diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 4633054d..e33efeea 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -10,12 +10,6 @@ on: - main types: [opened, reopened, synchronize, labeled] -permissions: - contents: write - deployments: write - packages: write - pull-requests: write - env: TF_PATH: terraform/aks @@ -49,13 +43,16 @@ jobs: if: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy') }} needs: [build] runs-on: ubuntu-latest + permissions: + id-token: write + pull-requests: write environment: name: review url: ${{ steps.deploy_review.outputs.environment_url }} steps: - - name: Checkout - uses: actions/checkout@v4 + # - name: Checkout + # uses: actions/checkout@v4 - name: Deploy App to Review id: deploy_review @@ -63,11 +60,13 @@ jobs: with: azure-credentials: ${{ secrets.AZURE_CREDENTIALS_REVIEW }} environment: review - github-token: ${{ secrets.GITHUB_TOKEN }} + # github-token: ${{ secrets.GITHUB_TOKEN }} pr-number: ${{ github.event.pull_request.number }} sha: ${{ needs.build.outputs.docker-image-tag }} terraform-base: ${{ env.TF_PATH }} healthcheck: 'healthcheck/all' + gcp-wip: ${{ vars.GCP_WIP }} + gcp-project-id: ${{ vars.GCP_PROJECT_ID }} # db-seed: true # deploy-before-production: diff --git a/terraform/aks/config/review.yml b/terraform/aks/config/review.yml new file mode 100644 index 00000000..2e30ed25 --- /dev/null +++ b/terraform/aks/config/review.yml @@ -0,0 +1,2 @@ +--- +EXAMPLE_KEY: example.value.1 diff --git a/terraform/aks/output.tf b/terraform/aks/output.tf index 697fdd1f..4f29a3bd 100644 --- a/terraform/aks/output.tf +++ b/terraform/aks/output.tf @@ -1,13 +1,11 @@ output "url" { value = [ - module.web_application.url, module.web_application.url ] } output "external_urls" { value = [ - module.web_application.url, - module.web_application.url + "${local.external_url}" ] } diff --git a/terraform/aks/variables.tf b/terraform/aks/variables.tf index a3dca977..fc58194d 100644 --- a/terraform/aks/variables.tf +++ b/terraform/aks/variables.tf @@ -53,8 +53,12 @@ locals { infra_secrets = yamldecode(data.azurerm_key_vault_secret.infra_secrets.value) app_config = yamldecode(file(var.app_config_file))[var.environment] + environment_variables = yamldecode(file("${path.module}/config/${var.environment}.yml")) + external_url = try(local.environment_variables["EXTERNAL_URL"], module.web_application.url) + app_env_values = merge( local.app_config, + local.environment_variables, # sslmode not defined in database.yml? { DB_SSLMODE = local.postgres_ssl_mode } )