Skip to content

Incorporated OIDC for authenticating towards Azure in GH Action #56

Incorporated OIDC for authenticating towards Azure in GH Action

Incorporated OIDC for authenticating towards Azure in GH Action #56

name: CI/CD
on:
push:
branches:
- main
workflow_dispatch:
env:
AZURE_FUNCTIONAPP_PACKAGE_PATH: '.'
PYTHON_VERSION: '3.11'
STORAGE_ACCOUNT_NAME: 'hvalfangststorageaccount'
jobs:
build-function:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Python version
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Create and start virtual environment
run: |
python -m venv venv
source venv/bin/activate
- name: Install dependencies
run: pip install -r hvalfangst_function/requirements.txt
- name: Zip artifact for deployment
run: cd hvalfangst_function && zip -r ../release.zip ./*
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v3
with:
name: hvalfangst-function-app
path: |
release.zip
!venv/
deploy-function:
runs-on: ubuntu-latest
needs: build-function
environment:
name: 'Production'
url: ${{ steps.deploy-to-function.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v3
with:
name: hvalfangst-function-app
- name: Unzip artifact for deployment
run: unzip release.zip
- name: Deploy to Azure Functions
uses: Azure/functions-action@v1
id: deploy-to-function
with:
app-name: 'hvalfangstlinuxfunctionapp'
slot-name: 'Production'
package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
scm-do-build-during-deployment: true
enable-oryx-build: true
publish-profile: ${{ secrets.PUBLISH_PROFILE }}
build-react:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 16
- name: Install dependencies
run: npm install
working-directory: ./client
- name: Build React app
run: npm run build
working-directory: ./client
- name: Zip build folder
run: zip -r build.zip ./client/build
- name: Upload React build artifact
uses: actions/upload-artifact@v4
with:
name: react-build
path: build.zip
deploy-react:
runs-on: ubuntu-latest
needs: build-react
permissions:
id-token: write
contents: read
steps:
- name: Download React build artifact
uses: actions/download-artifact@v4
with:
name: react-build
- name: Unzip React build
run: unzip build.zip
- name: Login to Azure with OIDC
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy React build to Azure Static Website
uses: azure/CLI@v1
with:
azcliversion: latest
inlineScript: |
az storage blob upload-batch \
--account-name hvalfangststorageaccount \
--source ./client/build \
--destination '$web' \
--overwrite