[DEVOPS-263] Add ephemeral deployments workflow

.github/workflows/ephemeral-deploy.yaml

@@ -0,0 +1,227 @@
+name: Ephemeral Deployment
+
+on:
+ workflow_call:
+ inputs:
+ environment:
+ required: true
+ type: string
+ description: "Deploy Environment. This is used to pull in and set the github environment. Can be development, staging, or production."
+ environmentKeyVault:
+ required: false
+ type: string
+ description: "AKS Key vault."
+ repositoryName:
+ required: false
+ type: string
+ description: "GitHub Repository Name."
+ default: "${{ github.event.repository.name }}"
+ clusterResourceGroup:
+ required: false
+ type: string
+ description: "Azure Resource Group."
+ default: "AMU_EphemeralDeployments_RG"
+ dockerFilePath:
+ required: false
+ type: string
+ description: "Relative path to Dockerfile."
+ default: "."
+ dockerImageName:
+ required: false
+ type: string
+ description: "Docker image name."
+ default: "${{ github.event.repository.name }}"
+ azureResourceLocation:
+ required: false
+ type: string
+ description: "Location of resources in Azure"
+ default: "centralus"
+ secrets:
+ azureCredentials:
+ required: true
+ registryHostName:
+ required: true
+ registryUserName:
+ required: true
+ registryPassword:
+ required: true
+ githubPAT:
+ required: true
+
+env:
+ githubPrBranch: ${{ github.head_ref }}
+ githubPrTitle: ${{ github.event.pull_request.title }}
+ githubPrDescription: ${{ github.event.pull_request.body }}
+
+jobs:
+ prepare:
+ name: Preparation Step
+ if: ${{ github.event.action == 'labeled' && github.event.label.name == 'ephemeral-deployment' || github.event_name == 'pull_request' && github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'ephemeral-deployment') }}
+ runs-on: ubuntu-latest
+ steps:
+ - name: Retrieve Jira ticket ID
+ id: jira-ticket
+ run: |
+ PR_BRANCH=$(echo "${{ env.githubPrBranch }}" | grep -Eo "\b[A-Z][A-Z0-9_]+-[1-9][0-9]*")
+ PR_TITLE=$(echo "${{ env.githubPrTitle }}" | grep -Eo "\b[A-Z][A-Z0-9_]+-[1-9][0-9]*")
+ PR_DESC=$(echo "${{ env.githubPrDescription }}" | grep -Eo "\b[A-Z][A-Z0-9_]+-[1-9][0-9]*")
+
+ for var in ${PR_BRANCH} ${PR_TITLE} ${PR_DESC}; do JIRA_TICKET_ID=$(echo $var | grep -E ".") && break ; done
+ JIRA_TICKET_ID_LC=$(echo "${JIRA_TICKET_ID}" | tr '[:upper:]' '[:lower:]')
+
+ echo "jiraTicketIdLc=${JIRA_TICKET_ID_LC}" >> $GITHUB_OUTPUT
+ echo "jiraTicketId=${JIRA_TICKET_ID}" >> $GITHUB_OUTPUT
+
+ - name: Fix repository name
+ id: repository-name
+ run: |
+ REPOSITORY_NAME=$(echo "${{ inputs.repositoryName }}" | tr '[:upper:]' '[:lower:]' | tr "_" "-")
+
+ echo "repositoryName=${REPOSITORY_NAME}" >> $GITHUB_OUTPUT
+ outputs:
+ jiraTicketId: ${{ steps.jira-ticket.outputs.jiraTicketId }}
+ jiraTicketIdLc: ${{ steps.jira-ticket.outputs.jiraTicketIdLc }}
+ repositoryName: ${{ steps.repository-name.outputs.repositoryName }}
+
+ deploy:
+ name: Deploy Azure Container Instance
+ if: ${{ github.event.action == 'labeled' && github.event.label.name == 'ephemeral-deployment' || github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'ephemeral-deployment') }}
+ needs: [prepare]
+ runs-on: ubuntu-latest
+ environment:
+ name: ${{ needs.prepare.outputs.jiraTicketId }}
+ url: ${{ steps.hostname.outputs.hostname }}
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Generate .env file from Azure Key Vaults
+ uses: Andrews-McMeel-Universal/get-envs@v1
+ with:
+ environment: ${{ inputs.environment }}
+ azurecredentials: ${{ secrets.azureCredentials }}
+ environmentKeyVault: ${{ inputs.environmentKeyVault }}
+
+ - name: Set environment variables
+ id: env-vars
+ shell: bash
+ run: |
+ ENVIRONMENT_VARIABLES=$(tr "\n" " " < .env)
+ TARGET_PORT=$(find . -iname "values.yaml" -exec grep "targetPort: " {} \; | awk -F ': ' '{print $2}' | uniq)
+
+ echo "targetPort=${TARGET_PORT}" >> $GITHUB_OUTPUT
+ echo "environmentVariables=${ENVIRONMENT_VARIABLES}" >> $GITHUB_OUTPUT
+
+ - name: Generate build args from Azure Key Vaults
+ shell: bash
+ run: |
+ ENVIRONMENT="${{ inputs.environment }}"
+ REPOSITORY_NAME="${{ inputs.repositoryName }}"
+ ENV_KEYVAULT_NAME="${{ inputs.environmentKeyVault }}"
+ BUILDARG_PREDICATE="--build-arg"
+
+ # Check if searching for key vaults by repository name or otherwise, if key vault name argument is given
+ if [ -z "${ENV_KEYVAULT_NAME}" ]; then
