Adding resource health alerts #286

Workflow file for this run

.github/workflows/release-to-production.yml at 010937b

	name: Release to Production

	on:
	workflow_dispatch:
	push:
	branches:
	- main
	schedule:
	- cron: "0 3 * * 3" # Every Wednesday at 3am

	permissions:
	id-token: write # This is required for Az CLI Login
	contents: read # This is required for actions/checkout

	concurrency: # This is required to prevent multiple runs of the same workflow from running at the same time.
	group: ${{ github.workflow }}

	jobs:
	dotnet-web-ci:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/dotnet-web-ci@main
	with:
	dotnet-project: "repository-webapi"
	dotnet-version: 9.0.x
	src-folder: "src"
	majorMinorVersion: "1.1"

	publish-nuget-packages:
	environment: NuGet
	runs-on: ubuntu-latest
	needs: [dotnet-web-ci]

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/publish-nuget-packages@main
	with:
	artifact-name: "nuget-packages"
	NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}

	terraform-plan-and-apply-dev:
	environment: Development
	runs-on: ubuntu-latest

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-dev

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/terraform-plan-and-apply@main
	with:
	terraform-folder: "terraform"
	terraform-var-file: "tfvars/dev.tfvars"
	terraform-backend-file: "backends/dev.backend.hcl"
	AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	- id: terraform-output
	shell: bash
	run: \|
	cd terraform
	echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT
	echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT
	echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT
	echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT
	echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT
	echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT
	echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT
	echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT
	env:
	ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	ARM_USE_AZUREAD: true
	ARM_USE_OIDC: true

	outputs:
	web_app_name: ${{ steps.terraform-output.outputs.web_app_name }}
	web_app_resource_group: ${{ steps.terraform-output.outputs.web_app_resource_group }}
	workload_public_url: ${{ steps.terraform-output.outputs.workload_public_url }}
	sql_server_fqdn: ${{ steps.terraform-output.outputs.sql_server_fqdn }}
	sql_database_name: ${{ steps.terraform-output.outputs.sql_database_name }}
	key_vault_name: ${{ steps.terraform-output.outputs.key_vault_name }}
	integration_tests_account_name: ${{ steps.terraform-output.outputs.integration_tests_account_name }}
	api_audience: ${{ steps.terraform-output.outputs.api_audience }}

	deploy-sql-database-dev:
	environment: Development
	runs-on: ubuntu-latest
	needs: [terraform-plan-and-apply-dev]

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-dev

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/deploy-sql-database@main
	with:
	sql-args: /Variables:env=dev /Variables:instance=01
	sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }}
	sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }}
	project-folder: "src/database"
	project-file: "database.sqlproj"
	AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	app-service-deploy-dev:
	environment: Development
	runs-on: ubuntu-latest
	needs: [dotnet-web-ci, deploy-sql-database-dev, terraform-plan-and-apply-dev]

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-dev

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/deploy-app-service@main
	with:
	web-artifact-name: "repository-webapi"
	web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }}
	AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	run-api-integration-tests-dev:
	environment: Development
	runs-on: ubuntu-latest
	needs: [app-service-deploy-dev, terraform-plan-and-apply-dev]

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-dev

	steps:
	- name: "Az CLI Login"
	uses: azure/login@v2
	with:
	client-id: ${{ vars.AZURE_CLIENT_ID }}
	tenant-id: ${{ vars.AZURE_TENANT_ID }}
	subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	- shell: bash
	run: \|
	client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv)
	client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv)
	client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv)
	api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv)

	echo "::add-mask::$client_id"
	echo "::add-mask::$client_secret"
	echo "::add-mask::$client_tenant_id"
	echo "::add-mask::$api_key"

	echo "int_test_client_id=$client_id" >> $GITHUB_ENV
	echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV
	echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV
	echo "int_test_api_key=$api_key" >> $GITHUB_ENV

	- uses: frasermolyneux/actions/run-api-integration-tests@main
	with:
	dotnet-version: 9.0.x
	src-folder: "src"
	api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }}
	api-key: ${{ env.int_test_api_key }}
	api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }}
	AZURE_CLIENT_ID: ${{ env.int_test_client_id }}
	AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }}
	AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }}

	terraform-plan-and-apply-prd:
	environment: Production
	runs-on: ubuntu-latest
	needs: [run-api-integration-tests-dev]

