Deploy terraform from GitHub (#8)

Automate deployment of terraform and apps
dddsw · Apr 25, 2024 · a6e58d7 · a6e58d7
1 parent 7b12655
commit a6e58d7
Show file tree

Hide file tree

Showing 21 changed files with 268 additions and 109 deletions.
diff --git a/.github/workflows/DeployBlazorClient.yml b/.github/workflows/DeployBlazorClient.yml
@@ -2,7 +2,6 @@ name: Build and deploy Pocket DDD Blazor Client
 
 on:
   workflow_dispatch:
-  push:
 
 jobs:
   build_and_deploy_job:

diff --git a/.github/workflows/DeployBranchPush.yml b/.github/workflows/DeployBranchPush.yml
@@ -0,0 +1,16 @@
+name: Deploy Branch Push
+on:
+  push:
+    branches-ignore:
+      - 'main'
+
+
+jobs:
+  deploy_to_test:
+    uses: ./.github/workflows/DeployEverything.yml
+    with:
+      env: "Test2"
+    secrets: 
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+      AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }}
+      TERRAFORM_STATE_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml
@@ -0,0 +1,124 @@
+name: Deploy Everything
+on:
+  workflow_call:
+    inputs:
+      env:
+        required: true
+        default: "Test"
+        type: string
+    secrets:
+      AZURE_CREDENTIALS:
+        required: true
+      AZURE_STATIC_WEB_APPS_API_TOKEN:
+        required: true
+      TERRAFORM_STATE_ACCESS_KEY:
+        required: true
+
+env:
+  AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish
+  CONFIGURATION: Release
+  DOTNET_CORE_VERSION: 8.0.x
+  WORKING_DIRECTORY: PocketDDD.Server/PocketDDD.Server.WebAPI
+
+jobs:
+  deploy_terraform:
+    runs-on: ubuntu-latest
+    name: Deploy terraform
+    environment: ${{ inputs.env }}
+    defaults:
+      run:
+        working-directory: ./terraform
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Log in with Azure
+      uses: azure/login@v1
+      with:
+        creds: '${{ secrets.AZURE_CREDENTIALS }}'
+    - name: Setup terraform
+      uses: hashicorp/setup-terraform@v3
+    - run: |
+        terraform init -backend-config="key=${{ inputs.env }}.terraform.tfstate"
+
+        terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars
+      env:
+        ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
+
+  build_api_server:
+    runs-on: ubuntu-latest
+    name: Build API Server
+    steps:
+    - uses: actions/checkout@v4
+    - name: Setup .NET SDK
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNET_CORE_VERSION }}
+    - name: Restore
+      run: dotnet restore "${{ env.WORKING_DIRECTORY }}"
+    - name: Build
+      run: dotnet build "${{ env.WORKING_DIRECTORY }}" --configuration ${{ env.CONFIGURATION }} --no-restore
+    - name: Test
+      run: dotnet test "${{ env.WORKING_DIRECTORY }}" --no-build
+    - name: Publish
+      run: dotnet publish "${{ env.WORKING_DIRECTORY }}" --configuration ${{ env.CONFIGURATION }} --no-build --output "${{ env.AZURE_WEBAPP_PACKAGE_PATH }}"
+    - name: Publish Artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: webapp
+        path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+
+  deploy_api_server:
+    name: Deploy API Server
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.env }}
+    needs: [deploy_terraform, build_api_server]
+    steps:
+    - name: Log in with Azure
+      uses: azure/login@v1
+      with:
+        creds: '${{ secrets.AZURE_CREDENTIALS }}'
+    - name: Download artifact from build job
+      uses: actions/download-artifact@v4
+      with:
+        name: webapp
+        path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+    - name: Deploy to Azure WebApp
+      uses: azure/webapps-deploy@v2
+      with:
+        app-name: pocketddd-${{ inputs.env }}-api-server-web-app
+        package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+
+  build_and_deploy_blazor_client:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.env }}
+    name: Build and Deploy Blazor Client
+    needs: deploy_terraform
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+      - name: Log in with Azure
+        uses: azure/login@v1
+        with:
+          creds: '${{ secrets.AZURE_CREDENTIALS }}'
+
+      - run: |
+          cp PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.${{ inputs.env }}.json PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json
+
+      - run: |
+          apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv)
+          echo "WEB_APP_API_TOKEN=$apiToken" >> "$GITHUB_ENV"
+
+      - name: Build And Deploy
+        id: builddeploy
+        uses: Azure/static-web-apps-deploy@v1
+        with:
+          azure_static_web_apps_api_token: ${{ env.WEB_APP_API_TOKEN }}
+          repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
+          action: "upload"
+          ###### Repository/Build Configurations - These values can be configured to match your app requirements. ######
+          # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
+          app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path
+          api_location: "" # Api source code path - optional
+          output_location: "wwwroot" # Built app content directory - optional
+          ###### End of Repository/Build Configurations ######
diff --git a/.github/workflows/DeployServerWebAPI.yml b/.github/workflows/DeployServerWebAPI.yml
@@ -1,7 +1,6 @@
 name: Build and deploy Pocket DDD Server
 on:
   workflow_dispatch:
-  push:
 
 env:
   AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish

diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json
@@ -1,4 +1,4 @@
 {
-  "apiUrl": "https://dddsw2023pocketdddserverwebapi.azurewebsites.net/api/",
+  "apiUrl": "https://pocketddd-production-api-server-web-app.azurewebsites.net/api/",
   "fakeBackend": false
 }
diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json
diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json
@@ -0,0 +1,4 @@
+{
+  "apiUrl": "https://pocketddd-test2-api-server-web-app.azurewebsites.net/api/",
+  "fakeBackend": false
+}
diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.test.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.test.json
@@ -0,0 +1,4 @@
+{
+  "apiUrl": "https://pocketddd-test-api-server-web-app.azurewebsites.net/api/",
+  "fakeBackend": false
+}
diff --git a/PocketDDD.Server/PocketDDD.Server.DB/Migrations/2024_SeedData.sql b/PocketDDD.Server/PocketDDD.Server.DB/Migrations/2024_SeedData.sql
@@ -8,7 +8,7 @@ delete EventDetail
 
