Build and push to Azure Container Registry

:fingerscrossed:
NetChris · Jan 14, 2024 · dcb7120 · dcb7120
1 parent a04f399
commit dcb7120
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 36 deletions.
diff --git a/.github/workflows/build-and-push-acr.yml b/.github/workflows/build-and-push-acr.yml
@@ -0,0 +1,71 @@
+name: Build and push to Azure Container Registry
+
+on:
+  workflow_call:  # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_call
+    inputs:  # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs
+      source-subfolder:
+        # TODO - Test this to see if it can be a) made optional, b) use "." as default, and c) build from the "root" of the context
+        description: 'The source subfolder from which to build'
+        required: true
+        type: string  # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputsinput_idtype
+      netchris-app-aggregate:
+        description: 'The application aggregate'
+        required: true
+        type: string
+      netchris-app-component:
+        description: 'The application component'
+        required: true
+        type: string
+      netchris-app-environment:
+        description: 'The application environment'
+        required: true
+        type: string
+    secrets:  # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecrets
+      AZURE_TENANT_ID:
+        required: true
+      AZURE_CLIENT_ID:
+        required: true
+      AZURE_SUBSCRIPTION_ID:
+        required: true
+      AZURE_CONTAINER_REGISTRY_LOGIN_SERVER:
+        required: true
+
+# TODO - Reused workflow build-and-push
+# TODO - Output DOCKER_IMAGE
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.netchris-app-environment }}
+    permissions:
+      # Critical for Azure (https://paulyu.dev/article/pushing-multi-arch-container-images-guide/)
+      id-token: write
+      # Critical for Azure (https://paulyu.dev/article/pushing-multi-arch-container-images-guide/)
+      contents: read
+    env:
+      DOCKER_IMAGE: ${{ secrets.AZURE_CONTAINER_REGISTRY_LOGIN_SERVER }}/${{ inputs.netchris-app-aggregate }}/${{ inputs.netchris-app-component }}:${{ github.sha }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: "Azure Login"
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - name: Login to Azure Container Registry
+        run: az acr login --name ${{ secrets.AZURE_CONTAINER_REGISTRY_LOGIN_SERVER }}
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build "${{ inputs.source-subfolder }}" image and push to registry
+        uses: docker/build-push-action@v5
+        with:
+          context: "{{defaultContext}}:${{ inputs.source-subfolder }}"
+          # Azure container apps are AMD64 so being explicit
+          platforms: linux/amd64
+          push: true
+          tags: |
+            ${{ env.DOCKER_IMAGE }}
+          labels: |
+            netchris-app-aggregate=${{ inputs.netchris-app-aggregate }}
+            netchris-app-component=${{ inputs.netchris-app-component }}
+            netchris-app-environment=${{ inputs.netchris-app-environment }}
diff --git a/.github/workflows/called.yml b/.github/workflows/called.yml
diff --git a/.github/workflows/caller.yml b/.github/workflows/caller.yml
@@ -1,22 +1,37 @@
-name: caller
+# TODO - Rename the file
+name: Full Workflow
 
 on:
   push:
     branches:
       - "building-and-testing-dotnet"
 
+env:
+  netchris-app-aggregate: deleteme
+
 jobs:
-  call-workflow-passing-data-1:
-    name: One call to called
-    uses: NetChris/internal-actions/.github/workflows/called.yml@init
-    with:
-      config-path: .github/one.yml
-    secrets:
-      envPAT: THISISASECRET
-  call-workflow-passing-data-2:
-    name: Another call to called
-    uses: ./.github/workflows/called.yml
+  build-and-test:
+    name: Build and test
+    runs-on: ubuntu-latest
+    steps:
+    -
+      run: "echo Would build"
+    -
+      run: "echo Would test"
+  build-and-push-api:
+    name: Build and push API
+    uses: ./.github/workflows/build-and-push-acr.yml
     with:
-      config-path: .github/another.yml
+      source-subfolder: WebApplication1
+      netchris-app-aggregate: ${{ env.netchris-app-aggregate }}
+      netchris-app-component: api
+      netchris-app-environment: test
     secrets:
-      envPAT: THISISASECRET
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_CONTAINER_REGISTRY_LOGIN_SERVER: ${{ secrets.ACR_LOGIN_SERVER_TEST }}
+  # TODO - ...
+  # build-and-push-app:
+  #   name: Build and push app
+  #   uses: ./.github/workflows/build-and-push-acr.yml
diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
@@ -5,8 +5,6 @@ on:
     branches:
       - "building-and-testing-dotnet"
 
-# TODO - Reused workflow build-and-push
-# - Returns (?) the pushed image (server/repo:tag)
 # TODO - Reused deploy
 # - Indicates pushed image
 # - Target container app