generated from UK-Export-Finance/nestjs-template
-
Notifications
You must be signed in to change notification settings - Fork 3
169 lines (154 loc) Β· 7.15 KB
/
deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# This GHA is responsible for APIM deployment.
# Deployment is initiated using `az cli` bash script.
#
# Standard Azure naming convention has been followed:
# https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming
#
# Following Azure services are consumed:
# 1. Azure resource group - https://learn.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest#az-group-create
# 2. Azure container registry - https://learn.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-create
# 3. Azure container app environment - https://learn.microsoft.com/en-us/azure/container-apps/environment
# 4. Azure container app - https://learn.microsoft.com/en-us/azure/container-apps/containers
#
#
# Execution
# *********
# GHA is only invoked when following conditions are satisfied:
# 1. Push to the `dev`, `staging` and `production` branches only.
# 2. Any modifications to atleast one of the `paths` targets.
name: Deployment π
run-name: APIM deployment for ${{ github.repository }}
on:
push:
branches:
- dev
- staging
- production
paths:
- "src/**"
- "package.json"
- "package-lock.json"
- "Dockerfile"
- "tsconfig.json"
- "tsconfig.build.json"
- ".github/workflows/deployment.yml"
env:
PRODUCT: apim
ENVIRONMENT: ${{ github.ref_name }}
TIMEZONE: ${{ vars.TIMEZONE }}
# Base artifact
FROM: latest
jobs:
# 1. Setup deployment variables
setup:
name: Setup π§
runs-on: [self-hosted, APIM, deployment]
outputs:
product: ${{ env.PRODUCT }}
environment: ${{ env.ENVIRONMENT }}
timezone: ${{ env.TIMEZONE }}
steps:
- name: Environment π§ͺ
run: echo "Environment set to ${{ env.ENVIRONMENT }}"
- name: Timezone π
run: echo "Timezone set to ${{ env.TIMEZONE }}"
# 2. MDM micro-service deployment
mdm:
name: MDM π¦οΈ
needs: setup
environment: ${{ needs.setup.outputs.environment }}
env:
NAME: mdm
NAME_UPPERCASE: MDM
ENVIRONMENT: ${{ needs.setup.outputs.environment }}
runs-on: [self-hosted, APIM, deployment]
steps:
- name: Repository ποΈ
uses: actions/checkout@v4
- name: Azure π
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Defaults β¨
uses: Azure/cli@v2.0.0
with:
inlineScript: |
# Basic
az configure --defaults location=${{ vars.REGION }}
az configure --defaults group=rg-${{ env.PRODUCT }}-${{ github.ref_name }}-${{ vars.VERSION }}
- name: CLI π
run: |
echo ACR=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query loginServer -o tsv) >> $GITHUB_ENV
echo ACR_USER=$(az acr show -n $(az resource list --resource-type 'Microsoft.ContainerRegistry/registries' --query '[0].name' -o tsv) --query name -o tsv) >> $GITHUB_ENV
echo CA_NAME=$(az resource list --resource-type 'Microsoft.App/containerApps' --query '[?contains(name, `${{ env.NAME }}`)].name' -o tsv) >> $GITHUB_ENV
echo APIM=$(az resource list --resource-type 'Microsoft.ApiManagement/service' --query '[0].name' -o tsv) >> $GITHUB_ENV
