Skip to content

Update keyvault.tf

Update keyvault.tf #9

# composite workflow to test the azd deployment of the app
# uses a github federated identity
name: Test AZD Deployment
on:
push:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
deploy:
outputs:
storeAdminIp: ${{ steps.kubectl_get_service.outputs.STORE_ADMIN_IP }}
storeFrontIp: ${{ steps.kubectl_get_service.outputs.STORE_FRONT_IP }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
.azure/
key: ${{ runner.os }}-azd-${{ hashFiles('infra/**') }}-${{ env.BUST_CACHE }}-${{ github.sha }}
- name: Install azd
uses: Azure/[email protected]
- name: Install Nodejs
uses: actions/setup-node@v3
with:
node-version: 18
- name: Login az
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set az account
uses: azure/CLI@v1
with:
inlineScript: |
az account set --subscription ${{vars.AZURE_SUBSCRIPTION_ID}}
- name: Log in with Azure
run: |
$info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
Write-Host "::add-mask::$($info.clientSecret)"
azd auth login `
--client-id "$($info.clientId)" `
--client-secret "$($info.clientSecret)" `
--tenant-id "$($info.tenantId)"
shell: pwsh
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
- name: Provision Infrastructure
run: azd provision --no-prompt
env:
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }}
ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
- name: Deploy Application
run: azd deploy --no-prompt
env:
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
- name: Get Store IPs
id: kubectl_get_service
run: |
eval $(azd env get-values)
az aks get-credentials --resource-group $AZURE_RESOURCEGROUP_NAME --name $AZURE_AKS_CLUSTER_NAME
storeAdminIp=$(kubectl get service store-admin -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
while [ -z "$storeAdminIp" ]; do
sleep 60
storeAdminIp=$(kubectl get service store-admin -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
done
echo "STORE_ADMIN_IP=${storeAdminIp}"
echo "STORE_ADMIN_IP=${storeAdminIp}" >> "$GITHUB_OUTPUT"
storeFrontIp=$(kubectl get service store-front -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
while [ -z "$storeFrontIp" ]; do
sleep 60
storeFrontIp=$(kubectl get service store-front -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
done
echo "STORE_FRONT_IP=${storeFrontIp}"
echo "STORE_FRONT_IP=${storeFrontIp}" >> "$GITHUB_OUTPUT"
playwright-tests:
needs: deploy
uses: ./.github/workflows/test-playwright.yaml
with:
storeAdminUrl: 'http://${{ needs.deploy.outputs.storeAdminIp }}'
storeFrontUrl: 'http://${{ needs.deploy.outputs.storeFrontIp }}'
teardown:
if: always()
needs: playwright-tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
.azure/
key: ${{ runner.os }}-azd-${{ hashFiles('infra/**') }}-${{ env.BUST_CACHE }}-${{ github.sha }}
- name: Install azd
uses: Azure/[email protected]
- name: Install Nodejs
uses: actions/setup-node@v3
with:
node-version: 18
- name: Login az
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set az account
uses: azure/CLI@v1
with:
inlineScript: |
az account set --subscription ${{vars.AZURE_SUBSCRIPTION_ID}}
- name: Log in with Azure
run: |
$info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
Write-Host "::add-mask::$($info.clientSecret)"
azd auth login `
--client-id "$($info.clientId)" `
--client-secret "$($info.clientSecret)" `
--tenant-id "$($info.tenantId)"
shell: pwsh
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azd down
run: azd down --no-prompt --force --purge
env:
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }}
ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}