added initial workflow for building docker image and pushing (#25)

* added initial workflow for building docker image and pushing

* specified path to docker file

* specify work directory

* removed contentful dependancy for testing purposes

* added tagging and deploy image

* resolved failing test

* updated the dev config

* updated local variables

* added ability to set environment variables using container app secrets

* updated workflow + added app insights to track errors within the container

* updated terraform format

* resolved tflint issue

* fixed tf docs

* updated documentation

* update workflow event

* Update build-and-push-image.yml

* reinstated logic within pages controller

* Update appsettings.Development.json

* Update appsettings.Development.json

* Update PagesControllerTests.cs

* Update PagesController.cs

* Update variables.tf

.github/workflows/build-and-push-image.yml

@@ -0,0 +1,137 @@
+name: Build & deploy to environment
+
+on:
+  push:
+    branches: [ "main" ]
+
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: environment
+        description: "Choose an environment to deploy to"
+        required: true
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.inputs.environment }}
+
+env:
+  DOCKER_IMAGE: plan-tech-app
+  NODE_VERSION: 18.x
+
+jobs:
+  set-env:
+    name: Determine environment
+    runs-on: ubuntu-22.04
+    outputs:
+      environment: ${{ steps.var.outputs.environment }}
+      branch: ${{ steps.var.outputs.branch }}
+      release: ${{ steps.var.outputs.release }}
+      checked-out-sha: ${{ steps.var.outputs.checked-out-sha }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+
+      - id: var
+        run: |
+          GIT_REF=${{ github.ref }}
+          GIT_BRANCH=${GIT_REF##*/}
+          INPUT=${{ github.event.inputs.environment }}
+          ENVIRONMENT=${INPUT:-"dev"}
+          RELEASE=${ENVIRONMENT,,}-`date +%Y-%m-%d`.${{ github.run_number }}
+          CHECKED_OUT_SHA="$(git log -1 '--format=format:%H')"
+          echo "environment=${ENVIRONMENT,,}" >> $GITHUB_OUTPUT
+          echo "branch=$GIT_BRANCH" >> $GITHUB_OUTPUT
+          echo "release=${RELEASE}" >> $GITHUB_OUTPUT
+          echo "checked-out-sha=${CHECKED_OUT_SHA}" >> $GITHUB_OUTPUT
+
+  build-and-push-image:
+    name: Build and push to ACR
+    needs: set-env
+    runs-on: ubuntu-22.04
+    environment: ${{ needs.set-env.outputs.environment }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Azure Container Registry login
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.AZ_CLIENT_ID }}
+          password: ${{ secrets.AZ_CLIENT_SECRET }}
+          registry: ${{ secrets.AZ_ACR_URL }}
+
+      - name: Build and push docker image
+        uses: docker/build-push-action@v3
+        with:
+          context: ./src/
+          file: ./src/Dfe.PlanTech.Web/Dockerfile
+          build-args: COMMIT_SHA=${{ needs.set-env.outputs.checked-out-sha }}
+          tags: |
+            ${{ secrets.AZ_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.branch }}
+            ${{ secrets.AZ_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.release }}
+            ${{ secrets.AZ_ACR_URL }}/${{ env.DOCKER_IMAGE }}:sha-${{ needs.set-env.outputs.checked-out-sha }}
+            ${{ secrets.AZ_ACR_URL }}/${{ env.DOCKER_IMAGE }}:latest
+          push: true
+
+  create-tag:
+    name: Tag and release
+    needs: set-env
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Create tag
+        run: |
+          git tag ${{ needs.set-env.outputs.release }}
+          git push origin ${{ needs.set-env.outputs.release }}
+
+      - name: Create release
+        uses: "actions/github-script@v6"
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          script: |
+            try {
+              await github.rest.repos.createRelease({
+                draft: ${{ needs.set-env.outputs.environment == 'staging' }},
+                generate_release_notes: true,
+                name: "${{ needs.set-env.outputs.release }}",
+                owner: context.repo.owner,
+                prerelease: ${{ needs.set-env.outputs.environment == 'staging' }},
+                repo: context.repo.repo,
+                tag_name: "${{ needs.set-env.outputs.release }}",
+              });
+            } catch (error) {
+              core.setFailed(error.message);
+            }
+
+  deploy-image:
+    name: Deploy to ${{ needs.set-env.outputs.environment }} (${{ needs.set-env.outputs.release }})
+    needs: [ build-and-push-image, set-env ]
+    runs-on: ubuntu-22.04
+    environment: ${{ needs.set-env.outputs.environment }}
+    steps:
+      - name: Azure login with ACA credentials
+        uses: azure/login@v1
+        with:
+          creds: '{"clientId":"${{ secrets.AZ_CLIENT_ID }}","clientSecret":"${{ secrets.AZ_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZ_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZ_TENANT_ID }}"}'
+
+      - name: Update Azure Container Apps Revision
+        uses: azure/CLI@v1
+        id: azure
+        with:
+          azcliversion: 2.45.0
+          inlineScript: |
+            az config set extension.use_dynamic_install=yes_without_prompt
+            az containerapp update \
+              --name ${{ secrets.AZ_ACA_NAME }} \
+              --resource-group ${{ secrets.AZ_ACA_RESOURCE_GROUP }} \
+              --image ${{ secrets.AZ_ACR_URL }}/${{ env.DOCKER_IMAGE }}:${{ needs.set-env.outputs.release }} \
+              --output none \
+              --set-env-vars Contentful__DeliveryApiKey=secretref:contentful--deliveryapikey \
+              --set-env-vars Contentful__PreviewApiKey=secretref:contentful--previewapikey \
+              --set-env-vars Contentful__SpaceId=secretref:contentful--spaceid \
+              --set-env-vars Contentful__Environment=secretref:contentful--environment

src/Dfe.PlanTech.Web/Dfe.PlanTech.Web.csproj

@@ -20,6 +20,7 @@
     </ItemGroup>
     <ItemGroup>
       <PackageReference Include="GovUk.Frontend.AspNetCore" Version="1.0.0" />
+      <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.21.0" />
     </ItemGroup>
 