echo API_ID=$(az apim api list --service-name $(az resource list --resource-type 'Microsoft.ApiManagement/service' --query '[0].name' -o tsv) --query '[?contains(displayName, `${{ env.NAME_UPPERCASE }}`)].name' -o tsv) >> $GITHUB_ENV
- name: ACR π
uses: azure/docker-login@v2
with:
login-server: ${{ env.ACR }}
username: ${{ env.ACR_USER }}
password: ${{ secrets.ACR_PASSWORD }}
- name: Artifacts ποΈ
run: |
docker build . \
-t ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }} \
-t ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }}
docker push ${{ env.ACR }}/${{ env.NAME }}:${{ github.sha }}
docker push ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }}
- name: Revisions π
uses: Azure/cli@v2.0.0
with:
inlineScript: |
az containerapp update \
--name ${{ env.CA_NAME }} \
--container-name ${{ env.CA_NAME }} \
--image ${{ env.ACR }}/${{ env.NAME }}:${{ env.FROM }} \
--revision-suffix v${{ github.run_id }} \
--set-env-vars \
"PORT=${{ secrets.PORT }}" \
"TZ=${{ secrets.TZ }}" \
"NODE_ENV=${{ secrets.NODE_ENV }}" \
"LOG_LEVEL=${{ vars.LOG_LEVEL }}" \
"REDACT_LOGS=${{ vars.REDACT_LOGS }}" \
"SINGLE_LINE_LOG_FORMAT=${{ vars.SINGLE_LINE_LOG_FORMAT }}" \
"SWAGGER_USER=${{ secrets.SWAGGER_USER }}" \
"SWAGGER_PASSWORD=${{ secrets.SWAGGER_PASSWORD }}" \
"DATABASE_PORT=${{ secrets.DATABASE_PORT }}" \
"DATABASE_USERNAME=${{ secrets.DATABASE_USERNAME }}" \
"DATABASE_PASSWORD=${{ secrets.DATABASE_PASSWORD }}" \
"DATABASE_HOST=${{ secrets.DATABASE_HOST }}" \
"DATABASE_MDM_NAME=${{ secrets.DATABASE_MDM_NAME }}" \
"DATABASE_NUMBER_GENERATOR_NAME=${{ secrets.DATABASE_NUMBER_GENERATOR_NAME }}" \
"DATABASE_CEDAR_NAME=${{ secrets.DATABASE_CEDAR_NAME }}" \
"DATABASE_CIS_NAME=${{ secrets.DATABASE_CIS_NAME }}" \
"APIM_INFORMATICA_URL=${{ secrets.APIM_INFORMATICA_URL }}" \
"APIM_INFORMATICA_USERNAME=${{ secrets.APIM_INFORMATICA_USERNAME }}" \
"APIM_INFORMATICA_PASSWORD=${{ secrets.APIM_INFORMATICA_PASSWORD }}" \
"APIM_INFORMATICA_MAX_REDIRECTS=${{ secrets.APIM_INFORMATICA_MAX_REDIRECTS }}" \
"APIM_INFORMATICA_TIMEOUT=${{ secrets.APIM_INFORMATICA_TIMEOUT }}" \
"API_KEY=${{ secrets.API_KEY }}" \
"ORDNANCE_SURVEY_URL=${{ secrets.ORDNANCE_SURVEY_URL }}" \
"ORDNANCE_SURVEY_KEY=${{ secrets.ORDNANCE_SURVEY_KEY }}" \
"ORDNANCE_SURVEY_MAX_REDIRECTS=${{ secrets.ORDNANCE_SURVEY_MAX_REDIRECTS }}" \
"ORDNANCE_SURVEY_TIMEOUT=${{ secrets.ORDNANCE_SURVEY_TIMEOUT }}" \
"COMPANIES_HOUSE_URL=${{ secrets.COMPANIES_HOUSE_URL }}" \
"COMPANIES_HOUSE_KEY=${{ secrets.COMPANIES_HOUSE_KEY }}" \
"COMPANIES_HOUSE_MAX_REDIRECTS=${{ secrets.COMPANIES_HOUSE_MAX_REDIRECTS }}" \
"COMPANIES_HOUSE_TIMEOUT=${{ secrets.COMPANIES_HOUSE_TIMEOUT }}"
- name: Import β¬οΈ
if: ${{ '' != env.API_ID }}
uses: Azure/cli@v2.0.0
with:
inlineScript: |
# API specification import
az apim api import \
--path '${{ env.NAME }}' \
--service-name ${{ env.APIM }} \
--specification-format OpenApi \
--api-id ${{ env.API_ID }} \
--api-type http \
--service-url https://$(az containerapp show --name ${{ env.CA_NAME }} --query properties.latestRevisionFqdn -o tsv) \
--protocols https \
--specification-url https://$(az containerapp show --name ${{ env.CA_NAME }} --query properties.latestRevisionFqdn -o tsv)/openapi/json \
--subscription-required true