From 814e044ea7e87589c7609fc0b41bba176305af18 Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Tue, 10 Oct 2023 11:13:52 -0500 Subject: [PATCH 1/7] [DEVOPS-263] Rebuild Next.js apps with URLs --- .github/workflows/ephemeral-deploy.yaml | 59 ++++++++++++++++++------- 1 file changed, 44 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml index 7f12b6d6..f5333c1c 100644 --- a/.github/workflows/ephemeral-deploy.yaml +++ b/.github/workflows/ephemeral-deploy.yaml @@ -75,9 +75,9 @@ jobs: - name: Fix repository name id: repository-name run: | - REPOSITORY_NAME=$(echo "${{ inputs.repositoryName }}" | tr '[:upper:]' '[:lower:]' | tr "_" "-") - - echo "repositoryName=${REPOSITORY_NAME}" >> $GITHUB_OUTPUT + REPOSITORY_NAME="${{ inputs.repositoryName }}" + REPO_NAME_SHORT=$(echo "${REPOSITORY_NAME:0:21}" | tr '[:upper:]' '[:lower:]' | tr "_" "-") + echo "repositoryName=${REPO_NAME_SHORT}" >> $GITHUB_OUTPUT outputs: jiraTicketId: ${{ steps.jira-ticket.outputs.jiraTicketId }} jiraTicketIdLc: ${{ steps.jira-ticket.outputs.jiraTicketIdLc }} @@ -113,12 +113,11 @@ jobs: echo "environmentVariables=${ENVIRONMENT_VARIABLES}" >> $GITHUB_OUTPUT - name: Generate build args from Azure Key Vaults - shell: bash + id: build-args run: | ENVIRONMENT="${{ inputs.environment }}" REPOSITORY_NAME="${{ inputs.repositoryName }}" ENV_KEYVAULT_NAME="${{ inputs.environmentKeyVault }}" - BUILDARG_PREDICATE="--build-arg" # Check if searching for key vaults by repository name or otherwise, if key vault name argument is given if [ -z "${ENV_KEYVAULT_NAME}" ]; then @@ -151,10 +150,10 @@ jobs: SECRET_VALUE=$(az keyvault secret show --vault-name "${KEYVAULT_NAME}" -n "${SECRET}" --query "value" --output tsv) # Add secret to file - BUILDARGS="${BUILDARGS} ${BUILDARG_PREDICATE} ${SECRET_NAME}=${SECRET_VALUE}" + BUILDARGS="${BUILDARGS} --build-arg ${SECRET_NAME}=${SECRET_VALUE}" done < <(echo "${SECRETS[*]}") fi - echo "buildArguments=${BUILDARGS}" >> $GITHUB_ENV + echo "buildArguments=${BUILDARGS}" >> $GITHUB_OUTPUT - name: Login to Azure Container Registry uses: Azure/docker-login@v1 @@ -166,7 +165,7 @@ jobs: - name: Build & Push Docker Image id: docker run: | - docker build ${{ inputs.dockerFilePath }} ${{ env.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}" + docker build ${{ inputs.dockerFilePath }} ${{ steps.build-args.outputs.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}" docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}" - name: Deploy Azure Container App @@ -191,17 +190,47 @@ jobs: echo "hostname=https://${HOSTNAME}" >> $GITHUB_OUTPUT - name: Update Next URL variables + id: next-vars if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') run: | - REPOSITORY_NAME=$(echo "${{ github.event.repository.name }}" | awk -F '_' '{print $1}' | tr -d "-") + REPOSITORY_NAME=$(echo "${{ github.event.repository.name }}" | awk -F '_' '{print $1} ' | tr -d "-") HOSTNAME="${{ steps.hostname.outputs.hostname }}" - URL_VARS="" - while IFS= read -r line; do - var=$(echo "$line" | awk -F '=' '{print $1}' | sed "s|$|=${HOSTNAME}|g") - URL_VARS+="$var " - done < <(grep -E "localhost|${REPOSITORY_NAME}.com" .env) + ENVIRONMENT_VARIABLES="" + BUILDARGS="" + + while IFS= read -r VAR; do + if echo "${VAR}" | grep -Eq "localhost|${REPOSITORY_NAME}.com";then + VAR=$(echo "${VAR}" | awk -F '=' '{print $1}' | sed "s|$|=${HOSTNAME}|g") + fi + ENVIRONMENT_VARIABLES+="${VAR} " + BUILDARGS="${BUILDARGS} --build-arg ${VAR}" + done < <(cat .env) - az containerapp update -n "${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}" -g "${{ inputs.clusterResourceGroup }}" --set-env-vars "${URL_VARS}" + echo "environmentVariables=${ENVIRONMENT_VARIABLES}" >> $GITHUB_OUTPUT + echo "buildArguments=${BUILDARGS}" >> $GITHUB_OUTPUT + + - name: Build & Push Docker Image + if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') + id: docker-next + run: | + docker build ${{ inputs.dockerFilePath }} ${{ steps.next-vars.outputs.