Merge pull request #31 from dotindustries/feature/bre-70-fix-unkey-lo… #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Azure Container Apps Deployment | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| env: | |
| AZURE_CONTAINER_REGISTRY: dotinc.azurecr.io | |
| AZURE_RESOURCE_GROUP: rg-brease | |
| AZURE_LOCATION: westeurope | |
| API_APP_NAME: brease-api | |
| jobs: | |
| deploy: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: release | |
| cancel-in-progress: true | |
| outputs: | |
| api-url: ${{ steps.get-api-url.outputs.url }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Extract version from tag | |
| id: extract_version | |
| run: | | |
| # Extract semver from tag (remove prefix) | |
| echo ${{github.ref}} | |
| VERSION=${GITHUB_REF#refs/tags/} | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "Extracted version: $VERSION" | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZ_SP_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZ_SP_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Azure Container Registry | |
| run: az acr login --name dotinc | |
| - name: Go Build Cache for Docker | |
| uses: actions/cache@v4 | |
| with: | |
| path: go-build-cache | |
| key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }} | |
| - name: Inject go-build-cache | |
| uses: reproducible-containers/buildkit-cache-dance@4b2444fec0c0fb9dbf175a96c094720a692ef810 # v2.1.4 | |
| with: | |
| cache-source: go-build-cache | |
| - name: Build and push API image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./apps/api | |
| push: true | |
| file: ./apps/api/Dockerfile | |
| tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/brease-api:${{ steps.extract_version.outputs.version }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Create resource group | |
| run: | | |
| az group create \ | |
| --name ${{ env.AZURE_RESOURCE_GROUP }} \ | |
| --location ${{ env.AZURE_LOCATION }} | |
| - name: Deploy API service | |
| run: | | |
| az containerapp up \ | |
| --name ${{ env.API_APP_NAME }} \ | |
| --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \ | |
| --location ${{ env.AZURE_LOCATION }} \ | |
| --image ${{ env.AZURE_CONTAINER_REGISTRY }}/brease-api:${{ steps.extract_version.outputs.version }} \ | |
| --registry-server ${{ env.AZURE_CONTAINER_REGISTRY }} \ | |
| --ingress external \ | |
| --target-port 4400 \ | |
| --env-vars \ | |
| PORT=4400 \ | |
| NODE_ENV=staging \ | |
| INFISICAL_PROJECT_ID=642ed4939db25595ac7eb9cd \ | |
| INFISICAL_ENVIRONMENT=staging \ | |
| INFISICAL_CLIENT_ID=${{ secrets.INFISICAL_CLIENT_ID }} \ | |
| INFISICAL_CLIENT_SECRET=${{ secrets.INFISICAL_CLIENT_SECRET }} \ | |
| - name: Get API URL | |
| id: get-api-url | |
| run: | | |
| URL=$(az containerapp show \ | |
| --name ${{ env.API_APP_NAME }} \ | |
| --resource-group ${{ env.AZURE_RESOURCE_GROUP }} \ | |
| --query properties.configuration.ingress.fqdn \ | |
| --output tsv) | |
| echo "url=https://$URL" >> $GITHUB_OUTPUT | |
| - name: Comment on PR | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| header: pr-deployment | |
| message: | | |
| ## 🚀 Brease PR Environment Deployed Successfully! | |
| **API Service**: ${{ steps.get-api-url.outputs.url }} | |
| **OpenAPI Docs**: ${{ steps.get-api-url.outputs.url }}/ | |
| **Stats**: ${{ steps.get-api-url.outputs.url }}/stats | |
| **Resources Created:** | |
| - Resource Group: `${{ env.AZURE_RESOURCE_GROUP }}` | |
| - API Service: `${{ env.API_APP_NAME }}` (with managed environment) | |
| **API Testing:** | |
| ```bash | |
| # Test the API endpoint | |
| curl ${{ steps.get-api-url.outputs.url }}/stats | |
| # View OpenAPI documentation | |
| open ${{ steps.get-api-url.outputs.url }}/ | |
| ``` | |
| > 💡 This environment will be automatically cleaned up when the PR is merged or closed. | |
| - name: Create GitHub Release | |
| run: | | |
| gh release create ${{ github.ref_name }} \ | |
| --title "Release ${{ steps.extract_version.outputs.version }}" \ | |
| --notes "## 🚀 Release ${{ steps.extract_version.outputs.version }} | |
| **Docker Images Published:** | |
| - \`${{ env.AZURE_CONTAINER_REGISTRY }}/lumen-web:${{ steps.extract_version.outputs.version }}\` | |
| **Tag:** \`web/${{ steps.extract_version.outputs.version }}\` | |
| **Commit:** \`${{ github.sha }}\`" | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| cleanup: | |
| if: github.event.action == 'closed' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZ_SP_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZ_SP_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| - name: Delete resource group | |
| run: | | |
| if az group exists --name ${{ env.AZURE_RESOURCE_GROUP }}; then | |
| echo "Deleting resource group: ${{ env.AZURE_RESOURCE_GROUP }}" | |
| az group delete \ | |
| --name ${{ env.AZURE_RESOURCE_GROUP }} \ | |
| --yes \ | |
| --no-wait | |
| else | |
| echo "Resource group ${{ env.AZURE_RESOURCE_GROUP }} does not exist" | |
| fi | |
| - name: Clean up container images | |
| run: | | |
| # Delete PR-specific images from ACR | |
| az acr repository delete \ | |
| --name dotinc \ | |
| --repository brease-api \ | |
| --tag pr-${{ github.event.number }} \ | |
| --yes || true | |
| - name: Comment on PR | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| header: pr-deployment | |
| message: | | |
| ## 🧹 Brease PR Environment Cleaned Up | |
| All Azure resources for this PR have been deleted: | |
| - Resource Group: `${{ env.AZURE_RESOURCE_GROUP }}` | |
| - Container image: `brease-api:pr-${{ github.event.number }}` | |
| > ✅ Cleanup completed successfully. |