Add imagePullSecrets to deployment templates and define sensitive GHC… #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Infrastructure To Azure | |
| on: | |
| push: | |
| branches: | |
| - 'apply/**' | |
| jobs: | |
| terraform: | |
| runs-on: ubuntu-latest | |
| if: contains(fromJson('["devsocket"]'), github.actor) | |
| env: | |
| TF_VAR_db_admin_password: ${{ secrets.DB_ADMIN_PASSWORD }} | |
| ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| TF_VAR_ghcr_username: ${{ secrets.GHCR_USERNAME }} | |
| TF_VAR_ghcr_pat: ${{ secrets.AKS_GHCR_PAT }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Parse environment from branch | |
| id: env | |
| run: | | |
| BRANCH_NAME="${GITHUB_REF#refs/heads/}" | |
| ENV_NAME="${BRANCH_NAME#apply/}" | |
| echo "env_name=$ENV_NAME" >> "$GITHUB_OUTPUT" | |
| - name: Azure Login | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| # client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| # tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Show current subscription | |
| run: az account show --output json | |
| - name: Register Microsoft.Storage provider | |
| run: | | |
| az provider register --namespace Microsoft.Storage | |
| - name: Povision backend resources | |
| run: | | |
| az group create --name "ecommerce-qa-rg" --location "centralus" || true | |
| az storage account create --name "qatfstateaccount" --resource-group "ecommerce-qa-rg" --location "centralus" --sku Standard_LRS || true | |
| az storage container create --name "qatfstate" --account-name "qatfstateaccount" || true | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| - name: Terraform Init | |
| run: terraform init -reconfigure | |
| working-directory: terraform/environments/${{ steps.env.outputs.env_name }} | |
| - name: Terraform Plan | |
| run: terraform plan -var-file="terraform.tfvars" | |
| working-directory: terraform/environments/${{ steps.env.outputs.env_name }} | |
| - name: Terraform Apply | |
| run: terraform apply -auto-approve -var-file="terraform.tfvars" | |
| working-directory: terraform/environments/${{ steps.env.outputs.env_name }} | |
| - name: Delete apply branch | |
| if: startsWith(github.ref, 'refs/heads/apply/') | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| BRANCH_NAME="${GITHUB_REF#refs/heads/}" | |
| echo "Deleting branch: $BRANCH_NAME" | |
| gh api \ | |
| -X DELETE \ | |
| /repos/${{ github.repository }}/git/refs/heads/$BRANCH_NAME |