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}" + docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}" + + - name: Deploy Azure Container App + if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') + uses: azure/container-apps-deploy-action@v1 + with: + registryUrl: ${{ secrets.registryHostName }} + registryUsername: ${{ secrets.registryUserName }} + registryPassword: ${{ secrets.registryPassword }} + imageToDeploy: ${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }} + containerAppName: ${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }} + resourceGroup: ${{ inputs.clusterResourceGroup }} + targetPort: ${{ steps.env-vars.outputs.targetPort }} + location: ${{ inputs.azureResourceLocation }} + environmentVariables: ${{ steps.next-vars.outputs.environmentVariables }} + ingress: external + disableTelemetry: true destroy: name: Destroy Azure Container Instance From 2a6f896d408ad7cd6c966548df2a9351c487c683 Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Tue, 10 Oct 2023 11:22:19 -0500 Subject: [PATCH 2/7] Update Next.js step names --- .github/workflows/ephemeral-deploy.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml index f5333c1c..5a12a590 100644 --- a/.github/workflows/ephemeral-deploy.yaml +++ b/.github/workflows/ephemeral-deploy.yaml @@ -163,7 +163,6 @@ jobs: password: ${{ secrets.registryPassword }} - name: Build & Push Docker Image - id: docker run: | docker build ${{ inputs.dockerFilePath }} ${{ steps.build-args.outputs.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}" docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}" @@ -209,14 +208,13 @@ jobs: echo "environmentVariables=${ENVIRONMENT_VARIABLES}" >> $GITHUB_OUTPUT echo "buildArguments=${BUILDARGS}" >> $GITHUB_OUTPUT - - name: Build & Push Docker Image + - name: Build & Push Docker Image with updated Next.js variables if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') - id: docker-next run: | docker build ${{ inputs.dockerFilePath }} ${{ steps.next-vars.outputs.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}" docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}" - - name: Deploy Azure Container App + - name: Deploy Azure Container App with updated Next.js variables if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') uses: azure/container-apps-deploy-action@v1 with: From ede14e1cca2621818238674aaeb4eb32ad420a9f Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Tue, 10 Oct 2023 12:09:11 -0500 Subject: [PATCH 3/7] Fix random space in next-vars --- .github/workflows/ephemeral-deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml index 5a12a590..65fa4463 100644 --- a/.github/workflows/ephemeral-deploy.yaml +++ b/.github/workflows/ephemeral-deploy.yaml @@ -192,7 +192,7 @@ jobs: id: next-vars if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') run: | - REPOSITORY_NAME=$(echo "${{ github.event.repository.name }}" | awk -F '_' '{print $1} ' | tr -d "-") + REPOSITORY_NAME=$(echo "${{ github.event.repository.name }}" | awk -F '_' '{print $1}' | tr -d "-") HOSTNAME="${{ steps.hostname.outputs.hostname }}" ENVIRONMENT_VARIABLES="" BUILDARGS="" From 2ae9a21b49b7678f95fcdceb6ab4da4f439f0d66 Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Wed, 11 Oct 2023 14:53:51 -0500 Subject: [PATCH 4/7] Add step to add b2c redirect URI --- .github/workflows/ephemeral-deploy.