Incorporated OIDC for authenticating towards Azure in GH Action #61
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' | |
PYTHON_VERSION: '3.11' | |
STORAGE_ACCOUNT_NAME: 'hvalfangststorageaccount' | |
jobs: | |
build-function: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Setup Python version | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Create and start virtual environment | |
run: | | |
python -m venv venv | |
source venv/bin/activate | |
- name: Install dependencies | |
run: pip install -r hvalfangst_function/requirements.txt | |
- name: Zip artifact for deployment | |
run: cd hvalfangst_function && zip -r ../release.zip ./* | |
- name: Upload artifact for deployment job | |
uses: actions/upload-artifact@v4 | |
with: | |
name: hvalfangst-function-app | |
path: | | |
release.zip | |
!venv/ | |
deploy-function: | |
runs-on: ubuntu-latest | |
needs: build-function | |
environment: | |
name: 'Production' | |
url: ${{ steps.deploy-to-function.outputs.webapp-url }} | |
steps: | |
- name: Download artifact from build job | |
uses: actions/download-artifact@v4 | |
with: | |
name: hvalfangst-function-app | |
- name: Unzip artifact for deployment | |
run: unzip release.zip | |
- name: Deploy to Azure Functions | |
uses: Azure/functions-action@v1 | |
id: deploy-to-function | |
with: | |
app-name: 'hvalfangstlinuxfunctionapp' | |
slot-name: 'Production' | |
package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} | |
scm-do-build-during-deployment: true | |
enable-oryx-build: true | |
publish-profile: ${{ secrets.PUBLISH_PROFILE }} | |
build-react: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- name: Install dependencies | |
run: npm install | |
working-directory: ./client | |
- name: Build React app | |
run: npm run build | |
working-directory: ./client | |
- name: Zip build folder | |
run: zip -r build.zip ./client/build | |
- name: Upload React build artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: react-build | |
path: build.zip | |
deploy-react: | |
runs-on: ubuntu-latest | |
needs: build-react | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Download React build artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: react-build | |
- name: Unzip React build | |
run: unzip build.zip | |
- name: Login to Azure with OIDC | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy React build to Azure Static Website | |
uses: azure/CLI@v1 | |
with: | |
azcliversion: latest | |
inlineScript: | | |
az storage blob upload-batch \ | |
--account-name hvalfangststorageaccount \ | |
--source ./client/build \ | |
--destination '$web' \ | |
--overwrite |