzureOpenAI__Endpoint="${{ secrets.AZURE_OPENAI_ENDPOINT }}" | |
| # Production currently runs against :latest, so we bounce the app to | |
| # force the new image to be pulled. (Keeping this for prod safety; | |
| # the test slot doesn't need it because it pins to test-<sha>.) | |
| - name: Restart App Service | |
| run: az webapp restart --name ${{ env.WEBAPP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} | |
| - name: Verify deployment | |
| run: | | |
| curl --retry 10 --retry-delay 5 --retry-connrefused -sf \ | |
| https://azure-finops-agent.com/api/version | head -c 200 | |
| echo "" |