Deploy to AKS #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to AKS | |
| on: | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| env: | |
| # NOTE: in a production setting the following values should all be stored as GitHub secrets | |
| # General | |
| RESOURCE_GROUP: hvalfangstresourcegroup | |
| LOCATION: West Europe | |
| # Azure Container Registry | |
| ACR_USERNAME: hvalfangstcontainerregistry | |
| CONTAINER_REGISTRY: hvalfangstcontainerregistry.azurecr.io | |
| IMAGE_NAME: hvalfangst-zoo | |
| # Kubernetes | |
| DEPLOYMENT_NAME: fastapi-deployment | |
| CLUSTER_NAME: hvalfangst-cluster | |
| # Azure Key Vault | |
| AZURE_KEYVAULT_NAME: hvalfangstkeyvault | |
| ANIMALS: animals-list | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Run Azure Login with Service Principal | |
| run: | | |
| az login --service-principal --username ${{ secrets.AZURE_CLIENT_ID }} --password ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} | |
| - name: Get Secret from Key Vault | |
| id: get_secret | |
| run: | | |
| secret_value=$(az keyvault secret show --name ${{ env.ANIMALS }} --vault-name ${{ env.AZURE_KEYVAULT_NAME }} --query value -o tsv) | |
| echo "SUPER_EXCITING_SECRET=${secret_value}" >> $GITHUB_ENV | |
| echo "::add-mask::$secret_value" | |
| - name: Login to Azure Container Registry | |
| uses: azure/docker-login@v1 | |
| with: | |
| login-server: ${{ env.CONTAINER_REGISTRY }} | |
| username: ${{ env.ACR_USERNAME }} | |
| password: ${{ secrets.ACR_PASSWORD }} | |
| - name: Build and push Docker image | |
| run: | | |
| docker build -t ${{ env.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} --build-arg ANIMALS=${{ env.SUPER_EXCITING_SECRET }} . | |
| docker push ${{ env.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| - name: Set AKS context | |
| id: set-context | |
| uses: azure/aks-set-context@v3 | |
| with: | |
| resource-group: ${{ env.RESOURCE_GROUP }} | |
| cluster-name: ${{ env.CLUSTER_NAME }} | |
| - name: Setup kubectl | |
| id: install-kubectl | |
| uses: azure/setup-kubectl@v3 | |
| - name: Deploy to AKS | |
| id: deploy-aks | |
| uses: Azure/k8s-deploy@v4 | |
| with: | |
| namespace: 'default' | |
| manifests: | | |
| k8s/fat-deployment.yml | |
| images: '${{ env.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}' | |
| pull-images: true |