Move infrastructure to repo and set up pipelines (#13)

* Move infrastructure code to shifty, add pipeline

fix workflow call

fix dependency

fix dependency pt 2

Actually add environment

* Add CNAME and Custom Domain to Bicep

* Add target branch parameter to bicep

* Remove redundant shared module

* Use existing keyword on dns and resource group

* Move towards release-based workflow

.github/workflows/build.yml

@@ -1,11 +1,6 @@
-name: Build Webapp
+name: Build
 
 on:
-  pull_request:
-    branches: [develop, production]
-
-  workflow_dispatch:
-
   workflow_call:
     inputs:
       publish_artifacts:
@@ -14,30 +9,14 @@ on:
         default: false
 
 jobs:
-  build_test:
-    name: Build and test Webapp
-    runs-on: ubuntu-latest
+  shifty-build:
+    name: Build webapp
+    uses: ./.github/workflows/shifty-build.yml
+    with:
+      publish_artifacts: ${{ inputs.publish_artifacts }}
+    secrets: inherit
 
-    steps:
-      - name: Checkout codebase
-        uses: actions/checkout@v3
-      - name: Setup .NET
-        uses: actions/setup-dotnet@v3
-        with:
-          dotnet-version: 6.x
-      - name: Restore dependencies
-        run: dotnet restore .
-      - name: Build Shifty App
-        run: dotnet build . --no-restore /p:ContinuousIntegrationBuild=true --configuration Release
-      - name: Run tests
-        run: dotnet test . --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat=opencover
-      - name: Publish Shifty App
-        run: dotnet publish --no-restore --configuration Release --output publish
-      - name: Publish workflow artifact
-        if: ${{ inputs.publish_artifacts }}
-        uses: actions/upload-artifact@v3
-        with:
-          name: shifty
-          path: publish/wwwroot
-          retention-days: 1
-          if-no-files-found: error
+  infra-build:
+    name: Build infrastructure
+    uses: ./.github/workflows/infra-build.yml
+    secrets: inherit

.github/workflows/deploy-dev.yml

@@ -0,0 +1,13 @@
+name: Deploy to dev
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  dev-deploy:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      environment: dev

.github/workflows/deploy-prd.yml

@@ -0,0 +1,12 @@
+name: Deploy to prd
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  prd-deploy:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      environment: prd

.github/workflows/deploy.yml

@@ -1,29 +1,59 @@
-name: Deploy Webapp
+name: Deployment of Webapp
 
 on:
-  push:
-    branches: [develop, production]
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        required: true
+        description: "Target Environment. Can either be 'dev' or 'prd'"
 
 jobs:
-  buildtest:
+  build-all:
+    name: Build codebase
     uses: ./.github/workflows/build.yml
     with:
       publish_artifacts: true
     secrets: inherit
 
   deploy:
-    name: Deploy Webapp
-    runs-on: ubuntu-latest
-    needs: [buildtest]
+    needs: [build_all]
+    name: Azure Deployment
+    runs-on: ubuntu-22.04
     environment:
-      name: dev
+      name: ${{ inputs.environment }}
       url: ${{ vars.AZURE_STAPP_URL }}
+    concurrency:
+      group: ${{ inputs.environment }}
+      cancel-in-progress: false
 
     steps:
       - name: Download Artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: arm
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Deploy ARM template
+        uses: azure/arm-deploy@v1
+        with:
+          subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+          scope: subscription
+          region: "West Europe"
+          template: azuredeploy.json
+          parameters: "environment=${{ inputs.environment }}"
+          deploymentName: "azuredeploy-${{github.run_number}}"
+          failOnStdErr: true
+
+      - name: Download Shifty Artifact
         uses: actions/download-artifact@v3
         with:
           name: shifty
+
       - name: Deploy to Azure Web App
         id: webapp-deploy
         uses: Azure/static-web-apps-deploy@v1

.github/workflows/infra-build.yml

@@ -0,0 +1,28 @@
+name: Build ARM template
+
+on:
+  workflow_call:
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build ARM template
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build ARM template
+        uses: Azure/[email protected]
+        with:
+          bicepFilePath: infrastructure/azuredeploy.bicep
+          outputFilePath: azuredeploy.json
+
+      - name: Store ARM template
+        uses: actions/upload-artifact@v3
+        with:
+          name: arm
+          path: azuredeploy.json
+          retention-days: 1
+          if-no-files-found: error

.github/workflows/shifty-build.yml

@@ -0,0 +1,40 @@
+name: Build Webapp
+
+on:
+  workflow_dispatch:
+
+  workflow_call:
+    inputs:
+      publish_artifacts:
+        description: "Publish workflow artifacts"
+        type: boolean
+        default: false
+
+jobs:
+  build-test:
+    name: Build and test Webapp
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout codebase
+        uses: actions/checkout@v3
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: 6.x
+      - name: Restore dependencies
+        run: dotnet restore .
+      - name: Build Shifty App
+        run: dotnet build . --no-restore /p:ContinuousIntegrationBuild=true --configuration Release
+      - name: Run tests
+        run: dotnet test . --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat=opencover
+      - name: Publish Shifty App
+        run: dotnet publish --no-restore --configuration Release --output publish
+      - name: Publish workflow artifact
+        if: ${{ inputs.publish_artifacts }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: shifty
+          path: publish/wwwroot
+          retention-days: 1
+          if-no-files-found: error

