From f124527e22e2b6c0fea36ff3e490c459d938d026 Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Fri, 2 Feb 2024 09:17:06 +0100 Subject: [PATCH] restructure, rm init container and more --- .azure/applications/web-api-eu/main.bicep | 40 +------- .../applications/web-api-eu/test.bicepparam | 12 +-- .../web-api-migration-job/main.bicep | 1 - .azure/applications/web-api-so/main.bicep | 39 +------- .../applications/web-api-so/test.bicepparam | 10 +- .azure/modules/containerApp/main.bicep | 45 +-------- .github/tools/migrationVerifier.sh | 62 ++++++++++++ .github/workflows/action-deploy-apps.yml | 98 ++++++++++++++++--- .github/workflows/action-deploy-infra.yml | 19 ---- .github/workflows/ci-cd-main.yml | 7 +- .github/workflows/ci-cd-pull-request.yml | 4 +- 11 files changed, 165 insertions(+), 172 deletions(-) create mode 100644 .github/tools/migrationVerifier.sh diff --git a/.azure/applications/web-api-eu/main.bicep b/.azure/applications/web-api-eu/main.bicep index 25c514d9e..1487408fd 100644 --- a/.azure/applications/web-api-eu/main.bicep +++ b/.azure/applications/web-api-eu/main.bicep @@ -2,46 +2,26 @@ targetScope = 'resourceGroup' param imageTag string param gitSha string - param environment string param location string -// todo: this needs to be output from infrastructure.bicep and overkill with both id and name here lawl param containerAppEnvironmentId string - -param environmentKeyVaultName string - // todo: refactor to something else param appInsightConnectionString string - -// appConfiguration.outputs.name param appConfigurationName string @secure() -param sourceKeyVaultSubscriptionId string -@secure() -param sourceKeyVaultResourceGroup string -@secure() -param sourceKeyVaultName string - -var secrets = { - sourceKeyVaultSubscriptionId: sourceKeyVaultSubscriptionId - sourceKeyVaultResourceGroup: sourceKeyVaultResourceGroup - sourceKeyVaultName: sourceKeyVaultName -} +param environmentKeyVaultName string var namePrefix = 'dp-be-${environment}' var baseImageUrl = 'ghcr.io/digdir/dialogporten-' -// todo: can we mount the environment variables from app configuration directly? - -// todo: add bicepparam file - // todo: solve this some other way pls resource appConfig 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = { name: '${namePrefix}-appConfiguration' } +// todo: can we mount the environment variables from app configuration directly? var containerAppEnvVars = [ { name: 'ASPNETCORE_ENVIRONMENT' @@ -65,18 +45,10 @@ var containerAppEnvVars = [ } ] -resource srcKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = { - name: secrets.sourceKeyVaultName - scope: az.resourceGroup(secrets.sourceKeyVaultSubscriptionId, secrets.sourceKeyVaultResourceGroup) -} - resource environmentKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = { name: environmentKeyVaultName - scope: az.resourceGroup(secrets.sourceKeyVaultSubscriptionId, secrets.sourceKeyVaultResourceGroup) } -// todo: split the module into two. One for the migration job and one for the app itself - var containerAppName = '${namePrefix}-webapi-eu-ca' module containerApp '../../modules/containerApp/main.bicep' = { @@ -85,14 +57,9 @@ module containerApp '../../modules/containerApp/main.bicep' = { params: { name: containerAppName image: '${baseImageUrl}webapi:${imageTag}' - initContainerimage: '${baseImageUrl}migration-verifier:${imageTag}' location: location envVariables: containerAppEnvVars - migrationVerifierPrincipalAppId: srcKeyVaultResource.getSecret('MigrationVerificationInitContainerPrincipalAppId') - migrationVerifierPrincipalPassword: srcKeyVaultResource.getSecret('MigrationVerificationInitContainerPrincipalPassword') containerAppEnvId: containerAppEnvironmentId - // todo: get from input - migrationJobName: '${namePrefix}-migration-job' } } @@ -111,3 +78,6 @@ module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRole principalIds: [ containerApp.outputs.identityPrincipalId ] } } + +output name string = containerApp.outputs.name +output revisionName string = containerApp.outputs.revisionName diff --git a/.azure/applications/web-api-eu/test.bicepparam b/.azure/applications/web-api-eu/test.bicepparam index 1aeb06a1e..8070da91b 100644 --- a/.azure/applications/web-api-eu/test.bicepparam +++ b/.azure/applications/web-api-eu/test.bicepparam @@ -5,14 +5,8 @@ param location = 'norwayeast' param gitSha = readEnvironmentVariable('GIT_SHA', '') param imageTag = readEnvironmentVariable('IMAGE_TAG', '') -param containerAppEnvironmentId = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_ID', '') - -param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING', '') - -param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME', '') - // secrets -param sourceKeyVaultSubscriptionId = readEnvironmentVariable('SOURCE_KEY_VAULT_SUBSCRIPTION_ID', '') -param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RESOURCE_GROUP', '') -param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME', '') param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_NAME', '') +param containerAppEnvironmentId = readEnvironmentVariable('CONTAINTER_APP_ENVIRONMENT_ID', '') +param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING', '') +param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME', '') diff --git a/.azure/applications/web-api-migration-job/main.bicep b/.azure/applications/web-api-migration-job/main.bicep index 0b52ef2ef..dc03ea737 100644 --- a/.azure/applications/web-api-migration-job/main.bicep +++ b/.azure/applications/web-api-migration-job/main.bicep @@ -5,7 +5,6 @@ param imageTag string param environment string param location string -// todo: this needs to be output from infrastructure.bicep param containerAppEnvironmentId string @secure() diff --git a/.azure/applications/web-api-so/main.bicep b/.azure/applications/web-api-so/main.bicep index a0e34362d..b35475594 100644 --- a/.azure/applications/web-api-so/main.bicep +++ b/.azure/applications/web-api-so/main.bicep @@ -2,47 +2,26 @@ targetScope = 'resourceGroup' param imageTag string param gitSha string - param environment string param location string -// todo: this needs to be output from infrastructure.bicep and overkill with both id and name here lawl param containerAppEnvironmentId string - // todo: refactor to something else param appInsightConnectionString string - -// appConfiguration.outputs.name param appConfigurationName string @secure() param environmentKeyVaultName string -@secure() -param sourceKeyVaultSubscriptionId string -@secure() -param sourceKeyVaultResourceGroup string -@secure() -param sourceKeyVaultName string - -var secrets = { - sourceKeyVaultSubscriptionId: sourceKeyVaultSubscriptionId - sourceKeyVaultResourceGroup: sourceKeyVaultResourceGroup - sourceKeyVaultName: sourceKeyVaultName -} - var namePrefix = 'dp-be-${environment}' var baseImageUrl = 'ghcr.io/digdir/dialogporten-' -// todo: can we mount the environment variables from app configuration directly? - -// todo: add bicepparam file - // todo: solve this some other way pls resource appConfig 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = { name: '${namePrefix}-appConfiguration' } +// todo: can we mount the environment variables from app configuration directly? var containerAppEnvVars = [ { name: 'ASPNETCORE_ENVIRONMENT' @@ -66,18 +45,10 @@ var containerAppEnvVars = [ } ] -resource srcKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = { - name: secrets.sourceKeyVaultName - scope: az.resourceGroup(secrets.sourceKeyVaultSubscriptionId, secrets.sourceKeyVaultResourceGroup) -} - resource environmentKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = { name: environmentKeyVaultName - scope: az.resourceGroup(secrets.sourceKeyVaultSubscriptionId, secrets.sourceKeyVaultResourceGroup) } -// todo: split the module into two. One for the migration job and one for the app itself - var containerAppName = '${namePrefix}-webapi-so-ca' module containerApp '../../modules/containerApp/main.bicep' = { @@ -86,14 +57,9 @@ module containerApp '../../modules/containerApp/main.bicep' = { params: { name: containerAppName image: '${baseImageUrl}webapi:${imageTag}' - initContainerimage: '${baseImageUrl}migration-verifier:${imageTag}' location: location envVariables: containerAppEnvVars - migrationVerifierPrincipalAppId: srcKeyVaultResource.getSecret('MigrationVerificationInitContainerPrincipalAppId') - migrationVerifierPrincipalPassword: srcKeyVaultResource.getSecret('MigrationVerificationInitContainerPrincipalPassword') containerAppEnvId: containerAppEnvironmentId - // todo: get from input - migrationJobName: '${namePrefix}-migration-job' } } @@ -112,3 +78,6 @@ module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRole principalIds: [ containerApp.outputs.identityPrincipalId ] } } + +output name string = containerApp.outputs.name +output revisionName string = containerApp.outputs.revisionName diff --git a/.azure/applications/web-api-so/test.bicepparam b/.azure/applications/web-api-so/test.bicepparam index cec75830c..8070da91b 100644 --- a/.azure/applications/web-api-so/test.bicepparam +++ b/.azure/applications/web-api-so/test.bicepparam @@ -5,14 +5,8 @@ param location = 'norwayeast' param gitSha = readEnvironmentVariable('GIT_SHA', '') param imageTag = readEnvironmentVariable('IMAGE_TAG', '') +// secrets +param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_NAME', '') param containerAppEnvironmentId = readEnvironmentVariable('CONTAINTER_APP_ENVIRONMENT_ID', '') - param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING', '') - param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME', '') - -// secrets -param sourceKeyVaultSubscriptionId = readEnvironmentVariable('SOURCE_KEY_VAULT_SUBSCRIPTION_ID', '') -param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RESOURCE_GROUP', '') -param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME', '') -param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_NAME', '') diff --git a/.azure/modules/containerApp/main.bicep b/.azure/modules/containerApp/main.bicep index b25b4dafb..db4209a38 100644 --- a/.azure/modules/containerApp/main.bicep +++ b/.azure/modules/containerApp/main.bicep @@ -1,5 +1,4 @@ param location string -param initContainerimage string param envVariables array = [] param port int = 8080 param name string @@ -7,48 +6,6 @@ param image string param containerAppEnvId string -// todo: do we need this here? 🤔 -param migrationJobName string - -@secure() -param migrationVerifierPrincipalPassword string -@secure() -param migrationVerifierPrincipalAppId string - -// todo: refactor out the init containers & env variables -var initContainers = [ - { - name: '${name}-init' - image: initContainerimage - env: concat(envVariables, - [ - { - name: 'AZURE_TENANT_ID' - value: subscription().tenantId - } - { - name: 'SUBSCRIPTION_ID' - value: subscription().subscriptionId - } - { - name: 'AZURE_CLIENT_ID' - value: migrationVerifierPrincipalAppId - } - { - name: 'AZURE_CLIENT_SECRET' - value: migrationVerifierPrincipalPassword - } - { - name: 'MIGRATION_JOB_NAME' - value: migrationJobName - } - { - name: 'RESOURCE_GROUP_NAME' - value: resourceGroup().name - } - ]) - } ] - var probes = [ { periodSeconds: 5 @@ -93,7 +50,6 @@ resource containerApp 'Microsoft.App/containerApps@2023-05-01' = { minReplicas: 1 maxReplicas: 1 // temp disable scaling for outbox scheduling } - initContainers: initContainers containers: [ { name: name @@ -111,3 +67,4 @@ resource containerApp 'Microsoft.App/containerApps@2023-05-01' = { output identityPrincipalId string = containerApp.identity.principalId output name string = containerApp.name +output revisionName string = containerApp.properties.latestRevisionName diff --git a/.github/tools/migrationVerifier.sh b/.github/tools/migrationVerifier.sh new file mode 100644 index 000000000..d45667c1b --- /dev/null +++ b/.github/tools/migrationVerifier.sh @@ -0,0 +1,62 @@ +# todo: we might rename this into something more generic, as it can be used for any job execution +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +if [ -z "$2" ]; then + echo "Usage: $0 " + exit 1 +fi + +# todo: use something else than git sha to target the job execution +if [ -z "$3" ]; then + echo "Usage: $0 " + exit 1 +fi + +job_name="$1" +resource_group="$2" +git_sha="$3" +query_filter="[?properties.template.containers[?contains(image, '$git_sha')]].