Bump Azure.Identity, Azure.Security.KeyVault.Secrets and Microsoft.Identity.Web in /src #560
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Validation | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write # This is required for Az CLI Login | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Checkout Repository" | |
| uses: actions/checkout@v4 | |
| - name: "Dependency Review" | |
| uses: actions/dependency-review-action@v4 | |
| dotnet-web-ci: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: frasermolyneux/actions/dotnet-web-ci@main | |
| with: | |
| dotnet-project: "repository-webapi" | |
| dotnet-version: 9.0.x | |
| src-folder: "src" | |
| majorMinorVersion: "1.1" | |
| terraform-plan-and-apply-dev: | |
| environment: Development | |
| runs-on: ubuntu-latest | |
| concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps | |
| group: ${{ github.repository }}-dev | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: frasermolyneux/actions/terraform-plan-and-apply@main | |
| with: | |
| terraform-folder: "terraform" | |
| terraform-var-file: "tfvars/dev.tfvars" | |
| terraform-backend-file: "backends/dev.backend.hcl" | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - id: terraform-output | |
| shell: bash | |
| run: | | |
| cd terraform | |
| echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT | |
| echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT | |
| echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT | |
| echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT | |
| echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT | |
| echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT | |
| echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT | |
| echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| ARM_USE_AZUREAD: true | |
| ARM_USE_OIDC: true | |
| outputs: | |
| web_app_name: ${{ steps.terraform-output.outputs.web_app_name }} | |
| web_app_resource_group: ${{ steps.terraform-output.outputs.web_app_resource_group }} | |
| workload_public_url: ${{ steps.terraform-output.outputs.workload_public_url }} | |
| sql_server_fqdn: ${{ steps.terraform-output.outputs.sql_server_fqdn }} | |
| sql_database_name: ${{ steps.terraform-output.outputs.sql_database_name }} | |
| key_vault_name: ${{ steps.terraform-output.outputs.key_vault_name }} | |
| integration_tests_account_name: ${{ steps.terraform-output.outputs.integration_tests_account_name }} | |
| api_audience: ${{ steps.terraform-output.outputs.api_audience }} | |
| deploy-sql-database-dev: | |
| environment: Development | |
| runs-on: ubuntu-latest | |
| needs: [terraform-plan-and-apply-dev] | |
| concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps | |
| group: ${{ github.repository }}-dev | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: frasermolyneux/actions/deploy-sql-database@main | |
| with: | |
| sql-args: /Variables:env=dev /Variables:instance=01 | |
| sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }} | |
| sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }} | |
| project-folder: "src/database" | |
| project-file: "database.sqlproj" | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| app-service-deploy-dev: | |
| environment: Development | |
| runs-on: ubuntu-latest | |
| needs: [dotnet-web-ci, deploy-sql-database-dev, terraform-plan-and-apply-dev] | |
| concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps | |
| group: ${{ github.repository }}-dev | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: frasermolyneux/actions/deploy-app-service@main | |
| with: | |
| web-artifact-name: "repository-webapi" | |
| web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| run-api-integration-tests-dev: | |
| environment: Development | |
| runs-on: ubuntu-latest | |
| needs: [app-service-deploy-dev, terraform-plan-and-apply-dev] | |
| concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps | |
| group: ${{ github.repository }}-dev | |
| steps: | |
| - name: "Az CLI Login" | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - shell: bash | |
| run: | | |
| client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) | |
| client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) | |
| client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) | |
| api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) | |
| echo "::add-mask::$client_id" | |
| echo "::add-mask::$client_secret" | |
| echo "::add-mask::$client_tenant_id" | |
| echo "::add-mask::$api_key" | |
| echo "int_test_client_id=$client_id" >> $GITHUB_ENV | |
| echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV | |
| echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV | |
| echo "int_test_api_key=$api_key" >> $GITHUB_ENV | |
| - uses: frasermolyneux/actions/run-api-integration-tests@main | |
| with: | |
| dotnet-version: 9.0.x | |
| src-folder: "src" | |
| api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }} | |
| api-key: ${{ env.int_test_api_key }} | |
| api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }} | |
| AZURE_CLIENT_ID: ${{ env.int_test_client_id }} | |
| AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} | |
| AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} | |
| terraform-plan-prd: | |
| if: github.actor != 'dependabot[bot]' # dependabot context has no permissions to prod so skip this check | |
| environment: Production | |
| runs-on: ubuntu-latest | |
| needs: [terraform-plan-and-apply-dev] | |
| concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps | |
| group: ${{ github.repository }}-prd | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: frasermolyneux/actions/terraform-plan@main | |
| with: | |
| terraform-folder: "terraform" | |
| terraform-var-file: "tfvars/prd.tfvars" | |
| terraform-backend-file: "backends/prd.backend.hcl" | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |