v0.0.16 #38
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Release | |
| on: | |
| release: | |
| types: | |
| - released | |
| jobs: | |
| deployment: | |
| name: Publish | |
| environment: ${{ vars.ENV_NAME }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: "Az Login" | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Add AgentIP to Storage Account Firewall | |
| run: | | |
| agentIP=$(curl -s https://api.ipify.org/) | |
| echo "agentIP: $agentIP" | |
| # save agentIP in env for remove task | |
| echo "agentIP=$agentIP" >> "$GITHUB_ENV" | |
| az storage account network-rule add \ | |
| --account-name $STORAGE_ACCOUNT_NAME \ | |
| --ip-address $agentIP \ | |
| --output none | |
| # give the firewall time to update | |
| sleep 30s | |
| env: | |
| STORAGE_ACCOUNT_NAME: ${{ vars.STORAGE_ACCOUNT_NAME }} | |
| - name: "Publish Release" | |
| run: | | |
| filename=${GITHUB_REPOSITORY#*/}.tar.gz | |
| containerName="${STORAGE_CONTAINER_NAME:-release-artifacts}" | |
| wget -O $filename $SRC_TARBALL_URI | |
| containerExists=$(az storage container exists --auth-mode login --account-name $STORAGE_ACCOUNT_NAME --name $containerName --query exists) | |
| if [ "$containerExists" == "false" ]; then | |
| az storage container create \ | |
| --auth-mode login \ | |
| --account-name $STORAGE_ACCOUNT_NAME \ | |
| --name $containerName \ | |
| --output none | |
| fi | |
| blobExists=$(az storage blob exists --auth-mode login --account-name $STORAGE_ACCOUNT_NAME --container-name $containerName --name $filename --query exists) | |
| if [ "$blobExists" == "true" ]; then | |
| # Take a snapshot of the previous version | |
| # - not using blob versioning because blob tags are not visible in the portal | |
| az storage blob snapshot \ | |
| --auth-mode login \ | |
| --account-name $STORAGE_ACCOUNT_NAME \ | |
| --container $containerName \ | |
| --name $filename \ | |
| --output none | |
| fi | |
| az storage blob upload \ | |
| --auth-mode login \ | |
| --file $filename \ | |
| --overwrite True \ | |
| --account-name $STORAGE_ACCOUNT_NAME \ | |
| --container $containerName \ | |
| --name $filename \ | |
| --tags version=$RELEASE_NAME \ | |
| --output none | |
| env: | |
| SRC_TARBALL_URI: ${{ github.event.release.tarball_url }} | |
| RELEASE_NAME: ${{ github.event.release.name }} | |
| STORAGE_ACCOUNT_NAME: ${{ vars.STORAGE_ACCOUNT_NAME }} | |
| STORAGE_CONTAINER_NAME: ${{ vars.STORAGE_CONTAINER_NAME }} | |
| - name: Remove AgentIP from Storage Account Firewall | |
| if: ${{ always() }} | |
| run: | | |
| agentIP=$(curl -s https://api.ipify.org/) | |
| az storage account network-rule remove \ | |
| --account-name $STORAGE_ACCOUNT_NAME \ | |
| --ip-address $agentIP \ | |
| --output none | |
| env: | |
| STORAGE_ACCOUNT_NAME: ${{ vars.STORAGE_ACCOUNT_NAME }} |