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml index 65fa4463..26e78a57 100644 --- a/.github/workflows/ephemeral-deploy.yaml +++ b/.github/workflows/ephemeral-deploy.yaml @@ -188,6 +188,14 @@ jobs: HOSTNAME=$(az containerapp list --query "[?name == '${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}'].properties.configuration.ingress.fqdn" -o tsv) echo "hostname=https://${HOSTNAME}" >> $GITHUB_OUTPUT + - name: Add B2C Redirect URI + if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') + run: | + az login --service-principal --username "${{ env.B2C_CLIENT_ID }}" --password "${{ env.B2C_CLIENT_SECRET }}" --tenant "${{ env.B2C_TENANT_NAME }}.onmicrosoft.com" --allow-no-subscriptions + REDIRECT_URIS=() + IFS=' ' read -ra REDIRECT_URIS <<< "$(echo $(az ad app list --query "[?appId == '${{ env.B2C_CLIENT_ID }}'].web.redirectUris" -o tsv | tr "\t" " ") "${{ steps.hostname.outputs.hostname }}/api/auth/callback/azureb2c" | tr ' ' '\n' | sort -u | tr '\n' ' ')" + az ad app update --id "${{ env.B2C_CLIENT_ID }}" --web-redirect-uris "${REDIRECT_URIS[@]}" + - name: Update Next URL variables id: next-vars if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') From 5c12fabeacbb92d87230c34fdb7b000193de50ea Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Wed, 11 Oct 2023 15:14:45 -0500 Subject: [PATCH 5/7] Add login step before redeploy and added B2C redirect URI teardown --- .github/workflows/ephemeral-deploy.yaml | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml index 26e78a57..5ca12821 100644 --- a/.github/workflows/ephemeral-deploy.yaml +++ b/.github/workflows/ephemeral-deploy.yaml @@ -222,6 +222,12 @@ jobs: docker build ${{ inputs.dockerFilePath }} ${{ steps.next-vars.outputs.buildArguments }} -t "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }}" docker push -a "${{ secrets.registryHostName }}/${{ inputs.dockerImageName }}" + - name: Login via Az module + if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') + uses: azure/login@v1 + with: + creds: "${{ secrets.azureCredentials }}" + - name: Deploy Azure Container App with updated Next.js variables if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') uses: azure/container-apps-deploy-action@v1 @@ -254,6 +260,31 @@ jobs: az containerapp delete --resource-group ${{ inputs.clusterResourceGroup }} --name ${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }} --yes az acr repository delete -n ${{ secrets.registryHostName }} --image ${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }} --yes + - name: Generate .env file from Azure Key Vaults + uses: Andrews-McMeel-Universal/get-envs@v1 + with: + environment: ${{ inputs.environment }} + azurecredentials: ${{ secrets.azureCredentials }} + environmentKeyVault: ${{ inputs.environmentKeyVault }} + + - name: Set environment variables + id: env-vars + shell: bash + run: | + ENVIRONMENT_VARIABLES=$(tr "\n" " " < .env) + TARGET_PORT=$(find . -iname "values.yaml" -exec grep "targetPort: " {} \; | awk -F ': ' '{print $2}' | uniq) + + echo "targetPort=${TARGET_PORT}" >> $GITHUB_OUTPUT + echo "environmentVariables=${ENVIRONMENT_VARIABLES}" >> $GITHUB_OUTPUT + + - name: Remove Azure B2C Redirect URI + if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') + run: | + az login --service-principal --username "${{ env.B2C_CLIENT_ID }}" --password "${{ env.B2C_CLIENT_SECRET }}" --tenant "${{ env.B2C_TENANT_NAME }}.onmicrosoft.com" --allow-no-subscriptions + REDIRECT_URIS=() + IFS=' ' read -ra REDIRECT_URIS <<< "$(echo $(az ad app list --query "[?appId == '${{ env.B2C_CLIENT_ID }}'].web.redirectUris" -o tsv | tr "\t" " ") | sed 's|https://[^ ]*azurecontainerapps.io/api/auth/callback/azureb2c*[^ ] ||g') + az ad app update --id "${{ env.B2C_CLIENT_ID }}" --web-redirect-uris "${REDIRECT_URIS[@]}" + - name: Delete deployment environment uses: strumwolf/delete-deployment-environment@v2 with: From f055cb8f34ef0e24b6222a290ed167ac0e0755f9 Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Wed, 11 Oct 2023 15:39:34 -0500 Subject: [PATCH 6/7] simplify tear down steps --- .github/workflows/ephemeral-deploy.yaml | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml index 5ca12821..6b0753d9 100644 --- a/.github/workflows/ephemeral-deploy.yaml +++ b/.github/workflows/ephemeral-deploy.yaml @@ -250,16 +250,6 @@ jobs: needs: [prepare] runs-on: ubuntu-latest steps: - - name: Login via Az module - uses: azure/login@v1 - with: - creds: "${{ secrets.azureCredentials }}" - - - name: Delete Azure Resources - run: | - az containerapp delete --resource-group ${{ inputs.clusterResourceGroup }} --name ${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }} --yes - az acr repository delete -n ${{ secrets.registryHostName }} --image ${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }} --yes - - name: Generate .env file from Azure Key Vaults uses: Andrews-McMeel-Universal/get-envs@v1 with: @@ -267,18 +257,13 @@ jobs: azurecredentials: ${{ secrets.azureCredentials }} environmentKeyVault: ${{ inputs.environmentKeyVault }} - - name: Set environment variables - id: env-vars - shell: bash + - name: Delete Azure Resources run: | - ENVIRONMENT_VARIABLES=$(tr "\n" " " < .env) - TARGET_PORT=$(find . -iname "values.yaml" -exec grep "targetPort: " {} \; | awk -F ': ' '{print $2}' | uniq) - - echo "targetPort=${TARGET_PORT}" >> $GITHUB_OUTPUT - echo "environmentVariables=${ENVIRONMENT_VARIABLES}" >> $GITHUB_OUTPUT + az containerapp delete --resource-group ${{ inputs.clusterResourceGroup }} --name ${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }} --yes + az acr repository delete -n ${{ secrets.registryHostName }} --image ${{ inputs.dockerImageName }}:${{ needs.prepare.outputs.jiraTicketId }} --yes - name: Remove Azure B2C Redirect URI - if: contains(steps.env-vars.outputs.environmentVariables, 'BASE_URL') + if: ${{ env.NEXT_PUBLIC_BASE_URL || env.BASE_URL || env.NEXTAUTH_URL }} run: | az login --service-principal --username "${{ env.B2C_CLIENT_ID }}" --password "${{ env.B2C_CLIENT_SECRET }}" --tenant "${{ env.B2C_TENANT_NAME }}.onmicrosoft.com" --allow-no-subscriptions REDIRECT_URIS=() From 3b1aafc73f079b94b407f02ef343af29185c45a9 Mon Sep 17 00:00:00 2001 From: ebronson68 <111298136+ebronson68@users.noreply.github.com> Date: Wed, 11 Oct 2023 16:17:19 -0500 Subject: [PATCH 7/7] Fix shellcheck errors --- .github/workflows/ephemeral-deploy.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml index 6b0753d9..12986859 100644 --- a/.github/workflows/ephemeral-deploy.yaml +++ b/.github/workflows/ephemeral-deploy.yaml @@ -193,8 +193,8 @@ jobs: run: | az login --service-principal --username "${{ env.B2C_CLIENT_ID }}" --password "${{ env.B2C_CLIENT_SECRET }}" --tenant "${{ env.B2C_TENANT_NAME }}.onmicrosoft.com" --allow-no-subscriptions REDIRECT_URIS=() - IFS=' ' read -ra REDIRECT_URIS <<< "$(echo $(az ad app list --query "[?appId == '${{ env.B2C_CLIENT_ID }}'].web.redirectUris" -o tsv | tr "\t" " ") "${{ steps.hostname.outputs.hostname }}/api/auth/callback/azureb2c" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - az ad app update --id "${{ env.B2C_CLIENT_ID }}" --web-redirect-uris "${REDIRECT_URIS[@]}" + IFS=' ' read -ra REDIRECT_URIS <<< "$(echo "$(az ad app list --query "[?appId == '${{ env.B2C_CLIENT_ID }}'].web.redirectUris" -o tsv | tr "\t" " ")" "${{ steps.hostname.outputs.hostname }}/api/auth/callback/azureb2c" | tr ' ' '\n' | sort -u | tr '\n' ' ')" + az ad app update --id "${{ env.B2C_CLIENT_ID }}" --web-redirect-uris "${REDIRECT_URIS[@]}" - name: Update Next URL variables id: next-vars @@ -267,7 +267,7 @@ jobs: run: | az login --service-principal --username "${{ env.B2C_CLIENT_ID }}" --password "${{ env.B2C_CLIENT_SECRET }}" --tenant "${{ env.B2C_TENANT_NAME }}.onmicrosoft.com" --allow-no-subscriptions REDIRECT_URIS=() - IFS=' ' read -ra REDIRECT_URIS <<< "$(echo $(az ad app list --query "[?appId == '${{ env.B2C_CLIENT_ID }}'].web.redirectUris" -o tsv | tr "\t" " ") | sed 's|https://[^ ]*azurecontainerapps.io/api/auth/callback/azureb2c*[^ ] ||g') + IFS=' ' read -ra REDIRECT_URIS <<< "$(az ad app list --query "[?appId == '${{ env.B2C_CLIENT_ID }}'].web.redirectUris" -o tsv | tr "\t" " " | sed 's|https://[^ ]*azurecontainerapps.io/api/auth/callback/azureb2c*[^ ] ||g')" az ad app update --id "${{ env.B2C_CLIENT_ID }}" --web-redirect-uris "${REDIRECT_URIS[@]}" - name: Delete deployment environment