-
Notifications
You must be signed in to change notification settings - Fork 1
108 lines (84 loc) · 3.88 KB
/
pull-request-validation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Pull Request Validation
on:
workflow_dispatch:
pull_request:
branches:
- main
permissions:
id-token: write # This is required for Az CLI Login
contents: read # This is required for actions/checkout
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: "Checkout Repository"
uses: actions/checkout@v4
- name: "Dependency Review"
uses: actions/dependency-review-action@v4
dotnet-web-ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: frasermolyneux/actions/dotnet-web-ci@main
with:
dotnet-project: "servers-integration-webapi"
dotnet-version: 9.0.x
src-folder: "src"
majorMinorVersion: "1.1"
bicep-build-and-apply-dev:
environment: Development
runs-on: ubuntu-latest
concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
group: ${{ github.repository }}-dev
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/bicep-build-and-apply
with:
environmentName: dev
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_DEPLOY_SCRIPT_IDENTITY: ${{ secrets.AZURE_DEPLOY_SCRIPT_IDENTITY }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
- id: bicep-output
shell: pwsh
run: |
$config = (Get-Content params/dev.json | ConvertFrom-Json)
$deploymentOutput = (az deployment sub show --name "portal-servers-integration-$($config.parameters.environment.value)-$($config.parameters.instance.value)" `
--subscription ${{ vars.AZURE_SUBSCRIPTION_ID }}) | ConvertFrom-Json
echo "web_app_name=$($deploymentOutput.properties.outputs.webAppName.value)" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
echo "web_app_resource_group_name=$($deploymentOutput.properties.outputs.webAppResourceGroup.value)" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
outputs:
web_app_name: ${{ steps.bicep-output.outputs.web_app_name }}
web_app_resource_group_name: ${{ steps.bicep-output.outputs.web_app_resource_group_name }}
app-service-deploy-dev:
environment: Development
runs-on: ubuntu-latest
needs: [dotnet-web-ci, bicep-build-and-apply-dev]
concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
group: ${{ github.repository }}-dev
steps:
- uses: actions/checkout@v4
- uses: frasermolyneux/actions/deploy-app-service@main
with:
web-artifact-name: "servers-integration-webapi"
web-app-name: ${{ needs.bicep-build-and-apply-dev.outputs.web_app_name }}
resource-group-name: ${{ needs.bicep-build-and-apply-dev.outputs.web_app_resource_group_name }}
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
bicep-build-prd:
if: github.actor != 'dependabot[bot]' # dependabot context has no permissions to prod so skip this check
environment: Production
runs-on: ubuntu-latest
needs: [bicep-build-and-apply-dev]
concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
group: ${{ github.repository }}-prd
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/bicep-build
with:
environmentName: prd
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_DEPLOY_SCRIPT_IDENTITY: ${{ secrets.AZURE_DEPLOY_SCRIPT_IDENTITY }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}