Skip to content

Deploy To Azure

Deploy To Azure #44

Workflow file for this run

name: Deploy To Azure
permissions:
id-token: write
contents: read
on:
# workflow_dispatch:
release:
types: [created]
# deployment:
jobs:
validate_infrastructure:
runs-on: ubuntu-latest
environment: azure-prod
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Lint Bicep
run: |
az bicep build --file ./azure/bicep/main.bicep
- name: Run what-if
uses: azure/arm-deploy@v2
with:
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ secrets.AZURE_RG }}
template: ./azure/bicep/main.bicep
parameters: >
ghClientId="${{ secrets.GH_CLIENT_ID }}"
ghClientSecret="${{ secrets.GH_CLIENT_SECRET }}"
postgresDb="${{ secrets.POSTGRES_DB }}"
postgresHost="${{ secrets.POSTGRES_HOST }}"
postgresPassword="${{ secrets.POSTGRES_PASSWORD }}"
postgresPort="${{ secrets.POSTGRES_PORT }}"
postgresUser="${{ secrets.POSTGRES_USER }}"
slackAdminMemberId="${{ secrets.SLACK_ADMIN_MEMBER_ID }}"
slackBotToken="${{ secrets.SLACK_BOT_TOKEN }}"
slackSigningSecret="${{ secrets.SLACK_SIGNING_SECRET }}"
nuxtOrigin="${{ secrets.NUXT_ORIGIN }}"
nuxtSessionPassword="${{ secrets.NUXT_SESSION_PASSWORD }}"
nuxtAuthClientId="${{ secrets.NUXT_AUTH_CLIENT_ID }}"
nuxtAuthClientSecret="${{ secrets.NUXT_AUTH_CLIENT_SECRET }}"
nuxtAuthTenantName="${{ secrets.NUXT_AUTH_TENANT_NAME }}"
nuxtAuthTenantId="${{ secrets.NUXT_AUTH_TENANT_ID }}"
nuxtAuthAuthorityDomain="${{ secrets.NUXT_AUTH_AUTHORITY_DOMAIN }}"
nuxtAuthPrimaryUserFlow="${{ secrets.NUXT_AUTH_PRIMARY_USER_FLOW }}"
scope: 'resourcegroup'
deploymentMode: 'Incremental'
failOnStdErr: false
additionalArguments: --what-if
- name: logout
run: az logout
build_app:
name: Build
runs-on: ubuntu-latest
environment: azure-prod
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22.x
cache: "npm"
- name: Restore Cache
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm install
- name: Typecheck
run: npm run typecheck
- name: 'Create env file'
run: |
touch .env
echo "POSTGRES_USER=${{secrets.POSTGRES_USER}}" > .env
echo "POSTGRES_PASSWORD=${{secrets.POSTGRES_PASSWORD}}" >> .env
echo "POSTGRES_HOST=${{secrets.POSTGRES_HOST}}" >> .env
echo "POSTGRES_PORT=${{secrets.POSTGRES_PORT}}" >> .env
echo "POSTGRES_DB=${{secrets.POSTGRES_DB}}" >> .env
echo "NODE_ENV=production" >> .env
echo "NUXT_ORIGIN=${{secrets.NUXT_ORIGIN}}" >> .env
echo "NUXT_SESSION_PASSWORD=${{secrets.NUXT_SESSION_PASSWORD}}" >> .env
echo "NUXT_AUTH_CLIENT_ID=${{secrets.NUXT_AUTH_CLIENT_ID}}" >> .env
echo "NUXT_AUTH_CLIENT_SECRET=${{secrets.NUXT_AUTH_CLIENT_SECRET}}" >> .env
echo "NUXT_AUTH_TENANT_NAME=${{secrets.NUXT_AUTH_TENANT_NAME}}" >> .env
echo "NUXT_AUTH_TENANT_ID=${{secrets.NUXT_AUTH_TENANT_ID}}" >> .env
echo "NUXT_AUTH_AUTHORITY_DOMAIN=${{secrets.NUXT_AUTH_AUTHORITY_DOMAIN}}" >> .env
echo "NUXT_AUTH_PRIMARY_USER_FLOW=${{secrets.NUXT_AUTH_PRIMARY_USER_FLOW}}" >> .env
echo "SLACK_ADMIN_MEMBER_ID=${{secrets.SLACK_ADMIN_MEMBER_ID}}" >> .env
echo "SLACK_BOT_TOKEN=${{secrets.SLACK_BOT_TOKEN}}" >> .env
echo "SLACK_SIGNING_SECRET=${{secrets.SLACK_SIGNING_SECRET}}" >> .env
- name: Build Application
run: npm run build
- name: Generate PWA Assets
run: npm run generate-pwa-assets
# - name: Run Unit Tests
# run: npm run test
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: build_artifact
path: .output
bicep-deploy:
needs: validate_infrastructure
environment: azure-prod
