fix(saml): configure prod Auth0 IDP metadata URL #49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy CKAN (staging) | |
| on: | |
| push: | |
| branches: [master, ckan211-prod-deploy-pr] | |
| workflow_dispatch: | |
| inputs: | |
| image_tag: | |
| description: "Image tag to deploy (e.g., sha-abc1234). Leave blank to build from the workflow's ref." | |
| required: false | |
| type: string | |
| env: | |
| ACR_NAME: adracr | |
| IMAGE_NAME: ckan | |
| NAMESPACE: adr-s | |
| URL: https://dev.adr.fjelltopp.org | |
| jobs: | |
| build: | |
| if: github.event_name != 'workflow_dispatch' || inputs.image_tag == '' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image_tag: ${{ steps.meta.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.6.1 | |
| with: | |
| images: ${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=sha,prefix=sha-,format=short | |
| - name: Login to ACR | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ env.ACR_NAME }}.azurecr.io | |
| username: ${{ secrets.ACR_USERNAME }} | |
| password: ${{ secrets.ACR_PASSWORD }} | |
| - name: Build and push | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.10.0 | |
| with: | |
| context: . | |
| file: deploy/Dockerfile.prod | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| deploy: | |
| needs: build | |
| if: always() && (needs.build.result == 'success' || needs.build.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: staging | |
| url: ${{ env.URL }} | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Resolve image tag | |
| id: params | |
| run: | | |
| if [[ -n "${{ inputs.image_tag }}" ]]; then | |
| echo "image_tag=${{ inputs.image_tag }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "image_tag=${{ needs.build.outputs.image_tag }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Setup kubeconfig | |
| run: | | |
| mkdir -p ~/.kube | |
| echo "${{ secrets.KUBECONFIG_BASE64 }}" | base64 -d > ~/.kube/config | |
| chmod 600 ~/.kube/config | |
| - name: Deploy to AKS | |
| run: | | |
| kubectl create configmap ckan-env-config \ | |
| --from-file=env.ini=deploy/staging.ini \ | |
| -n ${{ env.NAMESPACE }} \ | |
| --dry-run=client -o yaml | kubectl apply -f - | |
| kubectl set image deployment/ckan \ | |
| ckan=${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }}:${{ steps.params.outputs.image_tag }} \ | |
| -n ${{ env.NAMESPACE }} | |
| kubectl rollout status deployment/ckan -n ${{ env.NAMESPACE }} --timeout=5m |