Release build & deploy #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release build & deploy | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| set-env: | |
| runs-on: ubuntu-22.04 | |
| name: Set Environment Values | |
| outputs: | |
| branch: ${{ steps.var.outputs.branch }} | |
| checked-out-sha: ${{ steps.var.outputs.checked-out-sha }} | |
| steps: | |
| - name: Fail if branch is not release or fix | |
| if: ${{ ! startsWith(github.ref, 'refs/heads/fix') && ! startsWith(github.ref, 'refs/heads/release') }} | |
| run: | | |
| echo "This workflow should not be triggered on a branch other than release or fix" | |
| exit 1 | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - id: var | |
| run: | | |
| GIT_BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}} | |
| CHECKED_OUT_SHA="$(git log -1 '--format=format:%H')" | |
| echo "branch=$GIT_BRANCH" >> $GITHUB_OUTPUT | |
| echo "checked-out-sha=${CHECKED_OUT_SHA}" >> $GITHUB_OUTPUT | |
| create-and-publish-image: | |
| needs: set-env | |
| name: Create & Publish Image | |
| uses: ./.github/workflows/build-image.yml | |
| secrets: inherit | |
| with: | |
| branch: ${{ needs.set-env.outputs.branch }} | |
| checked-out-sha: ${{ needs.set-env.outputs.checked-out-sha }} | |
| deploy-to-staging: | |
| runs-on: ubuntu-22.04 | |
| needs: [create-and-publish-image] | |
| name: Deploy to staging | |
| environment: staging | |
| # Permissions for OIDC authentication | |
| permissions: | |
| id-token: write | |
| contents: write | |
| issues: write | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| # Login to Azure using OIDC | |
| - name: Login to Azure CLI | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Deploy Web Application | |
| - name: Deploy to Azure App Services | |
| uses: azure/webapps-deploy@v3 | |
| with: | |
| app-name: ${{ vars.WEBAPP_NAME }} | |
| images: ${{ needs.create-and-publish-image.outputs.dockerImageTag }} | |
| slot-name: "${{ vars.WEBAPP_SLOT_NAME }}" | |
| # Make a request to the health check endpoint | |
| - name: Make request to health check endpoint | |
| uses: ./.github/actions/health-check | |
| with: | |
| webapp_url: "${{ vars.WEBAPP_NAME }}-${{ vars.WEBAPP_SLOT_NAME }}" | |
| # Run smoke test | |
| - name: Run smoke tests against slot | |
| uses: ./.github/actions/run-smoke-tests | |
| with: | |
| webapp_url: "${{ vars.WEBAPP_NAME }}-${{ vars.WEBAPP_SLOT_NAME }}" | |
| auth_secret: ${{ secrets.WEBAPP_E2E_ACCESS_KEY }} | |
| # Swap the slots | |
| - name: Swap to the production slot | |
| run: | | |
| az webapp deployment slot swap --resource-group ${{ vars.RESOURCE_NAME_PREFIX }}-rg --name ${{ vars.WEBAPP_NAME }} --slot ${{ vars.WEBAPP_SLOT_NAME }} --target-slot production | |
| deploy-to-production: | |
| runs-on: ubuntu-22.04 | |
| needs: [create-and-publish-image, deploy-to-staging] | |
| name: Deploy to production | |
| environment: production | |
| # Permissions for OIDC authentication | |
| permissions: | |
| id-token: write | |
| contents: write | |
| issues: write | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| # Login to Azure using OIDC | |
| - name: Login to Azure CLI | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Deploy Web Application | |
| - name: Deploy to Azure App Services | |
| uses: azure/webapps-deploy@v3 | |
| with: | |
| app-name: ${{ vars.WEBAPP_NAME }} | |
| images: ${{ needs.create-and-publish-image.outputs.dockerImageTag }} | |
| slot-name: "${{ vars.WEBAPP_SLOT_NAME }}" | |
| # Make a request to the health check endpoint | |
| - name: Make request to health check endpoint | |
| uses: ./.github/actions/health-check | |
| with: | |
| webapp_name: ${{ vars.WEBAPP_NAME }} | |
| slot_name: ${{ vars.WEBAPP_SLOT_NAME }} | |
| # Run smoke test | |
| - name: Run smoke tests against slot | |
| uses: ./.github/actions/run-smoke-tests | |
| with: | |
| webapp_url: "${{ vars.WEBAPP_NAME }}-${{ vars.WEBAPP_SLOT_NAME }}" | |
| auth_secret: ${{ secrets.WEBAPP_E2E_ACCESS_KEY }} | |
| # Swap the slots | |
| - name: Swap to the production slot | |
| run: | | |
| az webapp deployment slot swap --resource-group ${{ vars.RESOURCE_NAME_PREFIX }}-rg --name ${{ vars.WEBAPP_NAME }} --slot ${{ vars.WEBAPP_SLOT_NAME }} --target-slot production |