{name: name, status: properties.status} | [0]" + +verify_migration() { + local current_job_execution + + current_job_execution=$(az containerapp job execution list -n "$job_name" -g "$resource_group" --query "$query_filter" 2>/dev/null) + + if [ -z "$current_job_execution" ]; then + echo "No job execution found for migration $job_name" + return 1 + fi + + current_job_execution_name=$(echo $json_output | jq -r '.name') + current_job_execution_status=$(echo $json_output | jq -r '.status') + + echo "Job execution state for job $job_name status:" + echo "-----------------------------" + echo "Name: $current_job_execution_name" + echo "Running status: $current_job_execution_status" + echo " " + + # Check job execution status + if [[ $current_job_execution_status == "Succeeded"]]; then + return 0 # OK! + else + return 1 # Not OK! + fi +} + +attempt=1 + +# Loop until verified (GitHub action will do a timeout) +while true; do + if verify_migration; then + echo "Migration $job_name has succeeded" + break + else + echo "Attempt $attempt: Waiting for migration $job_name ..." + sleep 10 # Sleep for 10 seconds + attempt=$((attempt+1)) + fi +done \ No newline at end of file diff --git a/.github/workflows/action-deploy-apps.yml b/.github/workflows/action-deploy-apps.yml index 536b1d5d7..dbb3a6e55 100644 --- a/.github/workflows/action-deploy-apps.yml +++ b/.github/workflows/action-deploy-apps.yml @@ -1,5 +1,8 @@ name: Deploy apps +env: + AZ_CLI_VERSION: 2.56.0 + on: workflow_call: secrets: @@ -9,11 +12,7 @@ on: required: true AZURE_SUBSCRIPTION_ID: required: true - AZURE_SOURCE_KEY_VAULT_NAME: - required: true - AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: - required: true - AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: + AZURE_RESOURCE_GROUP_NAME: required: true AZURE_ENVIRONMENT_KEY_VAULT_NAME: required: true @@ -23,6 +22,8 @@ on: required: true AZURE_APP_CONFIGURATION_NAME: required: true + AZURE_ADO_CONNECTION_STRING_SECRET_URI: + required: true inputs: region: @@ -50,7 +51,74 @@ concurrency: # if the dryrun input is true, we want to cancel any running deployments in order to not block the pipeline cancel-in-progress: ${{ inputs.dryRun }} jobs: - deploy: + deploy-migration-job: + name: Deploy migration job to ${{ inputs.environment }} + runs-on: ubuntu-latest + if: ${{ !inputs.skip }} + # todo: solve this in another way + environment: "${{ !inputs.skipApproval && inputs.environment || 'test' }}" + permissions: + id-token: write + contents: read + steps: + - name: "Checkout GitHub Action" + uses: actions/checkout@v4 + + - name: OIDC Login to Azure Public Cloud + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Deploy migration job (${{ inputs.environment }}) + uses: azure/arm-deploy@v1 + id: deploy + env: + # parameters + GIT_SHA: ${{ github.sha }} + IMAGE_TAG: ${{ github.sha }} + # secrets + ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} + CONTAINER_APP_ENVIRONMENT_ID: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_ID }} + ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} + with: + scope: resourcegroup + template: ./.azure/applications/web-api-migration-job/main.bicep + resourceGroupName: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + # not needed becauase we sign in with the azure/login action using the subscriptionId + subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + deploymentMode: Incremental + deploymentName: "dp-be-${{ inputs.environment }}-web-api-migration-job-${{ github.sha }}" + region: ${{ inputs.region }} + failOnStdErr: true + additionalArguments: "${{inputs.dryRun && '--what-if'}}" + parameters: ./.azure/applications/web-api-migration-job/${{ inputs.environment }}.bicep + + - name: Start migration job + uses: azure/CLI@v1 + if: ${{!inputs.dryRun}} + with: + azcliversion: 2.56.0 + inlineScript: | + az containerapp job start -n ${{ steps.deploy.outputs.migrationJobName }} -g ${{ steps.deploy.outputs.resourceGroupName }} + + - name: Verify migration + uses: azure/CLI@v1 + if: ${{!inputs.dryRun}} + id: verify-migration + timeout-minutes: 3 + with: + azcliversion: ${{ env.AZ_CLI_VERSION }} + inlineScript: | + ./.github/tools/migrationVerifier.sh ${{ steps.deploy.outputs.migrationJobName }} ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} ${{ github.sha }} + + - name: Logout from azure + if: ${{failure() || success()}} + continue-on-error: true + run: az logout + + deploy-apps: name: Deploy ${{ matrix.name }} to ${{ inputs.environment }} runs-on: ubuntu-latest if: ${{ !inputs.skip }} @@ -83,17 +151,16 @@ jobs: # parameters GIT_SHA: ${{ github.sha }} IMAGE_TAG: ${{ github.sha }} + # secrets CONTAINER_APP_ENVIRONMENT_ID: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_ID }} APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} - # secrets - SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} - SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} - SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} with: - scope: subscription + scope: resourcegroup template: ./.azure/applications/${{ matrix.name }}/main.bicep + resourceGroupName: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + # not needed becauase we sign in with the azure/login action using the subscriptionId subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} deploymentMode: Incremental deploymentName: dp-be-${{ inputs.environment }}-${{ matrix.name }}-${{ github.sha }} @@ -102,14 +169,15 @@ jobs: additionalArguments: "${{inputs.dryRun && '--what-if'}}" parameters: ./.azure/applications/${{ matrix.name }}/${{ inputs.environment }}.bicep - # todo: move this out of this file - - name: Start migration job + - name: Verify deployment (${{ matrix.name }}) uses: azure/CLI@v1 if: ${{!inputs.dryRun}} + id: verify-deployment + timeout-minutes: 3 with: - azcliversion: 2.56.0 + azcliversion: ${{ env.AZ_CLI_VERSION }} inlineScript: | - az containerapp job start -n ${{ steps.deploy.outputs.migrationJobName }} -g ${{ steps.deploy.outputs.resourceGroupName }} + ./.github/tools/revisionVerifier.sh ${{ steps.deploy.outputs.revisionName }} ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} - name: Logout from azure if: ${{failure() || success()}} diff --git a/.github/workflows/action-deploy-infra.yml b/.github/workflows/action-deploy-infra.yml index a7720d9da..d94747e41 100644 --- a/.github/workflows/action-deploy-infra.yml +++ b/.github/workflows/action-deploy-infra.yml @@ -106,25 +106,6 @@ jobs: additionalArguments: "${{inputs.dryRun && '--what-if'}}" parameters: ./.azure/environments/${{ inputs.environment }}.bicepparam - - name: Start migration job - uses: azure/CLI@v1 - if: ${{!inputs.dryRun}} - with: - azcliversion: ${{ env.AZ_CLI_VERSION }} - inlineScript: | - az containerapp job start -n ${{ steps.deploy.outputs.migrationJobName }} -g ${{ steps.deploy.outputs.resourceGroupName }} - - - name: Verify deployment running - uses: azure/CLI@v1 - if: ${{!inputs.dryRun}} - id: verify-deployment - timeout-minutes: 3 - with: - azcliversion: ${{ env.AZ_CLI_VERSION }} - inlineScript: | - ./.github/tools/revisionVerifier.sh ${{ steps.deploy.outputs.webApiSoRevisionName }} ${{ steps.deploy.outputs.resourceGroupName }} - - - name: Logout from azure if: ${{failure() || success()}} continue-on-error: true diff --git a/.github/workflows/ci-cd-main.yml b/.github/workflows/ci-cd-main.yml index be730f1f3..f3d60113b 100644 --- a/.github/workflows/ci-cd-main.yml +++ b/.github/workflows/ci-cd-main.yml @@ -1,4 +1,4 @@ -name: Workflow +name: CI/CD Main on: workflow_dispatch: @@ -58,10 +58,9 @@ jobs: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} - AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} - AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }} # todo: consider resolving these in another way since they are created in the infra-step + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }} AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} AZURE_CONTAINER_APP_ENVIRONMENT_ID: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_ID }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} diff --git a/.github/workflows/ci-cd-pull-request.yml b/.github/workflows/ci-cd-pull-request.yml index ffa676f4e..f669b15f3 100644 --- a/.github/workflows/ci-cd-pull-request.yml +++ b/.github/workflows/ci-cd-pull-request.yml @@ -1,4 +1,4 @@ -name: PullRequest +name: CI/CD PullRequest on: pull_request: @@ -28,7 +28,7 @@ jobs: skip: ${{ needs.check-for-changes.outputs.hasAzureChanges != 'true' }} environment: "test" - dry-run-deploy: + dry-run-deploy-infra: uses: ./.github/workflows/action-deploy-infra.yml needs: ["check-for-changes", "build-infrastructure"] secrets: