Update dependency NetEscapades.AspNetCore.SecurityHeaders to v0.21.0 #719
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to environment | |
on: | |
pull_request: | |
branches: [ main, '**-feature' ] | |
types: [ opened, synchronize, reopened] | |
push: | |
branches: [ main ] | |
workflow_dispatch: | |
inputs: | |
environment: | |
type: environment | |
description: "Choose an environment to deploy to" | |
required: true | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.inputs.environment }} | |
env: | |
DOCKER_IMAGE: fiat-app | |
jobs: | |
set-env: | |
name: Determine environment | |
runs-on: ubuntu-22.04 | |
outputs: | |
environment: ${{ steps.var.outputs.environment }} | |
branch: ${{ steps.var.outputs.branch }} | |
release: ${{ steps.var.outputs.release }} | |
sha: ${{ steps.var.outputs.sha }} | |
steps: | |
- id: var | |
run: | | |
GIT_REF=${{ github.ref }} | |
GIT_BRANCH=${GIT_REF##*/} | |
INPUT=${{ github.event.inputs.environment }} | |
ENVIRONMENT=${INPUT:-"development"} | |
RELEASE=${ENVIRONMENT,,}-`date +%Y-%m-%d`.${{ github.run_number }} | |
echo "environment=${ENVIRONMENT,,}" >> $GITHUB_OUTPUT | |
echo "branch=$GIT_BRANCH" >> $GITHUB_OUTPUT | |
echo "release=${RELEASE}" >> $GITHUB_OUTPUT | |
echo "sha=${GITHUB_SHA}" >> $GITHUB_OUTPUT | |
build-and-push-image: | |
name: Build and push to ACR | |
needs: set-env | |
runs-on: ubuntu-22.04 | |
environment: ${{ needs.set-env.outputs.environment }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Azure Container Registry login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.AZURE_ACR_CLIENTID }} | |
password: ${{ secrets.AZURE_ACR_SECRET }} | |
registry: ${{ secrets.AZURE_ACR_URL }} | |
- name: Build and push docker image | |
uses: docker/build-push-action@v5 | |
with: | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
context: . | |
file: docker/Dockerfile | |
tags: | | |
${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.branch }} | |
${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.sha }} | |
${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:latest | |
push: true | |
# Temp fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
- name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
deploy-image: | |
name: Deploy to ${{ needs.set-env.outputs.environment }} (${{ needs.set-env.outputs.sha }}) | |
needs: [ build-and-push-image, set-env ] | |
runs-on: ubuntu-22.04 | |
environment: ${{ needs.set-env.outputs.environment }} | |
steps: | |
- name: Azure login with ACA credentials | |
uses: azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_ACA_CREDENTIALS }} | |
- name: Update Azure Container Apps Revision | |
uses: azure/CLI@v1 | |
id: azure | |
with: | |
azcliversion: 2.50.0 | |
inlineScript: | | |
az config set extension.use_dynamic_install=yes_without_prompt | |
az containerapp update \ | |
--name ${{ secrets.AZURE_ACA_NAME }} \ | |
--resource-group ${{ secrets.AZURE_ACA_RESOURCE_GROUP }} \ | |
--image ${{ secrets.AZURE_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.sha }} \ | |
--output none | |
###### DISABLED UNTIL TEST USER CAN BE USED IN GITHUB WORKFLOWS ###### | |
# run-deployment-tests: | |
# name: Run deployment tests | |
# uses: ./.github/workflows/test-deployment.yml | |
# needs: [ deploy-image, set-env ] | |
# with: | |
# environment: ${{ needs.set-env.outputs.environment }} | |
# branch-name: ${{ needs.set-env.outputs.branch }} | |
# secrets: inherit | |
# run-integration-tests: | |
# name: Run integration tests | |
# uses: ./.github/workflows/test-integration.yml | |
# needs: [ deploy-image, set-env ] | |
# if: ${{ needs.set-env.outputs.environment == 'development' || needs.set-env.outputs.environment == 'test' }} | |
# with: | |
# environment: ${{ needs.set-env.outputs.environment }} | |
# branch-name: ${{ needs.set-env.outputs.branch }} | |
# secrets: inherit |