Updated BAKE #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy apps to AKS with Helm | |
| on: | |
| push: | |
| branches: main | |
| workflow_dispatch: | |
| jobs: | |
| buildImage: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Azure login | |
| uses: azure/[email protected] | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Build and push frontend image to ACR | |
| run: | | |
| az acr build --image ${{ secrets.AZURE_CONTAINER_REGISTRY }}/ssweb-frontend:${{ github.sha }} --registry ${{ secrets.AZURE_CONTAINER_REGISTRY }} -g ${{ secrets.RESOURCE_GROUP }} -f ./jabascript/Dockerfile.Prod ./jabascript | |
| - name: Build and push backend image to ACR | |
| run: | | |
| az acr build --image ${{ secrets.AZURE_CONTAINER_REGISTRY }}/python:3.9.18-${{ github.sha }} --registry ${{ secrets.AZURE_CONTAINER_REGISTRY }} -g ${{ secrets.RESOURCE_GROUP }} -f ./backend-container/Dockerfile.python ./backend-container | |
| kubescape: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: kubescape/github-action@main | |
| continue-on-error: true | |
| with: | |
| format: sarif | |
| outputFile: results.sarif | |
| account: ${{ secrets.KUBESCAPE_ACCOUNT }} | |
| - name: Upload Kubescape scan results to Github Code Scanning | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: results.sarif | |
| deploy: | |
| permissions: | |
| actions: read | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| needs: [buildImage] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Azure login | |
| uses: azure/[email protected] | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Set up kubelogin for non-interactive login | |
| uses: azure/use-kubelogin@v1 | |
| with: | |
| kubelogin-version: 'v0.0.25' | |
| - name: Get K8s context | |
| uses: azure/aks-set-context@v3 | |
| with: | |
| resource-group: ${{ secrets.RESOURCE_GROUP }} | |
| cluster-name: ${{ secrets.CLUSTER_NAME }} | |
| admin: 'false' | |
| use-kubelogin: 'true' | |
| - name: Bake deployment | |
| uses: azure/k8s-bake@v2 | |
| with: | |
| renderEngine: "helm" | |
| helmChart: ${{ secrets.HELM_CHART_PATH }} | |
| overrides: | | |
| replicas: 2 | |
| helm-version: "latest" | |
| id: bake | |
| - name: Upload baked manifest as artifact | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: baked-manifest | |
| path: ${{ steps.bake.outputs.manifestsBundle }} | |
| - name: Print baked manifest | |
| run: cat ${{ steps.bake.outputs.manifestsBundle }} | |
| - name: Deploy application | |
| uses: Azure/k8s-deploy@v4 | |
| with: | |
| action: deploy | |
| manifests: ${{ steps.bake.outputs.manifestsBundle }} | |
| images: | | |
| ${{ secrets.AZURE_CONTAINER_REGISTRY }}/ssweb-frontend:${{ github.sha }} | |
| ${{ secrets.AZURE_CONTAINER_REGISTRY }}/python:3.9.18:${{ github.sha }} | |
| namespace: ${{ secrets.K8S_NAMESPACE }} | |
| pull-images: true | |
| strategy: basic | |
| route-method: service | |
| version-switch-buffer: 0 | |
| traffic-split-method: pod | |
| percentage: 0 | |
| force: false | |
| annotate-namespace: true | |
| private-cluster: false | |
| skip-tls-verify: false |