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Bicep
uses: azure/arm-deploy@v2
with:
deploymentName: github-${{ github.run_number }}
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ secrets.AZURE_RG }}
template: ./azure/bicep/main.bicep
deploymentMode: 'Incremental'
parameters: >
ghClientId="${{ secrets.GH_CLIENT_ID }}"
ghClientSecret="${{ secrets.GH_CLIENT_SECRET }}"
postgresDb="${{ secrets.POSTGRES_DB }}"
postgresHost="${{ secrets.POSTGRES_HOST }}"
postgresPassword="${{ secrets.POSTGRES_PASSWORD }}"
postgresPort="${{ secrets.POSTGRES_PORT }}"
postgresUser="${{ secrets.POSTGRES_USER }}"
slackAdminMemberId="${{ secrets.SLACK_ADMIN_MEMBER_ID }}"
slackBotToken="${{ secrets.SLACK_BOT_TOKEN }}"
slackSigningSecret="${{ secrets.SLACK_SIGNING_SECRET }}"
nuxtOrigin="${{ secrets.NUXT_ORIGIN }}"
nuxtSessionPassword="${{ secrets.NUXT_SESSION_PASSWORD }}"
nuxtAuthClientId="${{ secrets.NUXT_AUTH_CLIENT_ID }}"
nuxtAuthClientSecret="${{ secrets.NUXT_AUTH_CLIENT_SECRET }}"
nuxtAuthTenantName="${{ secrets.NUXT_AUTH_TENANT_NAME }}"
nuxtAuthTenantId="${{ secrets.NUXT_AUTH_TENANT_ID }}"
nuxtAuthAuthorityDomain="${{ secrets.NUXT_AUTH_AUTHORITY_DOMAIN }}"
nuxtAuthPrimaryUserFlow="${{ secrets.NUXT_AUTH_PRIMARY_USER_FLOW }}"
scope: 'resourcegroup'
failOnStdErr: false
- name: logout
run: az logout
deploy_app:
needs: [build_app, bicep-deploy, apply_db_migrations]
runs-on: ubuntu-latest
environment: azure-prod
steps:
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: build_artifact
path: .output
- name: Deploy app to Azure
uses: azure/webapps-deploy@v2
with:
app-name: 'app-cathedral'
package: .output
- name: logout
run: az logout
apply_db_migrations:
needs: [bicep-deploy]
runs-on: ubuntu-latest
environment: azure-prod
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22.x
cache: "npm"
- name: Restore Cache
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm install
- name: 'Create env file'
run: |
touch .env
echo "POSTGRES_USER=${{secrets.POSTGRES_USER}}" > .env
echo "POSTGRES_PASSWORD=${{secrets.POSTGRES_PASSWORD}}" >> .env
echo "POSTGRES_HOST=${{secrets.POSTGRES_HOST}}" >> .env
echo "POSTGRES_PORT=${{secrets.POSTGRES_PORT}}" >> .env
echo "POSTGRES_DB=${{secrets.POSTGRES_DB}}" >> .env
echo "NODE_ENV=production" >> .env
echo "NUXT_ORIGIN=${{secrets.NUXT_ORIGIN}}" >> .env
echo "NUXT_SESSION_PASSWORD=${{secrets.NUXT_SESSION_PASSWORD}}" >> .env
echo "NUXT_AUTH_CLIENT_ID=${{secrets.NUXT_AUTH_CLIENT_ID}}" >> .env
echo "NUXT_AUTH_CLIENT_SECRET=${{secrets.NUXT_AUTH_CLIENT_SECRET}}" >> .env
echo "NUXT_AUTH_TENANT_NAME=${{secrets.NUXT_AUTH_TENANT_NAME}}" >> .env
echo "NUXT_AUTH_TENANT_ID=${{secrets.NUXT_AUTH_TENANT_ID}}" >> .env
echo "NUXT_AUTH_AUTHORITY_DOMAIN=${{secrets.NUXT_AUTH_AUTHORITY_DOMAIN}}" >> .env
echo "NUXT_AUTH_PRIMARY_USER_FLOW=${{secrets.NUXT_AUTH_PRIMARY_USER_FLOW}}" >> .env
echo "SLACK_ADMIN_MEMBER_ID=${{secrets.SLACK_ADMIN_MEMBER_ID}}" >> .env
echo "SLACK_BOT_TOKEN=${{secrets.SLACK_BOT_TOKEN}}" >> .env
echo "SLACK_SIGNING_SECRET=${{secrets.SLACK_SIGNING_SECRET}}" >> .env
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Test Connection
run: |
npm run orm-debug
- name: List Pending Migrations
run: |
npm run orm-list-pending-migrations
- name: Run migrations
run: |
npm run orm-run-pending-migrations
- name: Seed Database defaults
run: |
npm run orm-seed-users
- name: logout
run: az logout