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-prd

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/terraform-plan-and-apply@main
	with:
	terraform-folder: "terraform"
	terraform-var-file: "tfvars/prd.tfvars"
	terraform-backend-file: "backends/prd.backend.hcl"
	AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	- id: terraform-output
	shell: bash
	run: \|
	cd terraform
	echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT
	echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT
	echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT
	echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT
	echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT
	echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT
	echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT
	echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT
	env:
	ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	ARM_USE_AZUREAD: true
	ARM_USE_OIDC: true

	outputs:
	web_app_name: ${{ steps.terraform-output.outputs.web_app_name }}
	web_app_resource_group: ${{ steps.terraform-output.outputs.web_app_resource_group }}
	workload_public_url: ${{ steps.terraform-output.outputs.workload_public_url }}
	sql_server_fqdn: ${{ steps.terraform-output.outputs.sql_server_fqdn }}
	sql_database_name: ${{ steps.terraform-output.outputs.sql_database_name }}
	key_vault_name: ${{ steps.terraform-output.outputs.key_vault_name }}
	integration_tests_account_name: ${{ steps.terraform-output.outputs.integration_tests_account_name }}
	api_audience: ${{ steps.terraform-output.outputs.api_audience }}

	deploy-sql-database-prd:
	environment: Production
	runs-on: ubuntu-latest
	needs: [terraform-plan-and-apply-prd]

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-prd

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/deploy-sql-database@main
	with:
	sql-args: /Variables:env=prd /Variables:instance=01
	sql-server-fqdn: ${{ needs.terraform-plan-and-apply-prd.outputs.sql_server_fqdn }}
	sql-database-name: ${{ needs.terraform-plan-and-apply-prd.outputs.sql_database_name }}
	project-folder: "src/database"
	project-file: "database.sqlproj"
	AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	app-service-deploy-prd:
	environment: Production
	runs-on: ubuntu-latest
	needs: [dotnet-web-ci, deploy-sql-database-prd, terraform-plan-and-apply-prd]

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-prd

	steps:
	- uses: actions/checkout@v4

	- uses: frasermolyneux/actions/deploy-app-service@main
	with:
	web-artifact-name: "repository-webapi"
	web-app-name: ${{ needs.terraform-plan-and-apply-prd.outputs.web_app_name }}
	AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
	AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
	AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	run-api-integration-tests-prd:
	environment: Production
	runs-on: ubuntu-latest
	needs: [app-service-deploy-prd, terraform-plan-and-apply-prd]

	concurrency: # This is required to prevent multiple GitHub Actions invocations against stateful resources. e.g. Terraform state file / Database / Deployed Apps
	group: ${{ github.repository }}-prd

	steps:
	- name: "Az CLI Login"
	uses: azure/login@v2
	with:
	client-id: ${{ vars.AZURE_CLIENT_ID }}
	tenant-id: ${{ vars.AZURE_TENANT_ID }}
	subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}

	- shell: bash
	run: \|
	client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv)
	client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv)
	client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv)
	api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv)

	echo "::add-mask::$client_id"
	echo "::add-mask::$client_secret"
	echo "::add-mask::$client_tenant_id"
	echo "::add-mask::$api_key"

	echo "int_test_client_id=$client_id" >> $GITHUB_ENV
	echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV
	echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV
	echo "int_test_api_key=$api_key" >> $GITHUB_ENV

	- uses: frasermolyneux/actions/run-api-integration-tests@main
	with:
	dotnet-version: 9.0.x
	src-folder: "src"
	api-base-url: ${{ needs.terraform-plan-and-apply-prd.outputs.workload_public_url }}
	api-key: ${{ env.int_test_api_key }}
	api-audience: ${{ needs.terraform-plan-and-apply-prd.outputs.api_audience }}
	AZURE_CLIENT_ID: ${{ env.int_test_client_id }}
	AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }}
	AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adding resource health alerts #286

Workflow file

Adding resource health alerts #286

Jobs

Run details

Workflow file for this run