 </Project>

src/Dfe.PlanTech.Web/Program.cs

@@ -6,6 +6,8 @@
 
 var builder = WebApplication.CreateBuilder(args);
 
+builder.Services.AddApplicationInsightsTelemetry();
+
 // Add services to the container.
 builder.Services.AddControllersWithViews();
 builder.Services.AddGovUkFrontend();

terraform/README.md

@@ -7,38 +7,62 @@ The following article discusses developer tools and how to run the **Terraform**
 - [Terraform](#terraform)
   - [Contents](#contents)
   - [Developer tools](#developer-tools)
+  - [When Updating The Terraform Config](#when-updating-the-terraform-config)
   - [Running Terraform locally](#running-terraform-locally)
-    - [Setting environment variables](#setting-environment-variables)
+    - [Authenticating using Service Principle](#authenticating-using-service-principle)
     - [Terraform Init](#terraform-init)
     - [Terraform Plan](#terraform-plan)
+    - [Terraform Validate](#terraform-validate)
     - [Terraform Format](#terraform-format)
   - [Terraform Documentation](#terraform-documentation)
 
 ## Developer tools
 
 The following tools are recommended/required to work with Terraform locally
 
-* Visual Studio Code
+* [Visual Studio Code](https://code.visualstudio.com/)
   * VSCode Terraform Extension
-* Install Terraform
+* [Terraform](https://www.terraform.io/)
   * MacOS: 
     * Xcode: `xcode-select --install` 
     * Terraform: `brew tap hashicorp/tap`  
-* Install Terraform-Docs
+* [Terraform-Docs](https://terraform-docs.io/)
   * MacOS:
     * `brew install terraform-docs`
-* Optionally Install Azure CLI 
+* [TFLint](https://github.com/terraform-linters/tflint)
+  * MacOS:
+    * `brew install tflint`
+* [jq](https://jqlang.github.io/jq/)
+  * MacOS:
+    * `brew install jq`
+* [tfsec](https://aquasecurity.github.io/tfsec/v1.28.1/)
+  * MacOS:
+    * `brew install tfsec`
+* [coreutils](https://www.gnu.org/software/coreutils/)
+  * MacOS:
+    * `brew install coreutils`
+* [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/) 
   * MacOS
     * `brew update && brew install azure-cli`
 
+## When Updating The Terraform Config
+
+When you make changes to the Terraform Config, ensure you run the following as these are checked by the `terraform-pr-check` GitHub workflow:
+
+1. Terraform validate to validate your changes
+2. Terraform plan to check you're making the correct changes 
+3. Terraform format to reformate the TF files
+4. Terraform lint to check for possible errors
+5. Terraform documentation to regenerate the documentation
+
 ## Running Terraform locally
 
 This section discusses how to set-up and run Terraform locally on a development machine.
 
 ⚠️ do not update the example Terraform configuration files with sensitive information and commit to repo ⚠️ 
 
-### Setting environment variables
-Within a terminal window window run the following commands to set some environment variables that Terraform requires to connect to Azure.
+### Authenticating using Service Principle
+The Terraform configuration can be executed using an Azure Service Principle.  To do this you'll need to set the following environment variables:
 
 MacOS:
 ```
@@ -48,14 +72,20 @@ export ARM_CLIENT_ID = <client_id>
 export ARM_CLIENT_SECRET = <client_secret>
 ```
 
+And sign in to Azure using the Azure CLI, as the Terraform module uses this for part of the infrastructure deployoyment:
+
+```
+az login --service-principal -u <client_id> -p <client_secret> --tenant <tenant_id> 
+```
+
 ### Terraform Init 
-Terraform needs to be initialised on your local machine before you can use it. To do this rename the `init.tfvars.example` file to `init.tfvars` and complete the configuration so that Terraform connects to the correct Azure Storage instance.  
+Terraform needs to be initialised on your local machine before you can use it. To do this rename the `backend.tfvars.example` file to `backend.tfvars` and complete the configuration so that Terraform connects to the correct Azure Storage instance.  
 
 Run the following command to initialise Terraform.
 
 `terraform init -backend-config=backend.tfvars`
 
-⚠️ tfvars files are ignored by git, but do ensure they do not get committed to the repo ⚠️ 
+⚠️ tfvars files are ignored by git, but please ensure they do not get committed to the repo by accident ⚠️ 
 
 ### Terraform Plan
 To run the plan command, first rename the `terraform.tfvars.example` file to `terraform.tfvars` and complete the following configuration.  
@@ -69,6 +99,12 @@ Run the following command to execute the Plan commande:
 
 `terraform plan -var-file="terraform.tfvars"`
 
+### Terraform Validate
+
+The terraform validate command validates the configuration files.
+
+`terraform validate`
+
 ### Terraform Format
 
 Any changes to the Terraform configuration should be formatted correctly.  This can be done by running the following command:

terraform/main-hosting.tf

@@ -7,5 +7,7 @@ module "main_hosting" {
   tags           = local.tags
 
   enable_container_registry = true
-  image_name                = "plan-tech"
+  image_name                = "plan-tech-app"
+
+  enable_cdn_frontdoor = true
 }