HfEYP App Deploy [Azure - PROD] #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'HfEYP App Deploy [Azure - PROD]' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Create release version ("vx.x.x")' | |
| type: string | |
| required: true | |
| ref: | |
| description: 'Release candidate to deploy ("rcx.x.x")' | |
| type: string | |
| required: true | |
| push: | |
| tags: | |
| - v* | |
| # Permissions for OIDC authentication | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| DOCKER_IMAGE: ghcr.io/dfe-digital/help-for-early-years-providers | |
| RELEASE_VERSION: ${{ inputs.version || github.sha }} | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Check tag format | |
| run: | | |
| echo ${{ inputs.ref }} | grep -E '^rc[0-9]+\.[0-9]+\.[0-9]+$' | |
| # Checkout the repository to the GitHub Actions runner | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref || github.ref_name }} | |
| # Tag the branch with the release version | |
| - name: Tag Version | |
| if: ${{ inputs.version }} | |
| run: | | |
| git tag --force ${{ inputs.version }} | |
| git push --force origin refs/tags/${{ inputs.version }} | |
| echo "HEAD=$(git rev-parse ${{ inputs.version }})" >> $GITHUB_ENV | |
| # Create and boot Docker image builder | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| version: v0.9.1 | |
| # Login to the container registry | |
| - name: Login to Github Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Build and push image | |
| - name: Build and push Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| target: app | |
| context: . | |
| push: true | |
| build-args: | | |
| BUILDKIT_INLINE_CACHE=1 | |
| SHA=${{ github.sha }} | |
| cache-from: | | |
| ${{ env.DOCKER_IMAGE }}:${{ github.sha }} | |
| ${{ env.DOCKER_IMAGE }}:${{ inputs.ref || github.ref_name }} | |
| tags: | | |
| ${{ env.DOCKER_IMAGE }}:${{ github.sha }} | |
| ${{ env.DOCKER_IMAGE }}:${{ inputs.version || github.ref_name }} | |
| # Login to Azure using OIDC | |
| - name: Login to Azure CLI | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Deploy Web Application | |
| - name: Deploy to Azure App Services | |
| uses: azure/webapps-deploy@v3 | |
| with: | |
| app-name: ${{ vars.WEBAPP_NAME }} | |
| images: ${{ env.DOCKER_IMAGE }}:${{ inputs.version || github.ref_name }} | |
| slot-name: ${{ vars.WEBAPP_DEPLOY_SLOT }} |