Deploy To Azure #37

Workflow file for this run

.github/workflows/azure-deploy.yml at 64b5d38

	name: Deploy To Azure

	permissions:
	id-token: write
	contents: read

	on:
	# workflow_dispatch:
	release:
	types: [created]
	# deployment:

	jobs:
	validate_infrastructure:
	runs-on: ubuntu-latest
	environment: azure-prod
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Login to Azure
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	- name: Lint Bicep
	run: \|
	az bicep build --file ./azure/bicep/main.bicep
	- name: Run what-if
	uses: azure/arm-deploy@v2
	with:
	subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	resourceGroupName: ${{ secrets.AZURE_RG }}
	template: ./azure/bicep/main.bicep
	parameters: >
	authOrigin=${{ secrets.AUTH_ORIGIN }}
	authSecret=${{ secrets.AUTH_SECRET }}
	ghClientId=${{ secrets.GH_CLIENT_ID }}
	ghClientSecret=${{ secrets.GH_CLIENT_SECRET }}
	postgresDb=${{ secrets.POSTGRES_DB }}
	postgresHost=${{ secrets.POSTGRES_HOST }}
	postgresPassword=${{ secrets.POSTGRES_PASSWORD }}
	postgresPort=${{ secrets.POSTGRES_PORT }}
	postgresUser=${{ secrets.POSTGRES_USER }}
	slackAdminMemberId=${{ secrets.SLACK_ADMIN_MEMBER_ID }}
	slackBotToken=${{ secrets.SLACK_BOT_TOKEN }}
	slackSigningSecret=${{ secrets.SLACK_SIGNING_SECRET }}
	scope: 'resourcegroup'
	deploymentMode: 'Incremental'
	failOnStdErr: false
	additionalArguments: --what-if
	- name: logout
	run: az logout
	build_app:
	name: Build
	runs-on: ubuntu-latest
	environment: azure-prod
	steps:
	- uses: actions/checkout@v4
	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 22.x
	cache: "npm"
	- name: Restore Cache
	uses: actions/cache@v4
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-
	- name: Install dependencies
	run: npm install
	- name: Typecheck
	run: npm run typecheck
	- name: 'Create env file'
	run: \|
	touch .env
	echo "POSTGRES_USER=${{secrets.POSTGRES_USER}}" > .env
	echo "POSTGRES_PASSWORD=${{secrets.POSTGRES_PASSWORD}}" >> .env
	echo "POSTGRES_HOST=${{secrets.POSTGRES_HOST}}" >> .env
	echo "POSTGRES_PORT=${{secrets.POSTGRES_PORT}}" >> .env
	echo "POSTGRES_DB=${{secrets.POSTGRES_DB}}" >> .env
	echo "GH_CLIENT_ID=${{secrets.GH_CLIENT_ID}}" >> .env
	echo "GH_CLIENT_SECRET=${{secrets.GH_CLIENT_SECRET}}" >> .env
	echo "AUTH_SECRET=${{secrets.AUTH_SECRET}}" >> .env
	echo "AUTH_ORIGIN=${{secrets.AUTH_ORIGIN}}" >> .env
	echo "SLACK_ADMIN_MEMBER_ID=${{secrets.SLACK_ADMIN_MEMBER_ID}}" >> .env
	echo "SLACK_BOT_TOKEN=${{secrets.SLACK_BOT_TOKEN}}" >> .env
	echo "SLACK_SIGNING_SECRET=${{secrets.SLACK_SIGNING_SECRET}}" >> .env
	- name: Build Application
	run: npm run build
	- name: Generate PWA Assets
	run: npm run generate-pwa-assets
	# - name: Run Unit Tests
	# run: npm run test
	- name: Upload artifact
	uses: actions/upload-artifact@v4
	with:
	name: build_artifact
	path: .output
	bicep-deploy:
	needs: validate_infrastructure
	environment: azure-prod
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Login to Azure
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	- name: Deploy Bicep
	uses: azure/arm-deploy@v2
	with:
	deploymentName: github-${{ github.run_number }}
	subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	resourceGroupName: ${{ secrets.AZURE_RG }}
	template: ./azure/bicep/main.bicep
	deploymentMode: 'Incremental'
	parameters: >
	authOrigin=${{ secrets.AUTH_ORIGIN }}
	authSecret=${{ secrets.AUTH_SECRET }}
	ghClientId=${{ secrets.GH_CLIENT_ID }}
	ghClientSecret=${{ secrets.GH_CLIENT_SECRET }}
	postgresDb=${{ secrets.POSTGRES_DB }}
	postgresHost=${{ secrets.POSTGRES_HOST }}
	postgresPassword=${{ secrets.POSTGRES_PASSWORD }}
	postgresPort=${{ secrets.POSTGRES_PORT }}
	postgresUser=${{ secrets.POSTGRES_USER }}
	slackAdminMemberId=${{ secrets.SLACK_ADMIN_MEMBER_ID }}
	slackBotToken=${{ secrets.SLACK_BOT_TOKEN }}
	slackSigningSecret=${{ secrets.SLACK_SIGNING_SECRET }}
	scope: 'resourcegroup'
	failOnStdErr: false
	- name: logout
	run: az logout
	deploy_app:
	needs: [build_app, bicep-deploy, apply_db_migrations]
	runs-on: ubuntu-latest
	environment: azure-prod
	steps:
	- name: Login to Azure
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	- name: Download artifact
	uses: actions/download-artifact@v4
	with:
	name: build_artifact
	path: .output
	- name: Deploy app to Azure
	uses: azure/webapps-deploy@v2
	with:
	app-name: 'app-cathedral'
	package: .output
	- name: logout
	run: az logout
	apply_db_migrations:
	needs: [bicep-deploy]
	runs-on: ubuntu-latest
	environment: azure-prod
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 22.x
	cache: "npm"
	- name: Restore Cache
	uses: actions/cache@v4
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-
	- name: Install dependencies
	run: npm install
	- name: 'Create env file'
	run: \|
	touch .env
	echo "POSTGRES_USER=${{secrets.POSTGRES_USER}}" > .env
	echo "POSTGRES_PASSWORD=${{secrets.POSTGRES_PASSWORD}}" >> .env
	echo "POSTGRES_HOST=${{secrets.POSTGRES_HOST}}" >> .env
	echo "POSTGRES_PORT=${{secrets.POSTGRES_PORT}}" >> .env
	echo "POSTGRES_DB=${{secrets.POSTGRES_DB}}" >> .env
	echo "GH_CLIENT_ID=${{secrets.GH_CLIENT_ID}}" >> .env
	echo "GH_CLIENT_SECRET=${{secrets.GH_CLIENT_SECRET}}" >> .env
	echo "AUTH_SECRET=${{secrets.AUTH_SECRET}}" >> .env
	echo "AUTH_ORIGIN=${{secrets.AUTH_ORIGIN}}" >> .env
	- name: Login to Azure
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	- name: Test Connection
	run: \|
	npm run orm-debug
	- name: List Pending Migrations
	run: \|
	npm run orm-list-pending-migrations
	- name: Run migrations
	run: \|
	npm run orm-run-pending-migrations
	- name: Seed Database defaults
	run: \|
	npm run orm-seed-users
	npm run orm-seed-roles
	- name: logout
	run: az logout

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy To Azure #37

Workflow file

Deploy To Azure #37

Jobs

Run details

Workflow file for this run