try az app service action without publish secret

CDCgov · Oct 15, 2024 · 45a1c15 · 45a1c15
1 parent cb0f281
commit 45a1c15
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 11 deletions.
diff --git a/.github/actions/deploy-tf/action.yml b/.github/actions/deploy-tf/action.yml
@@ -2,10 +2,16 @@ name: Deploy Terraform
 description: Deploy needed resources with Terraform to individual environments.
 inputs:
   docker-tag:
-    description: The environment to deploy to
+    description: The environment to deploy to.
+    required: true
+  docker-registry-path:
+    description: Docker path in the registry.
+    required: true
+  docker-registry-url:
+    description: Docker registry url.
     required: true
   deploy-env:
-    description: The environment to deploy to
+    description: The environment to deploy to.
     required: true
   azure-resource-group:
     description: The Azure Resource Group for this environment.
@@ -19,6 +25,9 @@ inputs:
   azure-subscription-id:
     description: The Azure subscription_id for this environment.
     required: true
+  app-name:
+    description: The name of the application being deployed in Terraform.
+    required: true
   # terraform_arm_client_id:
   #   description: Terraform ARM client ID
   #   required: true
@@ -59,11 +68,17 @@ runs:
         RESOURCE_GROUP_NAME: ${{ inputs.azure-resource-group }}
         CLIENT_ID: ${{ inputs.azure-client-id }}
         DOCKER_TAG: ${{ inputs.docker-tag }}
+        DOCKER_REGISTRY_PATH: ${{ inputs.docker-registry-path }}
+        DOCKER_REGISTRY_URL: ${{ inputs.docker-registry-url }}
+        NAME: ${{ inputs.app-name }}
       run: |
         echo subscription_id=\""$SUBSCRIPTION_ID"\" >> terraform.tfvars
         echo resource_group_name=\""$RESOURCE_GROUP_NAME"\" >> terraform.tfvars
         echo client_id=\""$CLIENT_ID"\" >> terraform.tfvars
         echo docker_tag=\""$DOCKER_TAG"\" >> terraform.tfvars
+        echo docker_registry_path=\""DOCKER_REGISTRY_PATH"\" >> terraform.tfvars
+        echo docker_registry_url=\""$DOCKER_REGISTRY_URL"\" >> terraform.tfvars
+        echo name=\""$NAME"\" >> terraform.tfvars
         az config set defaults.group=$RESOURCE_GROUP_NAME
     - name: Set environment
       shell: bash
@@ -89,7 +104,7 @@ runs:
       #   ARM_TENANT_ID: ${{ inputs.terraform_arm_tenant_id }}
       shell: bash
       run: |
-        terraform init
+        terraform init -backend-config=config/$TF_ENV.config
         terraform workspace select -or-create $TF_ENV
         terraform plan -lock-timeout=30m
         terraform apply -auto-approve -lock-timeout=30m
diff --git a/.github/workflows/build-deploy-ocr.yml b/.github/workflows/build-deploy-ocr.yml
@@ -1,15 +1,17 @@
 name: Create, publish, deploy a OCR API image
 
 on:
-  workflow_dispatch:
-    inputs:
-        tag:
-            description: 'Version tag for new release'
-            required: true
+  push:
+    branches: reusable-gha-tf-deploy
+  # workflow_dispatch:
+  #   inputs:
+  #       tag:
+  #           description: 'Version tag for new release'
+  #           required: true
 
 env:
   REGISTRY: ghcr.io
-  VERSION: ${{ inputs.tag }}
+  VERSION: derek-dev-combine
 
 
 jobs:
@@ -51,6 +53,12 @@ jobs:
     needs: build-and-push-image
     environment: dev
     steps:
+      - uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
       - name: Lowercase the repo name
         run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
 
@@ -59,6 +67,5 @@ jobs:
         uses: azure/webapps-deploy@v3
         with:
           app-name: reportvision-ocr-api-dev
-          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
           images: '${{ env.REGISTRY }}/${{ env.REPO}}-ocr-api:${{ env.VERSION }}'
 
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
@@ -1,6 +1,8 @@
 name: Build and deploy all of ReportVision's services to a development environment
 
 on:
+  # push:
+  #   branches: reusable-gha-tf-deploy
   workflow_dispatch:
     inputs:
       deploy-env:
@@ -70,6 +72,9 @@ jobs:
         with:
           deploy-env: dev
           docker-tag: derek-dev-combine
+          docker-registry-path: "cdcgov/reportvision-ocr-api"
+          docker-registry-url: "https://ghcr.io"
           azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
           azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          app-name: reportvision