From ce316afc7c8e9f44c4db1d031b2566516908d7c6 Mon Sep 17 00:00:00 2001 From: Fraser Molyneux Date: Thu, 9 Nov 2023 21:11:38 +0000 Subject: [PATCH] Refactoring workflows --- .github/workflows/codequality.yml | 69 +++ .github/workflows/dependabot-automerge.yml | 20 +- .github/workflows/destroy-development.yml | 20 +- .github/workflows/feature-development.yml | 239 ++++------ .github/workflows/integration-tests.yml | 128 +++--- .github/workflows/pull-request-validation.yml | 241 ++++------ .github/workflows/release-to-production.yml | 423 ++++++++---------- 7 files changed, 530 insertions(+), 610 deletions(-) create mode 100644 .github/workflows/codequality.yml diff --git a/.github/workflows/codequality.yml b/.github/workflows/codequality.yml new file mode 100644 index 00000000..6d4d4451 --- /dev/null +++ b/.github/workflows/codequality.yml @@ -0,0 +1,69 @@ +name: Code Quality + +on: push + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + actions: read # Required by CodeQL + security-events: write # Required by CodeQL + +jobs: + code-scanning: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 1.11 + + - name: Cache SonarCloud packages + uses: actions/cache@v1 + with: + path: ~\sonar\cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Install SonarCloud scanners + shell: bash + run: | + cd src + dotnet tool install --global dotnet-sonarscanner + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: 'csharp' + + - name: Begin SonarScanner + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + cd src + dotnet-sonarscanner begin /k:"frasermolyneux_api-client-abstractions" /o:"frasermolyneux" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" + + - uses: frasermolyneux/actions/dotnet-web-ci@main + with: + dotnet-project: "repository-webapi" + dotnet-version: 7.0.x + src-folder: "src" + majorMinorVersion: "1.1" + + - name: End SonarScanner + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + cd src + dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:'csharp'" diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index 43b29fbd..37ce5026 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -10,13 +10,13 @@ jobs: runs-on: ubuntu-latest if: ${{ github.actor == 'dependabot[bot]' }} steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/destroy-development.yml b/.github/workflows/destroy-development.yml index 11b886f2..baf8d366 100644 --- a/.github/workflows/destroy-development.yml +++ b/.github/workflows/destroy-development.yml @@ -2,8 +2,6 @@ name: Destroy Development on: workflow_dispatch: - #schedule: - # - cron: "0 6 * * 1" permissions: id-token: write # This is required for requesting the JWT @@ -15,13 +13,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - uses: frasermolyneux/actions/terraform-destroy@main - with: - terraform-folder: "terraform" - terraform-var-file: "tfvars/dev.tfvars" - terraform-backend-file: "backends/dev.backend.hcl" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: frasermolyneux/actions/terraform-destroy@main + with: + terraform-folder: "terraform" + terraform-var-file: "tfvars/dev.tfvars" + terraform-backend-file: "backends/dev.backend.hcl" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} diff --git a/.github/workflows/feature-development.yml b/.github/workflows/feature-development.yml index 1cb550e0..73c8c2bd 100644 --- a/.github/workflows/feature-development.yml +++ b/.github/workflows/feature-development.yml @@ -7,70 +7,21 @@ on: - "feature/*" permissions: - id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - actions: read # Required by CodeQL - security-events: write # Required by CodeQL jobs: dotnet-web-ci: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 1.11 - - - name: Cache SonarCloud packages - uses: actions/cache@v1 - with: - path: ~\sonar\cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Install SonarCloud scanners - shell: bash - run: | - cd src - dotnet tool install --global dotnet-sonarscanner - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: "csharp" - - - name: Begin SonarScanner - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - cd src - dotnet-sonarscanner begin /k:"frasermolyneux_portal-repository" /o:"frasermolyneux" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" - - - uses: frasermolyneux/actions/dotnet-web-ci@main - with: - dotnet-project: "repository-webapi" - dotnet-version: 7.0.x - src-folder: "src" - majorMinorVersion: "1.1" - - - name: End SonarScanner - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - cd src - dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:'csharp'" + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/dotnet-web-ci@main + with: + dotnet-project: "repository-webapi" + dotnet-version: 7.0.x + src-folder: "src" + majorMinorVersion: "1.1" publish-nuget-packages: environment: NuGet @@ -78,46 +29,46 @@ jobs: needs: [dotnet-web-ci] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - uses: frasermolyneux/actions/publish-nuget-packages@main - with: - artifact-name: "nuget-packages" - NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} + - uses: frasermolyneux/actions/publish-nuget-packages@main + with: + artifact-name: "nuget-packages" + NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} terraform-plan-and-apply-dev: environment: Development runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/terraform-plan-and-apply@main - with: - terraform-folder: "terraform" - terraform-var-file: "tfvars/dev.tfvars" - terraform-backend-file: "backends/dev.backend.hcl" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - id: terraform-output - shell: bash - run: | - cd terraform - echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT - echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT - echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT - echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT - echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT - echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT - echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT - echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT - env: - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_USE_OIDC: true + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/terraform-plan-and-apply@main + with: + terraform-folder: "terraform" + terraform-var-file: "tfvars/dev.tfvars" + terraform-backend-file: "backends/dev.backend.hcl" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - id: terraform-output + shell: bash + run: | + cd terraform + echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT + echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT + echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT + echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT + echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT + echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT + echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT + echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT + env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_USE_OIDC: true outputs: web_app_name: ${{ steps.terraform-output.outputs.web_app_name }} @@ -135,18 +86,18 @@ jobs: needs: [terraform-plan-and-apply-dev] steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/deploy-sql-database@main - with: - sql-args: /Variables:env=dev /Variables:instance=01 - sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }} - sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }} - project-folder: "src/database" - project-file: "database.sqlproj" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/deploy-sql-database@main + with: + sql-args: /Variables:env=dev /Variables:instance=01 + sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }} + sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }} + project-folder: "src/database" + project-file: "database.sqlproj" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} app-service-deploy-dev: environment: Development @@ -155,15 +106,15 @@ jobs: [dotnet-web-ci, deploy-sql-database-dev, terraform-plan-and-apply-dev] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - uses: frasermolyneux/actions/deploy-app-service@main - with: - web-artifact-name: "repository-webapi" - web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: frasermolyneux/actions/deploy-app-service@main + with: + web-artifact-name: "repository-webapi" + web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} run-api-integration-tests-dev: environment: Development @@ -171,37 +122,37 @@ jobs: needs: [app-service-deploy-dev, terraform-plan-and-apply-dev] steps: - - name: "Az CLI Login" - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - shell: bash - run: | - client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - - echo "::add-mask::$client_id" - echo "::add-mask::$client_secret" - echo "::add-mask::$client_tenant_id" - echo "::add-mask::$api_key" - - echo "int_test_client_id=$client_id" >> $GITHUB_ENV - echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV - echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV - echo "int_test_api_key=$api_key" >> $GITHUB_ENV - - - uses: frasermolyneux/actions/run-api-integration-tests@main - with: - dotnet-version: 7.0.x - src-folder: "src" - api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }} - api-key: ${{ env.int_test_api_key }} - api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }} - AZURE_CLIENT_ID: ${{ env.int_test_client_id }} - AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} - AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} + - name: "Az CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - shell: bash + run: | + client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + + echo "::add-mask::$client_id" + echo "::add-mask::$client_secret" + echo "::add-mask::$client_tenant_id" + echo "::add-mask::$api_key" + + echo "int_test_client_id=$client_id" >> $GITHUB_ENV + echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV + echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV + echo "int_test_api_key=$api_key" >> $GITHUB_ENV + + - uses: frasermolyneux/actions/run-api-integration-tests@main + with: + dotnet-version: 7.0.x + src-folder: "src" + api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }} + api-key: ${{ env.int_test_api_key }} + api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }} + AZURE_CLIENT_ID: ${{ env.int_test_client_id }} + AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} + AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 45de3364..25ee5369 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -16,44 +16,44 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - name: "Az CLI Login" - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: "Az CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - terraform_wrapper: false + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_wrapper: false - - name: Terraform Init - shell: bash - run: | - cd terraform - terraform init -backend-config=backends/dev.backend.hcl -var-file=tfvars/dev.tfvars - env: - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_USE_OIDC: true + - name: Terraform Init + shell: bash + run: | + cd terraform + terraform init -backend-config=backends/dev.backend.hcl -var-file=tfvars/dev.tfvars + env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_USE_OIDC: true - - id: terraform-output - shell: bash - run: | - cd terraform - echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT - echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT - echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT - echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT - env: - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_USE_OIDC: true + - id: terraform-output + shell: bash + run: | + cd terraform + echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT + echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT + echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT + echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT + env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_USE_OIDC: true outputs: workload_public_url: ${{ steps.terraform-output.outputs.workload_public_url }} @@ -67,37 +67,37 @@ jobs: needs: [terraform-get-outputs-dev] steps: - - name: "Az CLI Login" - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: "Az CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - shell: bash - run: | - client_id=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) - client_secret=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) - client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) - api_key=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) + - shell: bash + run: | + client_id=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) + client_secret=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) + client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) + api_key=$(az keyvault secret show --name "${{ needs.terraform-get-outputs-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-get-outputs-dev.outputs.key_vault_name }}" --query value -o tsv) - echo "::add-mask::$client_id" - echo "::add-mask::$client_secret" - echo "::add-mask::$client_tenant_id" - echo "::add-mask::$api_key" + echo "::add-mask::$client_id" + echo "::add-mask::$client_secret" + echo "::add-mask::$client_tenant_id" + echo "::add-mask::$api_key" - echo "int_test_client_id=$client_id" >> $GITHUB_ENV - echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV - echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV - echo "int_test_api_key=$api_key" >> $GITHUB_ENV + echo "int_test_client_id=$client_id" >> $GITHUB_ENV + echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV + echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV + echo "int_test_api_key=$api_key" >> $GITHUB_ENV - - uses: frasermolyneux/actions/run-api-integration-tests@main - with: - dotnet-version: 7.0.x - src-folder: "src" - api-base-url: ${{ needs.terraform-get-outputs-dev.outputs.workload_public_url }} - api-key: ${{ env.int_test_api_key }} - api-audience: ${{ needs.terraform-get-outputs-dev.outputs.api_audience }} - AZURE_CLIENT_ID: ${{ env.int_test_client_id }} - AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} - AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} + - uses: frasermolyneux/actions/run-api-integration-tests@main + with: + dotnet-version: 7.0.x + src-folder: "src" + api-base-url: ${{ needs.terraform-get-outputs-dev.outputs.workload_public_url }} + api-key: ${{ env.int_test_api_key }} + api-audience: ${{ needs.terraform-get-outputs-dev.outputs.api_audience }} + AZURE_CLIENT_ID: ${{ env.int_test_client_id }} + AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} + AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} diff --git a/.github/workflows/pull-request-validation.yml b/.github/workflows/pull-request-validation.yml index f03fb33d..4d9b4b91 100644 --- a/.github/workflows/pull-request-validation.yml +++ b/.github/workflows/pull-request-validation.yml @@ -7,10 +7,7 @@ on: - main permissions: - id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - actions: read # Required by CodeQL - security-events: write # Required by CodeQL concurrency: # This is required to prevent multiple runs of the same workflow from running at the same time. group: ${{ github.workflow }} @@ -20,11 +17,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: "Checkout Repository" - uses: actions/checkout@v3 + - name: "Checkout Repository" + uses: actions/checkout@v3 - - name: "Dependency Review" - uses: actions/dependency-review-action@v2 + - name: "Dependency Review" + uses: actions/dependency-review-action@v2 dotnet-web-ci: runs-on: ubuntu-latest @@ -32,38 +29,6 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 1.11 - - - name: Cache SonarCloud packages - uses: actions/cache@v1 - with: - path: ~\sonar\cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Install SonarCloud scanners - shell: bash - run: | - cd src - dotnet tool install --global dotnet-sonarscanner - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: "csharp" - - - name: Begin SonarScanner - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - cd src - dotnet-sonarscanner begin /k:"frasermolyneux_portal-repository" /o:"frasermolyneux" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" - - uses: frasermolyneux/actions/dotnet-web-ci@main with: dotnet-project: "repository-webapi" @@ -71,53 +36,39 @@ jobs: src-folder: "src" majorMinorVersion: "1.1" - - name: End SonarScanner - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - cd src - dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:'csharp'" - terraform-plan-and-apply-dev: environment: Development runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/terraform-plan-and-apply@main - with: - terraform-folder: "terraform" - terraform-var-file: "tfvars/dev.tfvars" - terraform-backend-file: "backends/dev.backend.hcl" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - id: terraform-output - shell: bash - run: | - cd terraform - echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT - echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT - echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT - echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT - echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT - echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT - echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT - echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT - env: - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_USE_OIDC: true + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/terraform-plan-and-apply@main + with: + terraform-folder: "terraform" + terraform-var-file: "tfvars/dev.tfvars" + terraform-backend-file: "backends/dev.backend.hcl" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - id: terraform-output + shell: bash + run: | + cd terraform + echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT + echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT + echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT + echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT + echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT + echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT + echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT + echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT + env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_USE_OIDC: true outputs: web_app_name: ${{ steps.terraform-output.outputs.web_app_name }} @@ -135,18 +86,18 @@ jobs: needs: [terraform-plan-and-apply-dev] steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/deploy-sql-database@main - with: - sql-args: /Variables:env=dev /Variables:instance=01 - sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }} - sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }} - project-folder: "src/database" - project-file: "database.sqlproj" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/deploy-sql-database@main + with: + sql-args: /Variables:env=dev /Variables:instance=01 + sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }} + sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }} + project-folder: "src/database" + project-file: "database.sqlproj" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} app-service-deploy-dev: environment: Development @@ -155,15 +106,15 @@ jobs: [dotnet-web-ci, deploy-sql-database-dev, terraform-plan-and-apply-dev] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - uses: frasermolyneux/actions/deploy-app-service@main - with: - web-artifact-name: "repository-webapi" - web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: frasermolyneux/actions/deploy-app-service@main + with: + web-artifact-name: "repository-webapi" + web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} run-api-integration-tests-dev: environment: Development @@ -171,40 +122,40 @@ jobs: needs: [app-service-deploy-dev, terraform-plan-and-apply-dev] steps: - - name: "Az CLI Login" - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - shell: bash - run: | - client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - - echo "::add-mask::$client_id" - echo "::add-mask::$client_secret" - echo "::add-mask::$client_tenant_id" - echo "::add-mask::$api_key" - - echo "int_test_client_id=$client_id" >> $GITHUB_ENV - echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV - echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV - echo "int_test_api_key=$api_key" >> $GITHUB_ENV - - - uses: frasermolyneux/actions/run-api-integration-tests@main - with: - dotnet-version: 7.0.x - src-folder: "src" - api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }} - api-key: ${{ env.int_test_api_key }} - api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }} - AZURE_CLIENT_ID: ${{ env.int_test_client_id }} - AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} - AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} + - name: "Az CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - shell: bash + run: | + client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + + echo "::add-mask::$client_id" + echo "::add-mask::$client_secret" + echo "::add-mask::$client_tenant_id" + echo "::add-mask::$api_key" + + echo "int_test_client_id=$client_id" >> $GITHUB_ENV + echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV + echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV + echo "int_test_api_key=$api_key" >> $GITHUB_ENV + + - uses: frasermolyneux/actions/run-api-integration-tests@main + with: + dotnet-version: 7.0.x + src-folder: "src" + api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }} + api-key: ${{ env.int_test_api_key }} + api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }} + AZURE_CLIENT_ID: ${{ env.int_test_client_id }} + AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} + AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} terraform-plan-prd: if: github.actor != 'dependabot[bot]' # dependabot context has no permissions to prod so skip this check @@ -213,13 +164,13 @@ jobs: needs: [terraform-plan-and-apply-dev] steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/terraform-plan@main - with: - terraform-folder: "terraform" - terraform-var-file: "tfvars/prd.tfvars" - terraform-backend-file: "backends/prd.backend.hcl" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/terraform-plan@main + with: + terraform-folder: "terraform" + terraform-var-file: "tfvars/prd.tfvars" + terraform-backend-file: "backends/prd.backend.hcl" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} diff --git a/.github/workflows/release-to-production.yml b/.github/workflows/release-to-production.yml index 83728685..460e7fe3 100644 --- a/.github/workflows/release-to-production.yml +++ b/.github/workflows/release-to-production.yml @@ -9,10 +9,7 @@ on: - cron: "0 3 * * 3" # Every Wednesday at 3am permissions: - id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - actions: read # Required by CodeQL - security-events: write # Required by CodeQL concurrency: # This is required to prevent multiple runs of the same workflow from running at the same time. group: ${{ github.workflow }} @@ -22,60 +19,14 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 1.11 - - - name: Cache SonarCloud packages - uses: actions/cache@v1 - with: - path: ~\sonar\cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Install SonarCloud scanners - shell: bash - run: | - cd src - dotnet tool install --global dotnet-sonarscanner - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: "csharp" - - - name: Begin SonarScanner - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - cd src - dotnet-sonarscanner begin /k:"frasermolyneux_portal-repository" /o:"frasermolyneux" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" - - - uses: frasermolyneux/actions/dotnet-web-ci@main - with: - dotnet-project: "repository-webapi" - dotnet-version: 7.0.x - src-folder: "src" - majorMinorVersion: "1.1" - - - name: End SonarScanner - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - cd src - dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:'csharp'" + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/dotnet-web-ci@main + with: + dotnet-project: "repository-webapi" + dotnet-version: 7.0.x + src-folder: "src" + majorMinorVersion: "1.1" publish-nuget-packages: environment: NuGet @@ -83,56 +34,56 @@ jobs: needs: [dotnet-web-ci] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - uses: frasermolyneux/actions/publish-nuget-packages@main - with: - artifact-name: "nuget-packages" - NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} + - uses: frasermolyneux/actions/publish-nuget-packages@main + with: + artifact-name: "nuget-packages" + NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} terraform-plan-and-apply-dev: environment: Development runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/terraform-plan-and-apply@main - with: - terraform-folder: "terraform" - terraform-var-file: "tfvars/dev.tfvars" - terraform-backend-file: "backends/dev.backend.hcl" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - id: terraform-output - shell: bash - run: | - cd terraform - echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT - echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT - echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT - echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT - echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT - echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT - echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT - echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT - env: - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_USE_OIDC: true - - outputs: - web_app_name: ${{ steps.terraform-output.outputs.web_app_name }} - web_app_resource_group: ${{ steps.terraform-output.outputs.web_app_resource_group }} - workload_public_url: ${{ steps.terraform-output.outputs.workload_public_url }} - sql_server_fqdn: ${{ steps.terraform-output.outputs.sql_server_fqdn }} - sql_database_name: ${{ steps.terraform-output.outputs.sql_database_name }} - key_vault_name: ${{ steps.terraform-output.outputs.key_vault_name }} - integration_tests_account_name: ${{ steps.terraform-output.outputs.integration_tests_account_name }} - api_audience: ${{ steps.terraform-output.outputs.api_audience }} + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/terraform-plan-and-apply@main + with: + terraform-folder: "terraform" + terraform-var-file: "tfvars/dev.tfvars" + terraform-backend-file: "backends/dev.backend.hcl" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - id: terraform-output + shell: bash + run: | + cd terraform + echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT + echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT + echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT + echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT + echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT + echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT + echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT + echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT + env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_USE_OIDC: true + + outputs: + web_app_name: ${{ steps.terraform-output.outputs.web_app_name }} + web_app_resource_group: ${{ steps.terraform-output.outputs.web_app_resource_group }} + workload_public_url: ${{ steps.terraform-output.outputs.workload_public_url }} + sql_server_fqdn: ${{ steps.terraform-output.outputs.sql_server_fqdn }} + sql_database_name: ${{ steps.terraform-output.outputs.sql_database_name }} + key_vault_name: ${{ steps.terraform-output.outputs.key_vault_name }} + integration_tests_account_name: ${{ steps.terraform-output.outputs.integration_tests_account_name }} + api_audience: ${{ steps.terraform-output.outputs.api_audience }} deploy-sql-database-dev: environment: Development @@ -140,18 +91,18 @@ jobs: needs: [terraform-plan-and-apply-dev] steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/deploy-sql-database@main - with: - sql-args: /Variables:env=dev /Variables:instance=01 - sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }} - sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }} - project-folder: "src/database" - project-file: "database.sqlproj" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/deploy-sql-database@main + with: + sql-args: /Variables:env=dev /Variables:instance=01 + sql-server-fqdn: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_server_fqdn }} + sql-database-name: ${{ needs.terraform-plan-and-apply-dev.outputs.sql_database_name }} + project-folder: "src/database" + project-file: "database.sqlproj" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} app-service-deploy-dev: environment: Development @@ -160,15 +111,15 @@ jobs: [dotnet-web-ci, deploy-sql-database-dev, terraform-plan-and-apply-dev] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - uses: frasermolyneux/actions/deploy-app-service@main - with: - web-artifact-name: "repository-webapi" - web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: frasermolyneux/actions/deploy-app-service@main + with: + web-artifact-name: "repository-webapi" + web-app-name: ${{ needs.terraform-plan-and-apply-dev.outputs.web_app_name }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} run-api-integration-tests-dev: environment: Development @@ -176,40 +127,40 @@ jobs: needs: [app-service-deploy-dev, terraform-plan-and-apply-dev] steps: - - name: "Az CLI Login" - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - shell: bash - run: | - client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) - - echo "::add-mask::$client_id" - echo "::add-mask::$client_secret" - echo "::add-mask::$client_tenant_id" - echo "::add-mask::$api_key" - - echo "int_test_client_id=$client_id" >> $GITHUB_ENV - echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV - echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV - echo "int_test_api_key=$api_key" >> $GITHUB_ENV - - - uses: frasermolyneux/actions/run-api-integration-tests@main - with: - dotnet-version: 7.0.x - src-folder: "src" - api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }} - api-key: ${{ env.int_test_api_key }} - api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }} - AZURE_CLIENT_ID: ${{ env.int_test_client_id }} - AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} - AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} + - name: "Az CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - shell: bash + run: | + client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-dev.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-dev.outputs.key_vault_name }}" --query value -o tsv) + + echo "::add-mask::$client_id" + echo "::add-mask::$client_secret" + echo "::add-mask::$client_tenant_id" + echo "::add-mask::$api_key" + + echo "int_test_client_id=$client_id" >> $GITHUB_ENV + echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV + echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV + echo "int_test_api_key=$api_key" >> $GITHUB_ENV + + - uses: frasermolyneux/actions/run-api-integration-tests@main + with: + dotnet-version: 7.0.x + src-folder: "src" + api-base-url: ${{ needs.terraform-plan-and-apply-dev.outputs.workload_public_url }} + api-key: ${{ env.int_test_api_key }} + api-audience: ${{ needs.terraform-plan-and-apply-dev.outputs.api_audience }} + AZURE_CLIENT_ID: ${{ env.int_test_client_id }} + AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} + AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} terraform-plan-and-apply-prd: environment: Production @@ -217,34 +168,34 @@ jobs: needs: [run-api-integration-tests-dev] steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/terraform-plan-and-apply@main - with: - terraform-folder: "terraform" - terraform-var-file: "tfvars/prd.tfvars" - terraform-backend-file: "backends/prd.backend.hcl" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - id: terraform-output - shell: bash - run: | - cd terraform - echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT - echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT - echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT - echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT - echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT - echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT - echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT - echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT - env: - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_USE_OIDC: true + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/terraform-plan-and-apply@main + with: + terraform-folder: "terraform" + terraform-var-file: "tfvars/prd.tfvars" + terraform-backend-file: "backends/prd.backend.hcl" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - id: terraform-output + shell: bash + run: | + cd terraform + echo "web_app_name=$(terraform output -raw web_app_name)" >> $GITHUB_OUTPUT + echo "web_app_resource_group=$(terraform output -raw web_app_resource_group)" >> $GITHUB_OUTPUT + echo "workload_public_url=$(terraform output -raw workload_public_url)" >> $GITHUB_OUTPUT + echo "sql_server_fqdn=$(terraform output -raw sql_server_fqdn)" >> $GITHUB_OUTPUT + echo "sql_database_name=$(terraform output -raw sql_database_name)" >> $GITHUB_OUTPUT + echo "key_vault_name=$(terraform output -raw key_vault_name)" >> $GITHUB_OUTPUT + echo "integration_tests_account_name=$(terraform output -raw integration_tests_account_name)" >> $GITHUB_OUTPUT + echo "api_audience=$(terraform output -raw api_audience)" >> $GITHUB_OUTPUT + env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_USE_OIDC: true outputs: web_app_name: ${{ steps.terraform-output.outputs.web_app_name }} @@ -262,18 +213,18 @@ jobs: needs: [terraform-plan-and-apply-prd] steps: - - uses: actions/checkout@v3 - - - uses: frasermolyneux/actions/deploy-sql-database@main - with: - sql-args: /Variables:env=prd /Variables:instance=01 - sql-server-fqdn: ${{ needs.terraform-plan-and-apply-prd.outputs.sql_server_fqdn }} - sql-database-name: ${{ needs.terraform-plan-and-apply-prd.outputs.sql_database_name }} - project-folder: "src/database" - project-file: "database.sqlproj" - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: actions/checkout@v3 + + - uses: frasermolyneux/actions/deploy-sql-database@main + with: + sql-args: /Variables:env=prd /Variables:instance=01 + sql-server-fqdn: ${{ needs.terraform-plan-and-apply-prd.outputs.sql_server_fqdn }} + sql-database-name: ${{ needs.terraform-plan-and-apply-prd.outputs.sql_database_name }} + project-folder: "src/database" + project-file: "database.sqlproj" + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} app-service-deploy-prd: environment: ProductionWebApps @@ -282,15 +233,15 @@ jobs: [dotnet-web-ci, deploy-sql-database-prd, terraform-plan-and-apply-prd] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - uses: frasermolyneux/actions/deploy-app-service@main - with: - web-artifact-name: "repository-webapi" - web-app-name: ${{ needs.terraform-plan-and-apply-prd.outputs.web_app_name }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: frasermolyneux/actions/deploy-app-service@main + with: + web-artifact-name: "repository-webapi" + web-app-name: ${{ needs.terraform-plan-and-apply-prd.outputs.web_app_name }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} run-api-integration-tests-prd: environment: Production @@ -298,37 +249,37 @@ jobs: needs: [app-service-deploy-prd, terraform-plan-and-apply-prd] steps: - - name: "Az CLI Login" - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - shell: bash - run: | - client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) - client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) - client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) - api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) - - echo "::add-mask::$client_id" - echo "::add-mask::$client_secret" - echo "::add-mask::$client_tenant_id" - echo "::add-mask::$api_key" - - echo "int_test_client_id=$client_id" >> $GITHUB_ENV - echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV - echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV - echo "int_test_api_key=$api_key" >> $GITHUB_ENV - - - uses: frasermolyneux/actions/run-api-integration-tests@main - with: - dotnet-version: 7.0.x - src-folder: "src" - api-base-url: ${{ needs.terraform-plan-and-apply-prd.outputs.workload_public_url }} - api-key: ${{ env.int_test_api_key }} - api-audience: ${{ needs.terraform-plan-and-apply-prd.outputs.api_audience }} - AZURE_CLIENT_ID: ${{ env.int_test_client_id }} - AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} - AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }} + - name: "Az CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - shell: bash + run: | + client_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-id" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) + client_secret=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-secret" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) + client_tenant_id=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-client-tenant-id" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) + api_key=$(az keyvault secret show --name "${{ needs.terraform-plan-and-apply-prd.outputs.integration_tests_account_name }}-api-key-primary" --vault-name "${{ needs.terraform-plan-and-apply-prd.outputs.key_vault_name }}" --query value -o tsv) + + echo "::add-mask::$client_id" + echo "::add-mask::$client_secret" + echo "::add-mask::$client_tenant_id" + echo "::add-mask::$api_key" + + echo "int_test_client_id=$client_id" >> $GITHUB_ENV + echo "int_test_client_secret=$client_secret" >> $GITHUB_ENV + echo "int_test_client_tenant_id=$client_tenant_id" >> $GITHUB_ENV + echo "int_test_api_key=$api_key" >> $GITHUB_ENV + + - uses: frasermolyneux/actions/run-api-integration-tests@main + with: + dotnet-version: 7.0.x + src-folder: "src" + api-base-url: ${{ needs.terraform-plan-and-apply-prd.outputs.workload_public_url }} + api-key: ${{ env.int_test_api_key }} + api-audience: ${{ needs.terraform-plan-and-apply-prd.outputs.api_audience }} + AZURE_CLIENT_ID: ${{ env.int_test_client_id }} + AZURE_CLIENT_SECRET: ${{ env.int_test_client_secret }} + AZURE_TENANT_ID: ${{ env.int_test_client_tenant_id }}