 GO
 
-DBCC CHECKIDENT ('[EventDetail]', RESEED, 0);
+DBCC CHECKIDENT ('[EventDetail]', RESEED, 1);
 DBCC CHECKIDENT ('[Tracks]', RESEED, 0);
 DBCC CHECKIDENT ('[TimeSlots]', RESEED, 0);
 DBCC CHECKIDENT ('[Sessions]', RESEED, 0);

diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ Authorization: <insert-admin-key>
 Ensure the Azure, GitHub, and terraform CLIs are installed
 ```
 brew install azure-cli
-bre install gh
+brew install gh
 brew install terraform
 ```
 
@@ -24,11 +24,16 @@ az login
 gh auth login
 ```
 
+Retrieve the access key for the terraform state storage account
+```
+export ARM_ACCESS_KEY=$(az storage account keys list -g pocketddd-terraform-state -n pocketdddterraformstate --query [0].value -o tsv)
+```
+
 From the `terraform` directory run init, plan, then apply if happy with the changes.
 ```
 cd ./terraform
 
-terraform init
+terraform init -backend-config="dev.terraform.tfstate"  
 terraform plan -var-file ../tfvars/dev.tfvars
 terraform apply -var-file ../tfvars/dev.tfvars
 ```
diff --git a/terraform/api_server.tf b/terraform/api_server.tf
@@ -8,7 +8,7 @@ resource "azurerm_service_plan" "api_server_service_plan" {
 
 
 resource "azurerm_linux_web_app" "api_server_web_app" {
-  name                = "${local.resource_prefix}-api-server"
+  name                = "${local.resource_prefix}-api-server-web-app"
   resource_group_name = azurerm_resource_group.rg.name
   location            = azurerm_service_plan.api_server_service_plan.location
   service_plan_id     = azurerm_service_plan.api_server_service_plan.id
@@ -30,3 +30,9 @@ resource "azurerm_linux_web_app" "api_server_web_app" {
     "AdminKey" = random_password.admin_api_key.result
   }
 }
+
+resource "azurerm_key_vault_secret" "api_admin_key" {
+  name         = "${local.resource_prefix}-admin-api-key"
+  value        = random_password.admin_api_key.result
+  key_vault_id = azurerm_key_vault.key_vault.id
+}
diff --git a/terraform/blazor_client.tf b/terraform/blazor_client.tf
@@ -5,11 +5,19 @@ resource "azurerm_static_web_app" "blazor-client" {
 
   sku_tier = var.client_sku_tier
   sku_size = var.client_sku_size
+
+  app_settings = {
+    "ASPNETCORE_ENVIRONMENT": "${ var.env }"
+    "DOTNET_ENVIRONMENT": "${ var.env }"
+    "apiUrl": "https://pocketddd-${ var.env }-api-server-web-app.azurewebsites.net/api/"
+    "fakeBackend": "false"
+  }
+
+  preview_environments_enabled = false
 }
 
-resource "github_actions_environment_secret" "test_secret" {
-  repository       = data.github_repository.repo.name
-  environment      = github_repository_environment.repo_environment.environment
-  secret_name      = "AZURE_STATIC_WEB_APPS_API_TOKEN"
-  plaintext_value  = azurerm_static_web_app.blazor-client.api_key
-}
+resource "azurerm_key_vault_secret" "blazor_client_deployment_token" {
+  name         = "${local.resource_prefix}-blazor-client-deployment-token"
+  value        = azurerm_static_web_app.blazor-client.api_key
+  key_vault_id = azurerm_key_vault.key_vault.id
+}
diff --git a/terraform/database.tf b/terraform/database.tf
@@ -12,10 +12,10 @@ resource "azurerm_mssql_server" "sqlserver" {
 }
 
 resource "azurerm_mssql_database" "sqldb" {
-  name      = "${local.resource_prefix}-sqldatabase"
-  server_id = azurerm_mssql_server.sqlserver.id
-  sku_name = var.sql_db_sku
-  max_size_gb = var.sql_max_storage
+  name                 = "${local.resource_prefix}-sqldatabase"
+  server_id            = azurerm_mssql_server.sqlserver.id
+  sku_name             = var.sql_db_sku
+  max_size_gb          = var.sql_max_storage
   storage_account_type = "Local"
 
   tags = {
@@ -34,3 +34,15 @@ resource "azurerm_mssql_firewall_rule" "firewall_rule" {
   start_ip_address = "0.0.0.0"
   end_ip_address   = "0.0.0.0"
 }
+
+resource "azurerm_key_vault_secret" "sqldb_connectionstring" {
+  name         = "${local.resource_prefix}-db-connection-string"
+  value        = local.db_connection_string
+  key_vault_id = azurerm_key_vault.key_vault.id
+}
+
+resource "azurerm_key_vault_secret" "sqldb_admin_password" {
+  name         = "${local.resource_prefix}-db-admin-password"
+  value        = random_password.admin_password.result
+  key_vault_id = azurerm_key_vault.key_vault.id
+}
diff --git a/terraform/keyvault.tf b/terraform/keyvault.tf
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,7 +2,6 @@ name: Build and deploy Pocket DDD Blazor Client @@
     on:
       workflow_dispatch:
-      push:
     jobs:
       build_and_deploy_job:
@@ Expand Down @@