diff --git a/.github/workflows/cms.yaml b/.github/workflows/cms.yaml index adcb01a..b3f9bf4 100644 --- a/.github/workflows/cms.yaml +++ b/.github/workflows/cms.yaml @@ -21,10 +21,10 @@ jobs: environment: production outputs: containerRegistryName: ${{ steps.deployinfra.outputs.containerRegistryName }} - containerAppEnvironmentName: ${{ steps.deployinfra.outputs.containerAppEnvironmentName }} - containerAppName: ${{ steps.deployinfra.outputs.containerAppName }} resourceGroupName: ${{ steps.deployinfra.outputs.resourceGroupName }} resourceLocation: ${{ steps.deployinfra.outputs.resourceLocation }} + containerAppEnvironmentName: ${{ steps.deploycms.outputs.containerAppEnvironmentName }} + containerAppName: ${{ steps.deploycms.outputs.containerAppName }} steps: - uses: actions/checkout@v4 @@ -41,8 +41,22 @@ jobs: with: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} scope: "subscription" - template: ./infrastructure/cms/cms.bicep - parameters: "environment=production databaseClient=${{ vars.CMS_DATABASE_CLIENT }}" + template: ./infrastructure/cms/infrastructure.bicep + parameters: "environment=production" + region: ${{ vars.AZURE_REGION }} + + - name: Deploy CMS application + id: deploycms + uses: azure/arm-deploy@v2 + with: + scope: "resourcegroup" + resourceGroupName: ${{ steps.deployinfra.outputs.resourceGroupName }} + template: ./infrastructure/cms/main.bicep + parameters: > + databaseClient=${{ vars.CMS_DATABASE_CLIENT }} + logAnalyticsWorkspaceName=${{ steps.deployinfra.outputs.logAnalyticsWorkspaceName }} + keyVaultName=${{ steps.deployinfra.outputs.keyVaultName }} + identityResourceId=${{ steps.deployinfra.outputs.identityResourceId }} region: ${{ vars.AZURE_REGION }} push_image_to_acr: diff --git a/infrastructure/cms/cms.bicep b/infrastructure/cms/cms.bicep deleted file mode 100644 index 2df5415..0000000 --- a/infrastructure/cms/cms.bicep +++ /dev/null @@ -1,84 +0,0 @@ -import { appendHash } from '../utilities.bicep' - -targetScope = 'subscription' - -param environment string -param databaseClient string - -resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = { - name: 'rg-strapi-playground-${environment}' - location: deployment().location -} - -module cmsIdentity '../modules/identity.bicep' = { - scope: resourceGroup - name: 'deployCmsIdentity' - params: { - identityName: 'id-cms' - } -} - -module keyVault '../modules/keyVault.bicep' = { - scope: resourceGroup - name: 'deployCmsKeyVault' - params: { - keyVaultName: 'kv-cms' - cmsIdentityPrincipalId: cmsIdentity.outputs.cmsIdentityPrincipalId - } -} - -module containerRegistry '../modules/registry.bicep' = { - scope: resourceGroup - name: 'deployContainerRegistry' -} - -module logAnalyticsWorkspace '../modules/logAnalytics.bicep' = { - scope: resourceGroup - name: 'deployLogAnalytics' -} - -module cmsContainerApp '../modules/containerApp.bicep' = { - scope: resourceGroup - name: 'deployCmsContainer' - params: { - containerAppEnvironmentName: 'cae-cms' - containerAppName: 'ca-cms' - imageName: 'nginx:latest' - logAnalyicsWorkspaceName: logAnalyticsWorkspace.outputs.resourceName - keyVaultName: keyVault.outputs.resourceName - targetPort: 1337 - cmsIdentityResourceId: cmsIdentity.outputs.cmsIdentityResourceId - environmentVariables: [ - { - name: 'DATABASE_CLIENT' - value: databaseClient - } - ] - secrets: [ - 'APP_KEYS' - 'API_TOKEN_SALT' - 'ADMIN_JWT_SECRET' - 'TRANSFER_TOKEN_SALT' - 'JWT_SECRET' - 'DATABASE_USERNAME' - 'DATABASE_PASSWORD' - ] - } -} - -module mysql '../modules/sql.bicep' = { - scope: resourceGroup - name: 'deployMysql' - params: { - cmsIdentityPrincipalId: cmsIdentity.outputs.cmsIdentityPrincipalId - cmsIdentityResourceId: cmsIdentity.outputs.cmsIdentityResourceId - cmsIdentityTenantId: cmsIdentity.outputs.cmsIdentityTenantId - cmsIdentityName: cmsIdentity.outputs.cmsIdentityName - } -} - -output containerRegistryName string = containerRegistry.outputs.containerRegistryName -output containerAppEnvironmentName string = cmsContainerApp.outputs.containerAppEnvironmentName -output containerAppName string = cmsContainerApp.outputs.containerAppName -output resourceGroupName string = resourceGroup.name -output resourceLocation string = resourceGroup.location diff --git a/infrastructure/cms/infrastructure.bicep b/infrastructure/cms/infrastructure.bicep new file mode 100644 index 0000000..c5b2870 --- /dev/null +++ b/infrastructure/cms/infrastructure.bicep @@ -0,0 +1,53 @@ +targetScope = 'subscription' + +param environment string + +resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = { + name: 'rg-strapi-playground-${environment}' + location: deployment().location +} + +module cmsIdentity '../modules/identity.bicep' = { + scope: resourceGroup + name: 'deployCmsIdentity' + params: { + identityName: 'id-cms' + } +} + +module keyVault '../modules/keyVault.bicep' = { + scope: resourceGroup + name: 'deployCmsKeyVault' + params: { + keyVaultName: 'kv-cms' + cmsIdentityPrincipalId: cmsIdentity.outputs.principalId + } +} + +module containerRegistry '../modules/registry.bicep' = { + scope: resourceGroup + name: 'deployContainerRegistry' +} + +module logAnalyticsWorkspace '../modules/logAnalytics.bicep' = { + scope: resourceGroup + name: 'deployLogAnalytics' +} + +module mysql '../modules/sql.bicep' = { + scope: resourceGroup + name: 'deployMysql' + params: { + cmsIdentityPrincipalId: cmsIdentity.outputs.principalId + cmsIdentityResourceId: cmsIdentity.outputs.resourceId + cmsIdentityTenantId: cmsIdentity.outputs.tenantId + cmsIdentityName: cmsIdentity.outputs.resourceName + } +} + +output resourceGroupName string = resourceGroup.name +output resourceLocation string = resourceGroup.location +output containerRegistryName string = containerRegistry.outputs.registryName +output logAnalyticsWorkspaceName string = logAnalyticsWorkspace.outputs.resourceName +output keyVaultName string = keyVault.outputs.resourceName +output identityResourceId string = cmsIdentity.outputs.resourceId diff --git a/infrastructure/cms/main.bicep b/infrastructure/cms/main.bicep new file mode 100644 index 0000000..24d4b8c --- /dev/null +++ b/infrastructure/cms/main.bicep @@ -0,0 +1,37 @@ +import { appendHash } from '../utilities.bicep' + +param databaseClient string +param logAnalyticsWorkspaceName string +param keyVaultName string +param identityResourceId string + +module cmsContainerApp '../modules/containerApp.bicep' = { + name: 'deployCmsContainer' + params: { + containerAppEnvironmentName: 'cae-cms' + containerAppName: 'ca-cms' + imageName: 'nginx:latest' + logAnalyicsWorkspaceName: logAnalyticsWorkspaceName + keyVaultName: keyVaultName + targetPort: 1337 + cmsIdentityResourceId: identityResourceId + environmentVariables: [ + { + name: 'DATABASE_CLIENT' + value: databaseClient + } + ] + secrets: [ + 'APP_KEYS' + 'API_TOKEN_SALT' + 'ADMIN_JWT_SECRET' + 'TRANSFER_TOKEN_SALT' + 'JWT_SECRET' + 'DATABASE_USERNAME' + 'DATABASE_PASSWORD' + ] + } +} + +output containerAppEnvironmentName string = cmsContainerApp.outputs.containerAppEnvironmentName +output containerAppName string = cmsContainerApp.outputs.containerAppName diff --git a/infrastructure/modules/identity.bicep b/infrastructure/modules/identity.bicep index 056e4a0..044077b 100644 --- a/infrastructure/modules/identity.bicep +++ b/infrastructure/modules/identity.bicep @@ -7,7 +7,7 @@ resource cmsIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-3 location: resourceGroup().location } -output cmsIdentityResourceId string = cmsIdentity.id -output cmsIdentityPrincipalId string = cmsIdentity.properties.principalId -output cmsIdentityTenantId string = cmsIdentity.properties.tenantId -output cmsIdentityName string = cmsIdentity.name +output resourceId string = cmsIdentity.id +output principalId string = cmsIdentity.properties.principalId +output tenantId string = cmsIdentity.properties.tenantId +output resourceName string = cmsIdentity.name diff --git a/infrastructure/modules/registry.bicep b/infrastructure/modules/registry.bicep index 3c962ba..a58786f 100644 --- a/infrastructure/modules/registry.bicep +++ b/infrastructure/modules/registry.bicep @@ -10,4 +10,4 @@ resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' = } } -output containerRegistryName string = containerRegistry.name +output registryName string = containerRegistry.name