Deploy IAC Workflow [prod] #27

Workflow file for this run

.github/workflows/approval-system-iac.yml at 4a28837

	name: Deploy IAC Workflow
	run-name: Deploy IAC Workflow [${{inputs.selected_environment}}]

	on:
	workflow_dispatch:
	inputs:
	selected_environment:
	type: choice
	description: SELECT ENVIRONMENT
	required: true
	default: test
	options:
	- prod
	- uat
	- test
	disable_data_loss:
	type: boolean
	description: Block on possible data loss
	required: true
	default: true
	db_infra:
	type: boolean
	description: Run deployment of SQL Server resource
	required: true
	default: true
	db_project:
	type: boolean
	description: Run build and publish the SQL Project
	required: true
	default: true
	app_infra:
	type: boolean
	description: Run deployment of AppServicePlan and AppService
	required: true
	default: true

	env:
	PROJECT_NAME: ava-approval-system
	ACTIVE_ENV: ${{github.event.inputs.selected_environment}}

	jobs:
	deploy-server-and-database:
	runs-on: ubuntu-latest
	outputs:
	database_name: ${{ steps.create_database.outputs.database_name }}
	steps:
	- uses: actions/checkout@v2

	- name: Set Server Credentials
	id: server_credentials
	run: \|
	case ${{ github.event.inputs.selected_environment }} in
	"test" \| "uat")
	echo "server_name=${{secrets.SERVER_NAME}}" >> $GITHUB_OUTPUT
	echo "server_username=${{secrets.SERVER_USERNAME}}" >> $GITHUB_OUTPUT
	echo "server_password=${{secrets.SERVER_PASSWORD}}" >> $GITHUB_OUTPUT
	;;
	"prod")
	echo "server_name=${{secrets.SERVER_NAME_PROD}}" >> $GITHUB_OUTPUT
	echo "server_username=${{secrets.SERVER_USERNAME_PROD}}" >> $GITHUB_OUTPUT
	echo "server_password=${{secrets.SERVER_PASSWORD_PROD}}" >> $GITHUB_OUTPUT
	;;
	esac

	- name: Create database name
	id: create_database
	run: \|
	case ${{ github.event.inputs.selected_environment }} in
	"test" \| "prod")
	echo "database_name=ApprovalSystemDb" >> $GITHUB_OUTPUT
	;;
	"uat")
	echo "database_name=ApprovalSystemDbUAT" >> $GITHUB_OUTPUT
	;;
	esac

	- name: Login to Azure
	if: ${{ github.event.inputs.db_infra == 'true' \|\| github.event.inputs.db_project == 'true' }}
	uses: azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS }}

	- name: Deploy SQL Server & Database
	if: ${{ github.event.inputs.db_infra == 'true' }}
	uses: azure/arm-deploy@v1
	with:
	subscriptionId: ${{ fromJSON(secrets.AZURE_CREDENTIALS)['subscriptionId'] }}
	resourceGroupName: ${{ secrets.AZURE_RG }}
	template: ./.bicep/sql/deployApprovalSystemSqlDatabase.bicep
	parameters: activeEnv=${{github.event.inputs.selected_environment}} serverName=${{ steps.server_credentials.outputs.server_name }} administratorLogin=${{ steps.server_credentials.outputs.server_username }} administratorLoginPassword=${{ steps.server_credentials.outputs.server_password }} databaseName=${{ steps.create_database.outputs.database_name }}
	failOnStdErr: false
	scope: resourcegroup

	- uses: azure/[email protected]
	if: ${{ github.event.inputs.db_project == 'true' }}
	with:
	connection-string: Server=${{ steps.server_credentials.outputs.server_name }}.database.windows.net;Initial Catalog=${{ steps.create_database.outputs.database_name }};Persist Security Info=False;User ID=${{ steps.server_credentials.outputs.server_username }};Password=${{ steps.server_credentials.outputs.server_password }};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
	project-file: 'src/sqldb/ApprovalSystemDb/ApprovalSystemDb.sqlproj'
	arguments: '/p:BlockOnPossibleDataLoss=${{github.event.inputs.disable_data_loss}}'

	deploy-appserviceplan-and-webapp:
	runs-on: ubuntu-latest
	needs: [deploy-server-and-database]
	if: ${{ needs.deploy-server-and-database.result == 'success' && github.event.inputs.app_infra == 'true'}}
	steps:

	- uses: actions/checkout@v2

	- name: Setup Azure Credentials and AD
	run: \|
	case ${{ github.event.inputs.selected_environment }} in
	"test" \| "uat")
	echo "HOME_URL=https://${{ env.PROJECT_NAME }}-${{env.ACTIVE_ENV}}.azurewebsites.net" >> $GITHUB_ENV
	echo "AD_TENANT_ID=${{secrets.AD_TENANT_ID}}" >> $GITHUB_ENV
	echo "AD_CLIENT_ID=${{secrets.AD_CLIENT_ID}}" >> $GITHUB_ENV
	echo "AD_CLIENT_SECRET=${{secrets.AD_CLIENT_SECRET}}" >> $GITHUB_ENV
	;;
	"prod")
	echo "HOME_URL=${{ secrets.CUSTOM_DOMAIN_PROD}}" >> $GITHUB_ENV
	echo "AD_TENANT_ID=${{secrets.AD_TENANT_ID_PROD}}" >> $GITHUB_ENV
	echo "AD_CLIENT_ID=${{secrets.AD_CLIENT_ID_PROD}}" >> $GITHUB_ENV
	echo "AD_CLIENT_SECRET=${{secrets.AD_CLIENT_SECRET_PROD}}" >> $GITHUB_ENV
	;;
	esac

