Preview Deployment #2387
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Preview Deployment | |
concurrency: ${{ github.ref }}_environment | |
on: | |
pull_request: | |
types: [ closed, synchronize ] | |
issue_comment: | |
types: [ created ] | |
permissions: | |
pull-requests: write | |
jobs: | |
has-deployment: | |
if: github.event.issue.pull_request || github.event_name == 'pull_request' | |
outputs: | |
has-swa: ${{ steps.has-swa.outputs.has-swa }} | |
has-wa: ${{ steps.has-wa.outputs.has-wa }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Azure Login | |
uses: Azure/[email protected] | |
with: | |
creds: '${{ secrets.AZURE_CREDENTIALS }}' | |
- name: Check if Webapp Environment exists | |
id: has-swa | |
run: > | |
az staticwebapp environment list --name kordis-spa | grep -q '"name": "pr${{ github.event.pull_request.number || github.event.issue.number }}"' | |
&& echo "has-swa=true" >> $GITHUB_OUTPUT | |
|| echo "has-swa=false" >> $GITHUB_OUTPUT | |
- name: Check if API Environment exists | |
id: has-wa | |
run: > | |
az webapp deployment slot list -n kordis-api --resource-group KORDIS | grep -q '"name": "pr${{ github.event.pull_request.number || github.event.issue.number }}"' | |
&& echo "has-wa=true" >> $GITHUB_OUTPUT | |
|| echo "has-wa=false" >> $GITHUB_OUTPUT | |
comment-handler: | |
if: | | |
(github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-preview')) && | |
(needs.has-deployment.outputs.has-swa == 'false' && needs.has-deployment.outputs.has-wa == 'false') | |
needs: has-deployment | |
runs-on: ubuntu-latest | |
outputs: | |
is-admin: ${{ steps.is-admin-check.outputs.require-result }} | |
steps: | |
- name: Check Permission | |
uses: actions-cool/check-user-permission@v2 | |
id: is-admin-check | |
with: | |
require: 'admin' | |
- name: Remove Comment | |
uses: actions/github-script@v6 | |
with: | |
script: 'github.rest.issues.deleteComment({ comment_id: context.payload.comment.id, owner: context.repo.owner, repo: context.repo.repo })' | |
deployment: | |
needs: comment-handler | |
runs-on: ubuntu-latest | |
if: | | |
(github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-preview')) && | |
(needs.comment-handler.outputs.is-admin == 'true') | |
permissions: | |
contents: read | |
packages: write | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: refs/pull/${{ github.event.issue.number }}/head | |
- name: Set PR SHA | |
id: set-pr-sha | |
run: | | |
head_sha=$(git rev-parse HEAD) | |
echo "::set-output name=head_sha::$head_sha" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: 'npm' | |
- run: npm ci --ignore-scripts | |
- name: Initial Deployment Preview Comment | |
uses: peter-evans/[email protected] | |
id: pr-preview-comment | |
with: | |
issue-number: ${{ github.event.issue.number }} | |
body: | | |
### 🚧 Building Deployment Preview.. | |
A preview of this Pull Request is being created. Hold tight while it's building ⚒️ | |
This comment will be automatically updated when the preview is ready. | |
- name: Azure DLRG HH Tenant Login | |
uses: Azure/[email protected] | |
with: | |
creds: '${{ secrets.AZURE_CREDENTIALS }}' | |
- name: Create PR Deployment Slot | |
run: | | |
az config set extension.use_dynamic_install=yes_without_prompt | |
az webapp deployment slot create --name kordis-api --resource-group KORDIS --configuration-source next --slot pr${{ github.event.issue.number }} | |
az webapp update --https-only true --name kordis-api --resource-group KORDIS --slot pr${{ github.event.issue.number }} | |
