separate deploy from build, keep envs aligned during slot swap

- update actions - align styles across Steeltoe GH actions - delete GH environments after PR closes
SteeltoeOSS · Mar 1, 2025 · c3768b2 · c3768b2
1 parent ee276e6
commit c3768b2
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 30 deletions.
diff --git a/.github/workflows/build-and-stage.yml b/.github/workflows/build-and-stage.yml
@@ -1,46 +1,33 @@
 name: Build and stage
 
 on:
-  pull_request:
+  push:
     branches:
     - main
-  push:
+  pull_request:
     branches:
-      - main
+    - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 permissions:
-  contents: 'read'
-  pull-requests: 'write'
+  contents: read
+  pull-requests: write
 
 env:
   IMAGE_NAME: initializr-web
   IMAGE_TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || github.run_id }}
-  HAS_AZURE_CREDENTIALS: secrets.AZURE_CREDENTIALS != ''
 
 jobs:
-  build-push-deploy:
+  build-push:
     name: Build and push image
-    environment:
-      name: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || vars.STAGING_SLOT_NAME }}
-      url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
-    env:
-      SLOT_NAME: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || vars.STAGING_SLOT_NAME }}
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
 
-    - name: Login to Azure
-      if: ${{ env.HAS_AZURE_CREDENTIALS }}
-      uses: azure/login@v1
-      with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
-
     - name: Login to container registry
-      if: ${{ env.HAS_AZURE_CREDENTIALS }}
       uses: azure/docker-login@v1
       with:
         login-server: "${{ vars.DOCKER_REGISTRY }}"
@@ -51,24 +38,41 @@ jobs:
       run: docker build . --file "Dockerfile" -t ${{ vars.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
 
     - name: Push image
-      if: ${{ env.HAS_AZURE_CREDENTIALS }}
       run: docker push ${{ vars.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
 
+  deploy:
+    if: ${{ github.secret_source == 'Actions' }}
+    name: Deploy
+    environment:
+      name: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || vars.STAGING_SLOT_NAME }}
+      url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
+    env:
+      SLOT_NAME: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || vars.STAGING_SLOT_NAME }}
+    needs: build-push
+    runs-on: ubuntu-latest
+    steps:
+    - name: Login to Azure
+      uses: azure/login@v2
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
     - name: If PR, create a new staging slot
-      if: ${{ github.event_name == 'pull_request' && env.HAS_AZURE_CREDENTIALS }}
+      if: ${{ github.event_name == 'pull_request' }}
       run: az webapp deployment slot create --resource-group ${{ vars.AZURE_RESOURCE_GROUP }} --name ${{ vars.AZURE_WEBAPP_NAME}} --slot ${{ env.SLOT_NAME }} --configuration-source ${{ vars.STAGING_SLOT_NAME }}
 
     - name: Deploy to staging slot
-      if: ${{ env.HAS_AZURE_CREDENTIALS }}
-      uses: azure/webapps-deploy@v3
       id: deploy-to-webapp
+      uses: azure/webapps-deploy@v3
       with: 
         app-name: ${{ vars.AZURE_WEBAPP_NAME }}
         images: ${{ vars.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
         slot-name:  ${{ env.SLOT_NAME }}
+
+      # Need to pair with a custom InitializrService address?
+      # az webapp config appsettings set --resource-group steeltoe --name initializr-web --slot Staging --settings "INITIALIZR_SERVICE_HOST=initializr-service-pr-99.azurewebsites.net" "INITIALIZR_SERVICE_URI=https://initializr-service-pr-99.azurewebsites.net/api/"
 
     - name: If PR, comment with the preview link
-      if: ${{ github.event_name == 'pull_request' && env.HAS_AZURE_CREDENTIALS }}
+      if: ${{ github.event_name == 'pull_request' }}
       uses: mshick/add-pr-comment@v2
       with:
         message: |
@@ -79,4 +83,3 @@ jobs:
 
           > *This is an automated message.*
         repo-token: ${{ secrets.GITHUB_TOKEN }}
-
diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml
@@ -2,7 +2,8 @@ name: Delete a preview environment
 
 on:
   pull_request:
-    types: [closed]
+    types:
+    - closed
 
 env:
   SLOT_NAME: pr-${{ github.event.number }}
@@ -13,7 +14,7 @@ jobs:
 
     steps:
     - name: Log into Azure CLI with service principal
-      uses: azure/login@v1
+      uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
@@ -22,11 +23,11 @@ jobs:
 
   delete-deployment:
     runs-on: ubuntu-latest
+    permissions: write-all
 
     steps:
       - name: Delete Deployment Environment
         uses: strumwolf/delete-deployment-environment@v3
         with:
           environment: "pr-${{ github.event.number }}"
           token: ${{ secrets.GITHUB_TOKEN }}
-          onlyRemoveDeployments: true
diff --git a/.github/workflows/stage-prod-swap.yml b/.github/workflows/stage-prod-swap.yml
@@ -8,15 +8,32 @@ jobs:
     name: Promote to production
     runs-on: ubuntu-latest
     environment:
-      name: 'Production'
+      name: Production
       url: 'https://${{ vars.AZURE_WEBAPP_NAME }}.azurewebsites.net/'
 
     steps:
     - name: Log into Azure CLI with service principal
-      uses: azure/login@v1
+      uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
+    - name: Change InitializrService link to prod and restart
+      shell: bash
+      run: |
+        az webapp config appsettings set --resource-group steeltoe --name initializr-web --slot Staging --settings "INITIALIZR_SERVICE_HOST=initializr-service.azurewebsites.net" "INITIALIZR_SERVICE_URI=https://initializr-service.azurewebsites.net/api/"
+        az webapp restart --resource-group steeltoe --name initializr-web --slot Staging
+        echo "Waiting 60 seconds until beginning to curl to see if the site is back up"
+        sleep 60
+        until $(curl --output /dev/null --silent --head --fail https://start-staging.steeltoe.io); do
+          printf '.'
+          sleep 5
+        done
+
     - name: Swap slots
       run: az webapp deployment slot swap -s ${{ vars.STAGING_SLOT_NAME }} -n ${{ vars.AZURE_WEBAPP_NAME }} -g ${{ vars.AZURE_RESOURCE_GROUP }}
+
+    - name: Change InitializrService link to staging and restart
+      run: |
+        az webapp config appsettings set --resource-group steeltoe --name initializr-web --slot Staging --settings "INITIALIZR_SERVICE_HOST=initializr-service-staging.azurewebsites.net" "INITIALIZR_SERVICE_URI=https://initializr-service-staging.azurewebsites.net/api/"
+        az webapp restart --resource-group steeltoe --name initializr-web --slot Staging