Deploy_To_Dev_Function_On_Push #1054
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy_To_Dev_Function_On_Push | |
| on: | |
| workflow_dispatch: # Allow Manual Run from GitHub | |
| push: | |
| paths-ignore: # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
| - '**/README.md' # don't run on README.md file updates anywhere in repo | |
| - '**/dependabot.yml' | |
| - '.github/workflows/prod-func-deploy.yml' | |
| - '.github/workflows/develop-func-ci.yml' | |
| - 'docs/*' | |
| - '.vscode/*' | |
| branches: | |
| - develop | |
| schedule: | |
| - cron: '19 04 * * *' # 0419am daily | |
| env: | |
| NAME: iativalidator | |
| STAGE: dev # suffix to indicate environment stage | |
| TAG: ${{ github.sha }} | |
| AZURE_CREDENTIALS: ${{ secrets.DEV_AZURE_CREDENTIALS }} | |
| REDIS_HOSTNAME: ${{ secrets.DEV_REDIS_HOSTNAME }} | |
| REDIS_PORT: ${{ secrets.REDIS_PORT }} | |
| REDIS_KEY: ${{ secrets.DEV_REDIS_KEY }} | |
| REDIS_CACHE_SEC: 86400 | |
| API_KEY: ${{ secrets.DEV_API_KEY }} | |
| VALIDATOR_SERVICES_URL: ${{ secrets.DEV_VALIDATOR_SERVICES_URL }} | |
| VALIDATOR_SERVICES_KEY_NAME: ${{ secrets.VALIDATOR_SERVICES_KEY_NAME }} | |
| VALIDATOR_SERVICES_KEY_VALUE: ${{ secrets.DEV_VALIDATOR_SERVICES_KEY_VALUE }} | |
| ACR_LOGIN_SERVER: ${{ secrets.ACR_LOGIN_SERVER }} | |
| ACR_USERNAME: ${{ secrets.ACR_USERNAME }} | |
| ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }} | |
| KV_URI: ${{ secrets.DEV_KV_URI }} | |
| BASIC_GITHUB_TOKEN: ${{ secrets.BASIC_GITHUB_TOKEN }} | |
| DATASTORE_SERVICES_URL: ${{ secrets.DEV_DATASTORE_SERVICES_URL }} | |
| DATASTORE_SERVICES_AUTH_HTTP_HEADER_NAME: ${{ secrets.DEV_DATASTORE_SERVICES_AUTH_HTTP_HEADER_NAME }} | |
| DATASTORE_SERVICES_AUTH_HTTP_HEADER_VALUE: ${{ secrets.DEV_DATASTORE_SERVICES_AUTH_HTTP_HEADER_VALUE }} | |
| DATASTORE_SERVICES_IATI_IDENTIFIERS_EXIST_MAX_NUMBER_OF_IDS: ${{ secrets.DEV_DATASTORE_SERVICES_IATI_IDENTIFIERS_EXIST_MAX_NUMBER_OF_IDS }} | |
| jobs: | |
| should_run: | |
| uses: IATI/.github/.github/workflows/should_run.yaml@main | |
| build-test-deploy: | |
| needs: should_run | |
| if: ${{ needs.should_run.outputs.should_run == 'true' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout GitHub Action' | |
| uses: actions/checkout@v4 | |
| - name: 'Login via Azure CLI' | |
| uses: azure/[email protected] | |
| with: | |
| creds: ${{ env.AZURE_CREDENTIALS }} # Service Principal credentials saved in GitHub Secrets | |
| - name: 'Docker Login' | |
| uses: azure/docker-login@v1 | |
| with: | |
| login-server: ${{ env.ACR_LOGIN_SERVER }} | |
| username: ${{ env.ACR_USERNAME }} | |
| password: ${{ env.ACR_PASSWORD }} | |
| - name: 'Compose Customized Docker Image' | |
| run: | | |
| docker build . -t ${{ env.ACR_LOGIN_SERVER }}/func-$NAME-$STAGE:$TAG | |
| docker push ${{ env.ACR_LOGIN_SERVER }}/func-$NAME-$STAGE:$TAG | |
| - name: Set Env variables on app service | |
| uses: Azure/[email protected] | |
| with: | |
| app-name: func-${{env.NAME}}-${{env.STAGE}} | |
| app-settings-json: | | |
| [ | |
| { | |
| "name": "REDIS_HOSTNAME", | |
| "value": "${{ env.REDIS_HOSTNAME }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "REDIS_KEY", | |
| "value": "${{ env.REDIS_KEY }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "REDIS_PORT", | |
| "value": "${{ env.REDIS_PORT }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "REDIS_CACHE_SEC", | |
| "value": "${{ env.REDIS_CACHE_SEC }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "VALIDATOR_SERVICES_URL", | |
| "value": "${{ env.VALIDATOR_SERVICES_URL }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "VALIDATOR_SERVICES_KEY_NAME", | |