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+  "yaml.schemas": {
+    "https://json.schemastore.org/github-workflow.json": "file:///c%3A/Users/andre/Projects/school/analogio/shifty-webapp/.github/workflows/deploy.yml"
+  }
+}

infrastructure/azuredeploy.bicep

@@ -0,0 +1,31 @@
+targetScope = 'subscription'
+
+@allowed([ 'dev', 'prd' ])
+param environment string
+
+var location = 'West Europe'
+
+var organizationPrefix = 'aio'
+var sharedResourcesAbbreviation = 'shr'
+var webAppResourcesAbbreviation = 'app'
+
+resource sharedRg 'Microsoft.Resources/resourceGroups@2022-09-01' existing = {
+  name: 'rg-${organizationPrefix}-${sharedResourcesAbbreviation}-${environment}'
+}
+
+resource shiftyRg 'Microsoft.Resources/resourceGroups@2022-09-01' = {
+  name: 'rg-${organizationPrefix}-${webAppResourcesAbbreviation}-shifty-${environment}'
+  location: location
+}
+
+module shiftywebapp 'shifty.bicep' = {
+  name: '${deployment().name}-app-shifty'
+  scope: shiftyRg
+  params: {
+    location: location
+    organizationPrefix: organizationPrefix
+    applicationPrefix: 'shifty'
+    environment: environment
+    sharedResourceGroupName: sharedRg.name
+  }
+}

infrastructure/bicepconfig.json

@@ -0,0 +1,43 @@
+{
+    "analyzers": {
+        "core": {
+            "enabled": true,
+            "verbose": false,
+            "rules": {
+                "adminusername-should-not-be-literal": {
+                    "level": "error"
+                },
+                "no-hardcoded-env-urls": {
+                    "level": "error"
+                },
+                "no-unnecessary-dependson": {
+                    "level": "error"
+                },
+                "no-unused-params": {
+                    "level": "error"
+                },
+                "no-unused-vars": {
+                    "level": "error"
+                },
+                "outputs-should-not-contain-secrets": {
+                    "level": "error"
+                },
+                "prefer-interpolation": {
+                    "level": "error"
+                },
+                "secure-parameter-default": {
+                    "level": "error"
+                },
+                "simplify-interpolation": {
+                    "level": "error"
+                },
+                "use-protectedsettings-for-commandtoexecute-secrets": {
+                    "level": "error"
+                },
+                "use-stable-vm-image": {
+                    "level": "error"
+                }
+            }
+        }
+    }
+}

infrastructure/modules/dns.bicep

@@ -0,0 +1,20 @@
+param environment string
+
+param webappAzureGeneratedFqdn string
+
+resource zone 'Microsoft.Network/dnsZones@2018-05-01' existing = {
+  name: '${environment}.analogio.dk'
+}
+
+resource cname 'Microsoft.Network/dnsZones/CNAME@2018-05-01' = {
+  name: 'shifty'
+  parent: zone
+  properties: {
+    TTL: 3600
+    CNAMERecord: {
+      cname: webappAzureGeneratedFqdn
+    }
+  }
+}
+
+output customDomainFqdn string = cname.properties.fqdn

infrastructure/shifty.bicep

@@ -0,0 +1,39 @@
+param location string = resourceGroup().location
+
+param environment string
+
+param organizationPrefix string
+param applicationPrefix string
+
+param sharedResourceGroupName string
+
+resource staticwebapp 'Microsoft.Web/staticSites@2022-03-01' = {
+  name: 'stapp-${organizationPrefix}-${applicationPrefix}-${environment}'
+  location: location
+  sku: {
+    name: 'Free'
+    tier: 'Free'
+  }
+  properties: {
+    allowConfigFileUpdates: false
+    repositoryUrl: 'https://github.com/AnalogIO/shifty-webapp'
+    branch: 'develop'
+    provider: 'GitHub'
+    stagingEnvironmentPolicy: 'Disabled'
+    enterpriseGradeCdnStatus: 'Disabled'
+  }
+}
+
+module dns 'modules/dns.bicep' = {
+  name: '${deployment().name}-dns'
+  scope: resourceGroup(sharedResourceGroupName)
+  params: {
+    environment: environment
+    webappAzureGeneratedFqdn: staticwebapp.properties.defaultHostname
+  }
+}
+
+resource staticwebappCustomDomain 'Microsoft.Web/staticSites/customDomains@2022-03-01' = {
+  name: 'shifty.${environment}.analogio.dk'
+  parent: staticwebapp
+}