OWASP_PyGoat_ci_cd #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OWASP_PyGoat_ci_cd | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| deployInfra: | |
| default: true | |
| type: boolean | |
| required: false | |
| subscriptionName: | |
| default: OWASP_IT Test | |
| type: string | |
| required: false | |
| baseName: | |
| default: gh-pygoat | |
| type: string | |
| required: false | |
| imageName: | |
| default: gh-pygoat | |
| type: string | |
| required: false | |
| location: | |
| default: canadacentral | |
| type: string | |
| required: false | |
| environmentName: | |
| default: dev | |
| type: string | |
| required: false | |
| instanceNumber: | |
| default: "006" | |
| type: string | |
| required: false | |
| teardown: | |
| description: Should teardown infrastructure? | |
| default: false | |
| type: boolean | |
| required: true | |
| push: | |
| branches: | |
| - master | |
| - "!features/experimental/*" | |
| paths: | |
| - Dockerfile | |
| - ".azuredevops/pipelines/main-ci-cd.yml" | |
| - infra/bicep/appservice/main.bicep | |
| - "!README.md" | |
| env: | |
| addAzureAdAppSettings: false | |
| azureSubscription: "${{ inputs.subscriptionName }}" | |
| baseName: ${{ inputs.baseName }}-${{ inputs.environmentName }}-${{ inputs.instanceNumber }} | |
| deployInfra: ${{ inputs.deployInfra }} | |
| deploymentName: infra-deployment | |
| dockerfilePath: "${{ github.workspace }}/Dockerfile" | |
| environmentName: ${{ inputs.environmentName }}-${{ inputs.instanceNumber }} | |
| imageName: ${{ inputs.imageName }} | |
| location: ${{ inputs.location }} | |
| resourceGroupName: rg-${{ inputs.baseName }}-${{ inputs.environmentName }}-${{ inputs.instanceNumber }} | |
| templateFile: "${{ github.workspace }}/infra/bicep/appservice/main.bicep" | |
| workingDirectory: "${{ github.workspace }}" | |
| workingDirectoryDockerContext: "${{ github.workspace }}" | |
| jobs: | |
| set_version-set_version: | |
| name: Set version | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.inputs.teardown != 'true' }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4.1.0 | |
| - uses: actions/checkout@v4.1.0 | |
| with: | |
| fetch-depth: 0 | |
| # # This item has no matching transformer | |
| # - task: gitversion/setup@3 | |
| # enabled: true | |
| # displayName: Install GitTools | |
| # inputs: | |
| # versionSpec: 5.x | |
| # # This item has no matching transformer | |
| # - task: gitversion/execute@3 | |
| # enabled: true | |
| # displayName: Calculate SemVer | |
| - name: Display calculated version | |
| run: echo current version is ${{ env.GitVersion_SemVer }} | |
| - name: Init git global config | |
| run: |- | |
| git config --global user.email ${{ env.Build_RequestedForEmail }} | |
| git config --global user.name ${{ github.actor }} | |
| - name: Create Git tag for current version | |
| run: |- | |
| git tag -a ${{ env.GitVersion_SemVer }} -m "Main version ${{ env.GitVersion_SemVer }}" | |
| git push origin ${{ env.GitVersion_SemVer }} | |
| deployInfra-deploy: | |
| name: Deploy Infra job | |
| needs: | |
| - set_version-set_version | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: ${{ inputs.environmentName }}-${{ inputs.instanceNumber }} | |
| if: success() && inputs.deployInfra == 'true' && inputs.teardown == 'false' | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4.1.0 | |
| - name: download artifact | |
| uses: actions/download-artifact@v4.1.0 | |
| - uses: actions/checkout@v4.1.0 | |
| - name: Azure CLI Login ${{ env.azureSubscription }} - deployInfra | |
| uses: azure/login@v1.6.0 | |
| with: | |
| creds: "${{ secrets.AZURE_CREDENTIALS }}" | |
| - name: Azure CLI Login ${{ env.azureSubscription }} - deployInfra | |
| run: |- | |
| echo "Deploying to Azure" | |
| az group create --name ${{ env.resourceGroupName }} \ | |
| --location ${{ env.location }} | |
| az deployment group create --name ${{ env.deploymentName }} \ | |
| --resource-group ${{ env.resourceGroupName }} \ | |
| --template-file ${{ env.templateFile }} \ | |
| --parameters baseName=${{ env.baseName }} \ | |
| --parameters imageName=${{ env.imageName }} \ | |
| --parameters addAzureAdAppSettings=${{ env.addAzureAdAppSettings }} | |
| shell: bash | |
| BuildAndPush-BuildImage: | |
| name: Build and push an image to container registry | |
| needs: | |
| - deployInfra-deploy | |
| runs-on: ubuntu-latest | |
| if: success() && inputs.teardown == 'false' | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4.1.0 | |
| - uses: actions/checkout@v4.1.0 | |
| with: | |
| fetch-depth: 0 | |
| # # This item has no matching transformer | |
| # - task: gitversion/setup@3 | |
| # enabled: true | |
| # displayName: Install GitTools | |
| # inputs: | |
| # versionSpec: 5.x | |
| # # This item has no matching transformer | |
| # - task: gitversion/execute@3 | |
| # enabled: true | |
| # displayName: Calculate SemVer | |
| - name: Display calculated version | |
| run: echo current version is ${{ env.GitVersion_SemVer }} | |
| - name: Get container registry ${{ env.azureSubscription }} | |
| uses: azure/login@v1.6.0 | |
| with: | |
| creds: "${{ secrets.AZURE_CREDENTIALS }}" | |
| - name: Get container registry ${{ env.azureSubscription }} | |
| id: get_container_registry | |
| run: |- | |
| echo "Getting container registry" | |
| containerRegistryName=$(az deployment group show --name ${{ env.deploymentName }} \ | |
| --resource-group ${{ env.resourceGroupName }} \ | |
| --query properties.outputs.containerRegistryName.value \ | |
| -o tsv) | |
| echo "Container Registry: $containerRegistryName" | |
| echo "##vso[task.setvariable variable=containerRegistry;isOutput=true]$containerRegistryName" | |
| shell: bash | |
| working-directory: "${{ env.workingDirectory }}" | |
| - name: Container Registry | |
| run: echo ${{ env.get_container_registry_containerRegistry }} | |
| - name: Build and push image ${{ env.azureSubscription }} | |
| uses: azure/login@v1.6.0 | |
| with: | |
| creds: "${{ secrets.AZURE_CREDENTIALS }}" | |
| - name: Build and push image ${{ env.azureSubscription }} | |
| run: |- | |
| echo "Building and pushing image to container registry" | |
| az acr build --registry ${{ env.get_container_registry_containerRegistry }} \ | |
| --image ${{ env.imageName }}:${{ github.run_id }} \ | |
| --image ${{ env.imageName }}:latest \ | |
| --file ${{ env.dockerfilePath }} \ | |
| ${{ env.workingDirectoryDockerContext }} | |
| shell: bash | |
| Teardown-Teardown: | |
| name: Teardown infrastructure | |
| needs: | |
| - BuildAndPush-BuildImage | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: "${{ inputs.environmentName }}-${{ inputs.instanceNumber }}_DESTROYED" | |
| if: ${{ github.event.inputs.teardown == 'true' }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4.1.0 | |
| - name: download artifact | |
| uses: actions/download-artifact@v4.1.0 | |
| - uses: azure/login@v1.6.0 | |
| with: | |
| creds: "${{ secrets.AZURE_CREDENTIALS }}" | |
| - run: az group delete --name "${{ env.resourceGroupName }}" --subscription "" --yes |