| "value": "${{ env.VALIDATOR_SERVICES_KEY_NAME }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "VALIDATOR_SERVICES_KEY_VALUE", | |
| "value": "${{ env.VALIDATOR_SERVICES_KEY_VALUE }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "DOCKER_REGISTRY_SERVER_URL", | |
| "value": "${{ env.ACR_LOGIN_SERVER }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "DOCKER_REGISTRY_SERVER_PASSWORD", | |
| "value": "${{ env.ACR_PASSWORD }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "DOCKER_REGISTRY_SERVER_USERNAME", | |
| "value": "${{ env.ACR_USERNAME }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "AzureWebJobsSecretStorageType", | |
| "value": "keyvault", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "AzureWebJobsSecretStorageKeyVaultUri", | |
| "value": "${{ env.KV_URI }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "BASIC_GITHUB_TOKEN", | |
| "value": "${{ env.BASIC_GITHUB_TOKEN }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "languageWorkers__node__arguments", | |
| "value": "--max-old-space-size=6656", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "DATASTORE_SERVICES_URL", | |
| "value": "${{ env.DATASTORE_SERVICES_URL }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "DATASTORE_SERVICES_AUTH_HTTP_HEADER_NAME", | |
| "value": "${{ env.DATASTORE_SERVICES_AUTH_HTTP_HEADER_NAME }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "DATASTORE_SERVICES_AUTH_HTTP_HEADER_VALUE", | |
| "value": "${{ env.DATASTORE_SERVICES_AUTH_HTTP_HEADER_VALUE }}", | |
| "slotSetting": false | |
| }, | |
| { | |
| "name": "DATASTORE_SERVICES_IATI_IDENTIFIERS_EXIST_MAX_NUMBER_OF_IDS", | |
| "value": "${{ env.DATASTORE_SERVICES_IATI_IDENTIFIERS_EXIST_MAX_NUMBER_OF_IDS }}", | |
| "slotSetting": false | |
| } | |
| ] | |
| - name: 'Run Azure Functions Container Action' | |
| uses: Azure/functions-container-action@v1 | |
| with: | |
| app-name: func-${{ env.NAME }}-${{ env.STAGE }} | |
| image: ${{ env.ACR_LOGIN_SERVER }}/func-${{ env.NAME}}-${{ env.STAGE }}:${{ env.TAG }} | |
| - name: 'Tag resource for Tech Climate Impact' | |
| uses: 'azure/[email protected]' | |
| with: | |
| azcliversion: 2.30.0 | |
| inlineScript: | | |
| az resource tag \ | |
| --tags env=$STAGE avgCPU=true ACU=true ACUvalue=420 \ | |
| --resource-group "rg-${{ env.NAME }}-${{ env.STAGE }}" \ | |
| --name "func-${{ env.NAME }}-${{ env.STAGE }}" \ | |
| --resource-type "Microsoft.Web/sites" | |
| integration-test: | |
| needs: build-test-deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Wait for 3 minutes' | |
| run: sleep 180 | |
| - name: 'Checkout GitHub Action' | |
| uses: actions/checkout@v4 | |
| - name: 'Install newman' | |
| run: | | |
| sudo npm i -g newman | |
| - name: 'Run integration tests' | |
| run: | | |
| newman run integration-tests/js-validator-api-tests.postman_collection.json \ | |
| -e integration-tests/envs/func-iativalidator-dev.postman_environment.json \ | |
| --working-dir integration-tests/test-files \ | |
| --env-var keyValue=$API_KEY \ | |
| --delay-request 50 | |
| # Mark status checks success/fail on dependabot commits for scheduled deploys | |
| status_check_success: | |
| needs: [build-test-deploy, integration-test] | |
| if: success() && github.event_name == 'schedule' | |
| uses: IATI/.github/.github/workflows/status_check_success.yaml@main | |
| status_check_failure: | |
| needs: [build-test-deploy, integration-test] | |
| if: failure() && github.event_name == 'schedule' | |
| uses: IATI/.github/.github/workflows/status_check_failure.yaml@main |