+ # Search for key vault using tags
+ KEYVAULT_NAME=$(az keyvault list --query "[?tags.\"repository-name\" == '${REPOSITORY_NAME}' && tags.environment == '${ENVIRONMENT}'].name" --output tsv)
+ else
+ KEYVAULT_NAME="${ENV_KEYVAULT_NAME}"
+ fi
+
+ # Get key vault object
+ KEYVAULT=$(az keyvault list --query "[?name == '${KEYVAULT_NAME}']" )
+
+ # Check if key vault exists
+ if ! echo "${KEYVAULT}" | grep -Eq "\w"; then
+ echo -e "${RED}Invalid value provided for 'KeyVaultName'. Please confirm a Key Vault exists under the name specified. Value provided: ${KEYVAULT_NAME}"
+ exit 1
+ fi
+ KEYVAULT_NAME="${KEYVAULT_NAME// /}"
+
+ # Set secrets list
+ SECRETS=$(az keyvault secret list --vault-name "${KEYVAULT_NAME}" --query "[?contentType == 'BuildArg Env' || contentType == 'BuildArg'].name" --output tsv)
+
+ # Loop through secrets and add them to .env
+ if echo "${SECRETS}" | grep -Eq "\w"; then
+ while IFS= read -r SECRET; do
+ # Convert to upper case snake case and remove quotes
+ SECRET_NAME=$(echo "${SECRET}" | tr '[:upper:][:lower:]' '[:lower:][:upper:]' | tr "-" "_" | tr -d '"')
+
+ # Get secret value and set it to the secret name
+ SECRET_VALUE=$(az keyvault secret show --vault-name "${KEYVAULT_NAME}" -n "${SECRET}" --query "value" --output tsv)
+
+ # Add secret to file
+ BUILDARGS="${BUILDARGS} ${BUILDARG_PREDICATE} ${SECRET_NAME}=${SECRET_VALUE}"
+ done < <(echo "${SECRETS[*]}")
+ fi
+ echo "buildArguments=${BUILDARGS}" >> $GITHUB_ENV
+
+ - name: Login to Azure Container Registry
+ uses: Azure/docker-login@v1
+ with:
+ login-server: ${{ secrets.registryHostName }}
+ username: ${{ secrets.registryUserName }}
+ password: ${{ secrets.registryPassword }}
+
+ - name: Build & Push Docker Image
+ id: docker
+ run: |
+ docker build ${{ inputs.dockerFilePath }} ${{ env.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}"
+ docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}"
+
+ - name: Deploy Azure Container App
+ uses: azure/container-apps-deploy-action@v1
+ with:
+ registryUrl: ${{ secrets.registryHostName }}
+ registryUsername: ${{ secrets.registryUserName }}
+ registryPassword: ${{ secrets.registryPassword }}
+ imageToDeploy: ${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}
+ containerAppName: ${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}
+ resourceGroup: ${{ inputs.clusterResourceGroup }}
+ targetPort: ${{ steps.env-vars.outputs.targetPort }}
+ location: ${{ inputs.azureResourceLocation }}
+ environmentVariables: ${{ steps.env-vars.outputs.environmentVariables }}
+ ingress: external
+ disableTelemetry: true
+
+ - name: Get Container App Hostname
+ id: hostname
+ run: |
+ HOSTNAME=$(az containerapp list --query "[?name == '${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}'].properties.configuration.ingress.fqdn" -o tsv)
+ echo "hostname=https://${HOSTNAME}" >> $GITHUB_OUTPUT
+
+ - name: Update Next URL variables
+ if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL')
+ run: |
+ REPOSITORY_NAME=$(echo "${{ github.event.repository.name }}" | awk -F '_' '{print $1}' | tr -d "-")
+ HOSTNAME="${{ steps.hostname.outputs.hostname }}"
+ URL_VARS=""
+ while IFS= read -r line; do
+ var=$(echo "$line" | awk -F '=' '{print $1}' | sed "s|$|=${HOSTNAME}|g")
+ URL_VARS+="$var "
+ done < <(grep -E "localhost|${REPOSITORY_NAME}.com" .env)
+
+ az containerapp update -n "${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}" -g "${{ inputs.clusterResourceGroup }}" --set-env-vars "${URL_VARS}"
+
+ destroy:
+ name: Destroy Azure Container Instance
+ if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' }}
+ needs: [prepare]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Login via Az module
+ uses: azure/login@v1
+ with:
+ creds: "${{ secrets.azureCredentials }}"
+
+ - name: Delete Azure Resources
+ run: |
+ az containerapp delete --resource-group ${{ inputs.clusterResourceGroup }} --name ${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }} --yes
+ az acr repository delete -n ${{ secrets.registryHostName }} --image ${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }} --yes
+
+ - name: Delete deployment environment
+ uses: strumwolf/delete-deployment-environment@v2
+ with:
+ token: ${{ secrets.githubPAT }}
+ environment: ${{ needs.prepare.outputs.jiraTicketId }}
+ ref: ${{ github.ref_name }}