-
Notifications
You must be signed in to change notification settings - Fork 0
169 lines (138 loc) · 5.25 KB
/
Copy pathinfra-deploy.yml
File metadata and controls
169 lines (138 loc) · 5.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
name: Infrastructure & Code Deployment
on:
push:
branches: [main]
paths:
- 'tofu/**'
- 'api/**'
- 'shared/**'
- 'frontend/**'
- 'package.json'
- 'package-lock.json'
workflow_dispatch:
permissions:
contents: read
id-token: write
env:
NODE_VERSION: '24'
FRONTEND_APP_NAME: 'cover-craft-ui'
API_APP_NAME: 'cover-craft'
RESOURCE_GROUP: 'projects-rg'
API_RESOURCE_GROUP: 'projects-rg-api'
jobs:
infra-apply:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v7
- name: Azure Login
uses: azure/login@v3
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v2
with:
tofu_version: 1.6.0
- name: Tofu Init
working-directory: tofu
run: tofu init
env:
ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
- name: Tofu Apply
working-directory: tofu
run: tofu apply -auto-approve -var="mongodb_uri=${{ secrets.MONGODB_URI }}"
env:
ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
deploy-api:
needs: infra-apply
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v7
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install all dependencies
run: npm ci
- name: Build shared package
run: npm run build:shared
- name: Build API
run: npm run build --workspace=api
- name: Package API for deployment
working-directory: api
run: |
# 1. Clear existing modules
rm -rf node_modules
# 2. Force isolation by temporarily hiding root workspace files.
# This prevents npm from detecting the monorepo and hoisting dependencies.
if [ -f ../package.json ]; then mv ../package.json ../package.json.bak; fi
if [ -f ../package-lock.json ]; then mv ../package-lock.json ../package-lock.json.bak; fi
# 3. Install production dependencies (local to api folder)
npm install --omit=dev --no-audit --no-fund --install-links
# 4. Restore root workspace files
if [ -f ../package.json.bak ]; then mv ../package.json.bak ../package.json; fi
if [ -f ../package-lock.json.bak ]; then mv ../package-lock.json.bak ../package-lock.json; fi
# 5. Fail-safe: ensure shared/dist is physically present
mkdir -p node_modules/@cover-craft/shared/dist
cp -r ../shared/dist/* node_modules/@cover-craft/shared/dist/
# 6. Create zip
zip -r ../api-deploy.zip dist node_modules host.json package.json
- name: Azure Login
uses: azure/login@v3
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Deploy API to Azure Functions
run: |
az functionapp deployment source config-zip \
--name ${{ env.API_APP_NAME }} \
--resource-group ${{ env.API_RESOURCE_GROUP }} \
--src api-deploy.zip
deploy-frontend:
needs: infra-apply
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v7
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install all dependencies
run: npm ci
- name: Build Shared
run: npm run build:shared
- name: Build Frontend (Standalone)
run: npm run build --workspace=frontend
- name: Package Frontend
run: |
# The standalone output includes everything needed to run
# We also need to include 'public' and 'static' for Next.js to serve them
cp -r frontend/public frontend/.next/standalone/frontend/
cp -r frontend/.next/static frontend/.next/standalone/frontend/.next/
# Zip the standalone folder
cd frontend/.next/standalone
zip -r ../../../frontend-deploy.zip .
- name: Azure Login
uses: azure/login@v3
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Deploy Frontend to Azure Web App
run: |
az webapp deployment source config-zip \
--name ${{ env.FRONTEND_APP_NAME }} \
--resource-group ${{ env.RESOURCE_GROUP }} \
--src frontend-deploy.zip
# Set the startup command for Next.js standalone
az webapp config set \
--name ${{ env.FRONTEND_APP_NAME }} \
--resource-group ${{ env.RESOURCE_GROUP }} \
--startup-file "node frontend/server.js"