From a51e597e7626cde6402b6daa39117b90602f95b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Tr=C3=B8strup?= Date: Thu, 5 Oct 2023 18:34:26 +0200 Subject: [PATCH] Move infrastructure to repo and set up pipelines (#13) * Move infrastructure code to shifty, add pipeline fix workflow call fix dependency fix dependency pt 2 Actually add environment * Add CNAME and Custom Domain to Bicep * Add target branch parameter to bicep * Remove redundant shared module * Use existing keyword on dns and resource group * Move towards release-based workflow --- .github/workflows/build.yml | 43 +++++++--------------------- .github/workflows/deploy-dev.yml | 13 +++++++++ .github/workflows/deploy-prd.yml | 12 ++++++++ .github/workflows/deploy.yml | 46 ++++++++++++++++++++++++------ .github/workflows/infra-build.yml | 28 ++++++++++++++++++ .github/workflows/shifty-build.yml | 40 ++++++++++++++++++++++++++ .vscode/settings.json | 5 ++++ infrastructure/azuredeploy.bicep | 31 ++++++++++++++++++++ infrastructure/bicepconfig.json | 43 ++++++++++++++++++++++++++++ infrastructure/modules/dns.bicep | 20 +++++++++++++ infrastructure/shifty.bicep | 39 +++++++++++++++++++++++++ 11 files changed, 280 insertions(+), 40 deletions(-) create mode 100644 .github/workflows/deploy-dev.yml create mode 100644 .github/workflows/deploy-prd.yml create mode 100644 .github/workflows/infra-build.yml create mode 100644 .github/workflows/shifty-build.yml create mode 100644 .vscode/settings.json create mode 100644 infrastructure/azuredeploy.bicep create mode 100644 infrastructure/bicepconfig.json create mode 100644 infrastructure/modules/dns.bicep create mode 100644 infrastructure/shifty.bicep diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f7a47ab..dc99f75 100755 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,11 +1,6 @@ -name: Build Webapp +name: Build on: - pull_request: - branches: [develop, production] - - workflow_dispatch: - workflow_call: inputs: publish_artifacts: @@ -14,30 +9,14 @@ on: default: false jobs: - build_test: - name: Build and test Webapp - runs-on: ubuntu-latest + shifty-build: + name: Build webapp + uses: ./.github/workflows/shifty-build.yml + with: + publish_artifacts: ${{ inputs.publish_artifacts }} + secrets: inherit - steps: - - name: Checkout codebase - uses: actions/checkout@v3 - - name: Setup .NET - uses: actions/setup-dotnet@v3 - with: - dotnet-version: 6.x - - name: Restore dependencies - run: dotnet restore . - - name: Build Shifty App - run: dotnet build . --no-restore /p:ContinuousIntegrationBuild=true --configuration Release - - name: Run tests - run: dotnet test . --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat=opencover - - name: Publish Shifty App - run: dotnet publish --no-restore --configuration Release --output publish - - name: Publish workflow artifact - if: ${{ inputs.publish_artifacts }} - uses: actions/upload-artifact@v3 - with: - name: shifty - path: publish/wwwroot - retention-days: 1 - if-no-files-found: error + infra-build: + name: Build infrastructure + uses: ./.github/workflows/infra-build.yml + secrets: inherit diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml new file mode 100644 index 0000000..9c9db29 --- /dev/null +++ b/.github/workflows/deploy-dev.yml @@ -0,0 +1,13 @@ +name: Deploy to dev + +on: + push: + branches: + - develop + +jobs: + dev-deploy: + uses: ./.github/workflows/deploy.yml + secrets: inherit + with: + environment: dev diff --git a/.github/workflows/deploy-prd.yml b/.github/workflows/deploy-prd.yml new file mode 100644 index 0000000..46a90bf --- /dev/null +++ b/.github/workflows/deploy-prd.yml @@ -0,0 +1,12 @@ +name: Deploy to prd + +on: + release: + types: [published] + +jobs: + prd-deploy: + uses: ./.github/workflows/deploy.yml + secrets: inherit + with: + environment: prd diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index dc0a541..4597e0c 100755 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,29 +1,59 @@ -name: Deploy Webapp +name: Deployment of Webapp on: - push: - branches: [develop, production] + workflow_call: + inputs: + environment: + type: string + required: true + description: "Target Environment. Can either be 'dev' or 'prd'" jobs: - buildtest: + build-all: + name: Build codebase uses: ./.github/workflows/build.yml with: publish_artifacts: true secrets: inherit deploy: - name: Deploy Webapp - runs-on: ubuntu-latest - needs: [buildtest] + needs: [build_all] + name: Azure Deployment + runs-on: ubuntu-22.04 environment: - name: dev + name: ${{ inputs.environment }} url: ${{ vars.AZURE_STAPP_URL }} + concurrency: + group: ${{ inputs.environment }} + cancel-in-progress: false steps: - name: Download Artifact + uses: actions/download-artifact@v3 + with: + name: arm + + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Deploy ARM template + uses: azure/arm-deploy@v1 + with: + subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }} + scope: subscription + region: "West Europe" + template: azuredeploy.json + parameters: "environment=${{ inputs.environment }}" + deploymentName: "azuredeploy-${{github.run_number}}" + failOnStdErr: true + + - name: Download Shifty Artifact uses: actions/download-artifact@v3 with: name: shifty + - name: Deploy to Azure Web App id: webapp-deploy uses: Azure/static-web-apps-deploy@v1 diff --git a/.github/workflows/infra-build.yml b/.github/workflows/infra-build.yml new file mode 100644 index 0000000..fb6b0bd --- /dev/null +++ b/.github/workflows/infra-build.yml @@ -0,0 +1,28 @@ +name: Build ARM template + +on: + workflow_call: + + workflow_dispatch: + +jobs: + build: + name: Build ARM template + runs-on: ubuntu-22.04 + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Build ARM template + uses: Azure/bicep-build-action@v1.0.0 + with: + bicepFilePath: infrastructure/azuredeploy.bicep + outputFilePath: azuredeploy.json + + - name: Store ARM template + uses: actions/upload-artifact@v3 + with: + name: arm + path: azuredeploy.json + retention-days: 1 + if-no-files-found: error diff --git a/.github/workflows/shifty-build.yml b/.github/workflows/shifty-build.yml new file mode 100644 index 0000000..345968b --- /dev/null +++ b/.github/workflows/shifty-build.yml @@ -0,0 +1,40 @@ +name: Build Webapp + +on: + workflow_dispatch: + + workflow_call: + inputs: + publish_artifacts: + description: "Publish workflow artifacts" + type: boolean + default: false + +jobs: + build-test: + name: Build and test Webapp + runs-on: ubuntu-latest + + steps: + - name: Checkout codebase + uses: actions/checkout@v3 + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: 6.x + - name: Restore dependencies + run: dotnet restore . + - name: Build Shifty App + run: dotnet build . --no-restore /p:ContinuousIntegrationBuild=true --configuration Release + - name: Run tests + run: dotnet test . --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat=opencover + - name: Publish Shifty App + run: dotnet publish --no-restore --configuration Release --output publish + - name: Publish workflow artifact + if: ${{ inputs.publish_artifacts }} + uses: actions/upload-artifact@v3 + with: + name: shifty + path: publish/wwwroot + retention-days: 1 + if-no-files-found: error diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..3796783 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "yaml.schemas": { + "https://json.schemastore.org/github-workflow.json": "file:///c%3A/Users/andre/Projects/school/analogio/shifty-webapp/.github/workflows/deploy.yml" + } +} diff --git a/infrastructure/azuredeploy.bicep b/infrastructure/azuredeploy.bicep