az webapp auth openid-connect add --provider-name aadb2c --client-id ${{ secrets.DEV_AADB2C_CLIENT_ID }} --client-secret-setting-name aadb2c_AUTHENTICATION_SECRET --openid-configuration ${{ secrets.DEV_AADB2C_CONF_URL }} --name kordis-api --slot pr${{ github.event.issue.number }} --resource-group KORDIS --yes | |
az webapp auth update --name kordis-api --slot pr${{ github.event.issue.number }} --resource-group KORDIS --action Return401 | |
- name: Build and Deploy API | |
id: api-deployment | |
uses: ./.github/actions/build-and-deploy-api | |
with: | |
slot: "pr${{ github.event.issue.number }}" | |
releaseVersion: ${{ steps.set-pr-sha.outputs.head_sha }} | |
sentryKey: ${{ secrets.API_SENTRY_KEY }} | |
sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
containerRegistryUrl: ghcr.io | |
containerRegistryUsername: ${{ github.actor }} | |
containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Deploy SPA | |
id: spa-deployment | |
uses: ./.github/actions/build-and-deploy-spa | |
with: | |
apiUrl: ${{ steps.api-deployment.outputs.url }} | |
oauthConfig: ${{ secrets.DEV_OAUTH_CONFIG }} | |
releaseVersion: ${{ steps.set-pr-sha.outputs.head_sha }} | |
deploymentEnv: "pr${{ github.event.issue.number }}" | |
publishToken: ${{ secrets.AZURE_STATIC_WEB_APP_TOKEN }} | |
sentryKey: ${{ secrets.SPA_SENTRY_KEY }} | |
sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
- name: Update PR Preview Comment | |
uses: peter-evans/[email protected] | |
with: | |
comment-id: ${{ steps.pr-preview-comment.outputs.comment-id }} | |
edit-mode: replace | |
body: | | |
### 🚀 Deployment Preview | |
SPA: ${{ steps.spa-deployment.outputs.url }} | |
API: ${{ steps.api-deployment.outputs.url }} | |
Commit SHA: ${{ steps.set-pr-sha.outputs.head_sha }} | |
reactions: "rocket" | |
- name: AZ B2C Tenant Login | |
uses: azure/[email protected] | |
with: | |
creds: '${{ secrets.AZURE_AADB2C_CREDENTIALS }}' | |
allow-no-subscriptions: true | |
enable-AzPSSession: true | |
- name: Add redirect URL to Azure AD tenant | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
$currentConfig = az ad app show --id ${{ secrets.AADB2C_DEV_APP_OBJ_ID }} | ConvertFrom-Json -AsHashtable | |
$currentConfig.spa.redirectUris += "${{ steps.spa-deployment.outputs.url }}" | |
$updatePayload = $currentConfig | Select-Object -Property spa | ConvertTo-Json -Compress | |
az rest --method PATCH --uri 'https://graph.microsoft.com/v1.0/applications/${{ secrets.AADB2C_DEV_APP_OBJ_ID }}' --headers 'Content-Type=application/json' --body $updatePayload | |
azPSVersion: "latest" | |
update-deployment: | |
needs: has-deployment | |
runs-on: ubuntu-latest | |
if: | | |
(github.event_name == 'pull_request' && github.event.action == 'synchronize') && | |
(needs.has-deployment.outputs.has-swa == 'true' || needs.has-deployment.outputs.has-wa == 'true') | |
permissions: | |
contents: read | |
packages: write | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: 'npm' | |
- run: npm ci --ignore-scripts | |
- name: Find PR Preview Comment | |
uses: peter-evans/find-comment@v2 | |
id: deploy-preview-comment | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: "github-actions[bot]" | |
body-includes: Deployment Preview | |
- name: Update PR Preview Comment | |
if: steps.deploy-preview-comment.outputs.comment-id != '' | |
uses: peter-evans/[email protected] | |
with: | |
comment-id: ${{ steps.deploy-preview-comment.outputs.comment-id }} | |
edit-mode: replace | |
body: | | |
### 🚧 Building Deployment Preview.. | |
The Pull Request preview is being updated. Hold tight while it's building ⚒️ | |
This comment will be automatically updated when the new version is ready. | |
- name: Azure Login | |
uses: Azure/[email protected] | |
with: | |
creds: '${{ secrets.AZURE_CREDENTIALS }}' | |
- name: Build and Deploy API | |
id: api-deployment | |
uses: ./.github/actions/build-and-deploy-api | |
with: | |
slot: "pr${{ github.event.pull_request.number }}" | |
releaseVersion: ${{ github.event.pull_request.head.sha }} | |
sentryKey: ${{ secrets.API_SENTRY_KEY }} | |
sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
containerRegistryUrl: ghcr.io | |
containerRegistryUsername: ${{ github.actor }} | |
containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Deploy SPA | |
id: spa-deployment | |
uses: ./.github/actions/build-and-deploy-spa | |
with: | |
apiUrl: ${{ steps.api-deployment.outputs.url }} | |
oauthConfig: ${{ secrets.DEV_OAUTH_CONFIG }} | |
releaseVersion: ${{ github.event.pull_request.head.sha }} | |
deploymentEnv: "pr${{ github.event.pull_request.number }}" | |
publishToken: ${{ secrets.AZURE_STATIC_WEB_APP_TOKEN }} | |
sentryKey: ${{ secrets.SPA_SENTRY_KEY }} | |
sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
- name: Update PR Preview Comment | |
uses: peter-evans/[email protected] | |
with: | |
comment-id: ${{ steps.deploy-preview-comment.outputs.comment-id }} | |
edit-mode: replace | |
body: | | |
### 🚀 Deployment Preview | |
SPA: ${{ steps.spa-deployment.outputs.url }} | |
API: ${{ steps.api-deployment.outputs.url }} | |
Commit SHA: ${{ github.event.pull_request.head.sha }} | |
reactions: "rocket" | |
delete-deployment: | |
needs: has-deployment | |
runs-on: ubuntu-latest | |
if: | | |
(github.event_name == 'pull_request' && github.event.action == 'closed') && | |
(needs.has-deployment.outputs.has-swa == 'true' || needs.has-deployment.outputs.has-wa == 'true') | |
steps: | |
- name: Azure Login | |
uses: Azure/[email protected] | |
with: | |
creds: '${{ secrets.AZURE_CREDENTIALS }}' | |
- name: Delete API Deployment and Resources | |
run: az webapp deployment slot delete --name kordis-api --resource-group KORDIS --slot pr${{ github.event.pull_request.number }} | |
- name: Delete SPA Deployment and Resources | |
run: az staticwebapp environment delete --name kordis-spa --resource-group KORDIS --environment-name pr${{ github.event.pull_request.number }} --yes | |
- name: Find PR Preview Comment | |
uses: peter-evans/find-comment@v2 | |
id: deploy-preview-comment | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: "github-actions[bot]" | |
body-includes: Deployment Preview | |
- name: Update PR Preview Comment | |
if: steps.deploy-preview-comment.outputs.comment-id != '' | |
uses: peter-evans/[email protected] | |
with: | |
comment-id: ${{ steps.deploy-preview-comment.outputs.comment-id }} | |
edit-mode: replace | |
body: | | |
### Deployment Preview | |
🏁 This PR has been closed. No deployment preview is available. | |
reactions: "hooray" | |
- name: AZ B2C Tenant Login | |
uses: azure/[email protected] | |
with: | |
creds: '${{ secrets.AZURE_AADB2C_CREDENTIALS }}' | |
allow-no-subscriptions: true | |
enable-AzPSSession: true | |
- name: Remove redirect URL from Azure AD tenant | |
uses: azure/powershell@v1 | |
with: | |
inlineScript: | | |
$currentConfig = az ad app show --id ${{ secrets.AADB2C_DEV_APP_OBJ_ID }} | ConvertFrom-Json -AsHashtable | |
$currentConfig.spa.redirectUris = $currentConfig.spa.redirectUris | Where-Object { $_ –ne "${{ steps.spa-deployment.outputs.url }}" } | |
$updatePayload = $currentConfig | Select-Object -Property spa | ConvertTo-Json -Compress | |
az rest --method PATCH --uri 'https://graph.microsoft.com/v1.0/applications/${{ secrets.AADB2C_DEV_APP_OBJ_ID }}' --headers 'Content-Type=application/json' --body $updatePayload | |
azPSVersion: "latest" |