feat: Add JWT validation to APIM for managed identity authentication #59

Workflow file for this run

.github/workflows/deploy-activity-api.yml at 07d2dbf

	name: Deploy Activity Api

	on:
	pull_request:
	branches:
	- main
	paths:
	- 'infra/apps/activity-api/**'
	- 'src/Biotrackr.Activity.Api/**'

	permissions:
	contents: read
	id-token: write
	pull-requests: write
	checks: write

	env:
	DOTNET_VERSION: 9.0.x

	jobs:
	env-setup:
	name: Setup Environment
	runs-on: ubuntu-latest
	outputs:
	dotnet-version: ${{ steps.set-output-defaults.outputs.dotnet-version }}
	steps:
	- name: set outputs with default values
	id: set-output-defaults
	run: \|
	echo "dotnet-version=${{ env.DOTNET_VERSION }}" >> "$GITHUB_OUTPUT"

	run-unit-tests:
	name: Run Unit Tests with Coverage
	needs: env-setup
	uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-unit-tests.yml@main
	with:
	dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
	working-directory: ./src/Biotrackr.Activity.Api/Biotrackr.Activity.Api.UnitTests
	coverage-threshold: 70
	fail-below-threshold: true

	run-contract-tests:
	name: Run API Contract Tests
	needs: env-setup
	uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-contract-tests.yml@main
	with:
	dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
	working-directory: ./src/Biotrackr.Activity.Api/Biotrackr.Activity.Api.IntegrationTests
	test-filter: 'FullyQualifiedName~Contract'

	build-container-image-dev:
	name: Build and Push Container Image
	needs: [run-unit-tests, run-contract-tests]
	uses: willvelida/biotrackr/.github/workflows/template-acr-push-image.yml@main
	with:
	working-directory: ./src/Biotrackr.Activity.Api
	app-name: biotrackr-activity-api
	secrets:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	resource-group-name: ${{ secrets.AZURE_RG_NAME_DEV }}

	retrieve-container-image-dev:
	name: Retrieve Container Image
	needs: build-container-image-dev
	runs-on: ubuntu-latest
	outputs:
	loginServer: ${{ steps.get-acr-server.outputs.loginServer }}
	tenantId: ${{ secrets.AZURE_TENANT_ID }}
	steps:
	- name: Azure login
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Get ACR server
	id: get-acr-server
	run: \|
	loginServer=$(az acr list --resource-group ${{ secrets.AZURE_RG_NAME_DEV }} --query "[0].loginServer" -o tsv)
	echo "loginServer=$loginServer" > "$GITHUB_OUTPUT"

	lint:
	name: Run Bicep Linter
	needs: retrieve-container-image-dev
	uses: willvelida/biotrackr/.github/workflows/template-bicep-linter.yml@main
	with:
	template-file: './infra/apps/activity-api/main.bicep'

	validate:
	name: Validate Template
	needs: [lint, retrieve-container-image-dev]
	uses: willvelida/biotrackr/.github/workflows/template-bicep-validate.yml@main
	with:
	template-file: './infra/apps/activity-api/main.bicep'
	parameters-file: ./infra/apps/activity-api/main.dev.bicepparam
	parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}"}'
	scope: resourceGroup
	secrets:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	resource-group-name: ${{ secrets.AZURE_RG_NAME_DEV }}

	preview:
	name: Preview Changes
	needs: [validate, retrieve-container-image-dev]
	uses: willvelida/biotrackr/.github/workflows/template-bicep-whatif.yml@main
	with:
	scope: resourceGroup
	template-file: './infra/apps/activity-api/main.bicep'
	parameters-file: ./infra/apps/activity-api/main.dev.bicepparam
	parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
	secrets:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	resource-group-name: ${{ secrets.AZURE_RG_NAME_DEV }}

	deploy-dev:
	name: Deploy Template to Dev
	needs: [preview, retrieve-container-image-dev]
	uses: willvelida/biotrackr/.github/workflows/template-bicep-deploy.yml@main
	with:
	template-file: './infra/apps/activity-api/main.bicep'
	parameters-file: ./infra/apps/activity-api/main.dev.bicepparam
	parameters: '{"imageName": "${{ needs.retrieve-container-image-dev.outputs.loginServer }}/biotrackr-activity-api:${{ github.sha }}", "tenantId": "${{ needs.retrieve-container-image-dev.outputs.tenantId }}"}'
	scope: resourceGroup
	environment: dev
	secrets:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	resource-group-name: ${{ secrets.AZURE_RG_NAME_DEV }}

	run-e2e-tests:
	name: Run E2E Tests Against Dev
	needs: [deploy-dev, env-setup]
	uses: willvelida/biotrackr/.github/workflows/template-dotnet-run-e2e-tests.yml@main
	with:
	dotnet-version: ${{ needs.env-setup.outputs.dotnet-version }}
	working-directory: ./src/Biotrackr.Activity.Api/Biotrackr.Activity.Api.IntegrationTests
	test-filter: 'FullyQualifiedName~E2E'
	secrets:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Add JWT validation to APIM for managed identity authentication #59

Workflow file

feat: Add JWT validation to APIM for managed identity authentication #59

Uh oh!

Workflow file for this run