new file mode 100644 index 0000000..ce873c3 --- /dev/null +++ b/infrastructure/azuredeploy.bicep @@ -0,0 +1,31 @@ +targetScope = 'subscription' + +@allowed([ 'dev', 'prd' ]) +param environment string + +var location = 'West Europe' + +var organizationPrefix = 'aio' +var sharedResourcesAbbreviation = 'shr' +var webAppResourcesAbbreviation = 'app' + +resource sharedRg 'Microsoft.Resources/resourceGroups@2022-09-01' existing = { + name: 'rg-${organizationPrefix}-${sharedResourcesAbbreviation}-${environment}' +} + +resource shiftyRg 'Microsoft.Resources/resourceGroups@2022-09-01' = { + name: 'rg-${organizationPrefix}-${webAppResourcesAbbreviation}-shifty-${environment}' + location: location +} + +module shiftywebapp 'shifty.bicep' = { + name: '${deployment().name}-app-shifty' + scope: shiftyRg + params: { + location: location + organizationPrefix: organizationPrefix + applicationPrefix: 'shifty' + environment: environment + sharedResourceGroupName: sharedRg.name + } +} diff --git a/infrastructure/bicepconfig.json b/infrastructure/bicepconfig.json new file mode 100644 index 0000000..8b4eae5 --- /dev/null +++ b/infrastructure/bicepconfig.json @@ -0,0 +1,43 @@ +{ + "analyzers": { + "core": { + "enabled": true, + "verbose": false, + "rules": { + "adminusername-should-not-be-literal": { + "level": "error" + }, + "no-hardcoded-env-urls": { + "level": "error" + }, + "no-unnecessary-dependson": { + "level": "error" + }, + "no-unused-params": { + "level": "error" + }, + "no-unused-vars": { + "level": "error" + }, + "outputs-should-not-contain-secrets": { + "level": "error" + }, + "prefer-interpolation": { + "level": "error" + }, + "secure-parameter-default": { + "level": "error" + }, + "simplify-interpolation": { + "level": "error" + }, + "use-protectedsettings-for-commandtoexecute-secrets": { + "level": "error" + }, + "use-stable-vm-image": { + "level": "error" + } + } + } + } +} \ No newline at end of file diff --git a/infrastructure/modules/dns.bicep b/infrastructure/modules/dns.bicep new file mode 100644 index 0000000..4aa334c --- /dev/null +++ b/infrastructure/modules/dns.bicep @@ -0,0 +1,20 @@ +param environment string + +param webappAzureGeneratedFqdn string + +resource zone 'Microsoft.Network/dnsZones@2018-05-01' existing = { + name: '${environment}.analogio.dk' +} + +resource cname 'Microsoft.Network/dnsZones/CNAME@2018-05-01' = { + name: 'shifty' + parent: zone + properties: { + TTL: 3600 + CNAMERecord: { + cname: webappAzureGeneratedFqdn + } + } +} + +output customDomainFqdn string = cname.properties.fqdn diff --git a/infrastructure/shifty.bicep b/infrastructure/shifty.bicep new file mode 100644 index 0000000..c4c2232 --- /dev/null +++ b/infrastructure/shifty.bicep @@ -0,0 +1,39 @@ +param location string = resourceGroup().location + +param environment string + +param organizationPrefix string +param applicationPrefix string + +param sharedResourceGroupName string + +resource staticwebapp 'Microsoft.Web/staticSites@2022-03-01' = { + name: 'stapp-${organizationPrefix}-${applicationPrefix}-${environment}' + location: location + sku: { + name: 'Free' + tier: 'Free' + } + properties: { + allowConfigFileUpdates: false + repositoryUrl: 'https://github.com/AnalogIO/shifty-webapp' + branch: 'develop' + provider: 'GitHub' + stagingEnvironmentPolicy: 'Disabled' + enterpriseGradeCdnStatus: 'Disabled' + } +} + +module dns 'modules/dns.bicep' = { + name: '${deployment().name}-dns' + scope: resourceGroup(sharedResourceGroupName) + params: { + environment: environment + webappAzureGeneratedFqdn: staticwebapp.properties.defaultHostname + } +} + +resource staticwebappCustomDomain 'Microsoft.Web/staticSites/customDomains@2022-03-01' = { + name: 'shifty.${environment}.analogio.dk' + parent: staticwebapp +}