	- name: Set Server Credentials
	id: server_credentials
	run: \|
	case ${{ github.event.inputs.selected_environment }} in
	"test" \| "uat")
	echo "server_name=${{secrets.SERVER_NAME}}" >> $GITHUB_OUTPUT
	echo "server_username=${{secrets.SERVER_USERNAME}}" >> $GITHUB_OUTPUT
	echo "server_password=${{secrets.SERVER_PASSWORD}}" >> $GITHUB_OUTPUT
	;;
	"prod")
	echo "server_name=${{secrets.SERVER_NAME_PROD}}" >> $GITHUB_OUTPUT
	echo "server_username=${{secrets.SERVER_USERNAME_PROD}}" >> $GITHUB_OUTPUT
	echo "server_password=${{secrets.SERVER_PASSWORD_PROD}}" >> $GITHUB_OUTPUT
	;;
	esac

	- name: SET THE IAC PARAMETERS
	run: \|
	case ${{ github.event.inputs.selected_environment }} in
	"test")
	cat > ./.bicep/webapp/${{ github.event.inputs.selected_environment }}-parameters.json <<EOL
	${{vars.IAC_PARAMETERS_TEST}}
	EOL
	;;
	"uat")
	cat > ./.bicep/webapp/${{ github.event.inputs.selected_environment }}-parameters.json <<EOL
	${{vars.IAC_PARAMETERS_UAT}}
	EOL
	;;
	"prod")
	cat > ./.bicep/webapp/${{ github.event.inputs.selected_environment }}-parameters.json <<EOL
	${{vars.IAC_PARAMETERS_PROD}}
	EOL
	;;
	esac

	- name: SUBSTITUTE VARIABLES
	uses: microsoft/variable-substitution@v1
	with:
	files: ./.bicep/webapp/${{ github.event.inputs.selected_environment }}-parameters.json
	env:
	parameters.imageName.value: ${{github.event.inputs.selected_environment}}-approval-system-app
	parameters.appServicePlanName.value : 'opetechgh'
	parameters.sqlServerName.value : ${{ secrets.SERVER_NAME }}
	parameters.projectName.value : ${{ env.PROJECT_NAME }}
	parameters.activeEnv.value : ${{ env.ACTIVE_ENV}}
	parameters.containerServer.value : ${{ secrets.ACR_REGISTRY }}
	parameters.appServiceSettings.value.TENANT_ID : ${{ env.AD_TENANT_ID }}
	parameters.appServiceSettings.value.CLIENT_ID : ${{ env.AD_CLIENT_ID }}
	parameters.appServiceSettings.value.CLIENT_SECRET : ${{ env.AD_CLIENT_SECRET }}
	parameters.appServiceSettings.value.HOME_URL : ${{env.HOME_URL}}
	parameters.appServiceSettings.value.EMAIL_ENDPOINT : ${{ secrets.EMAIL_ENDPOINT }}
	parameters.appServiceSettings.value.DOCKER_REGISTRY_SERVER_URL : https://${{ secrets.ACR_REGISTRY }}
	parameters.appServiceSettings.value.DOCKER_REGISTRY_SERVER_USERNAME : ${{ secrets.ACR_USERNAME }}
	parameters.appServiceSettings.value.DOCKER_REGISTRY_SERVER_PASSWORD : ${{ secrets.ACR_PASSWORD }}
	parameters.appServiceSettings.value.APPROVALSYSTEMDB_CONNECTION_STRING : Server=tcp:${{ steps.server_credentials.outputs.server_name }}.database.windows.net,1433;Initial Catalog=${{ needs.deploy-server-and-database.outputs.database_name }};Persist Security Info=False;User ID=${{ steps.server_credentials.outputs.server_username }};Password=${{ steps.server_credentials.outputs.server_password }};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

	- uses: azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS }}

	- name: Deploy App Service Plan and Web App
	uses: azure/arm-deploy@v1
	with:
	subscriptionId: ${{ fromJSON(secrets.AZURE_CREDENTIALS)['subscriptionId'] }}
	resourceGroupName: ${{ secrets.AZURE_RG }}
	template: ./.bicep/webapp/deployApprovalSystemAppService.bicep
	parameters: ./.bicep/webapp/${{ github.event.inputs.selected_environment }}-parameters.json
	failOnStdErr: false
	scope: resourcegroup

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy IAC Workflow [prod] #27

Workflow file

Deploy IAC Workflow [prod] #27

Jobs

Run details

Workflow file for this run