-
Notifications
You must be signed in to change notification settings - Fork 9
221 lines (200 loc) · 9.36 KB
/
deploy-orchard1-to-azure-app-service.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
name: Deploy Orchard 1 to Azure App Service
concurrency:
group: ${{ inputs.app-name }}AzureWorkflow
permissions:
id-token: write
contents: read
on:
workflow_call:
secrets:
CHECKOUT_TOKEN:
required: false
description: >
The GitHub token to authenticate checkout. Pass in a GitHub personal access token if authenticated submodules
are used.
# These secrets are for OpenID Connect-based authentication with Azure services through the azure/login action
# (proxied by our login-to-azure action below). Check out its documentation on how these secrets are used:
# https://github.com/azure/login.
AZURE_APP_SERVICE_DEPLOYMENT_SERVICE_PRINCIPAL_ID:
required: true
description: >
The Application (client) ID of the Azure Service Principal or Managed Credential, which will be mapped to the
client-id parameter when calling azure/login.
AZURE_APP_SERVICE_DEPLOYMENT_AZURE_TENANT_ID:
required: true
description: >
The Tenant (Directory) ID of the Microsoft Entra ID tenant, which will be mapped to the tenant-id parameter
when calling azure/login.
AZURE_APP_SERVICE_DEPLOYMENT_AZURE_SUBSCRIPTION_ID:
required: true
description: >
The ID of the Azure Subscription the resources are under, which will be mapped to the subscription-id
parameter when calling azure/login. You can look this up e.g. in the Azure Portal under any resource or the
subscription itself.
AZURE_APP_SERVICE_PUBLISH_PROFILE:
required: true
MAINTENANCE_USER_NAME:
required: true
description: >
The name of the Orchard user to authenticate the maintenance with. Make sure that the user is in a role that
is permitted to start maintenances.
MAINTENANCE_PASSWORD:
required: true
description: The password of the Orchard user to authenticate the maintenance with.
inputs:
cancel-workflow-on-failure:
description: When set to "true", it will cancel the current workflow run with all jobs if this workflow fails.
type: string
default: 'false'
timeout-minutes:
type: number
default: 360
description: Configuration for the timeout-minutes parameter of the workflow. 360 is GitHub's default.
machine-type:
type: string
default: windows-2022
description: The machine type to run the workflow under, e.g. "windows-2022". Needs to be Windows.
build-directory:
type: string
default: src
description: Path to the directory where a solution file can be found.
solution-or-project-path:
type: string
default: '*.sln'
description: >
The path of the solution or project file to be built. If you have exactly one .sln file in the current
directory then this can be omitted. Otherwise make sure to specify it to avoid an "MSB1008: Only one project
can be specified." error that is thrown when the `*.sln` wildcard results in multiple files. To build a
project file you must specify a path that ends with `.csproj`. An example: "./src/*Web/*.Web.csproj". The
value is given to PowerShell's `Get-ChildItem` cmdlet as-is, so grepping is still possible but a name with
spaces must be escaped separately.
build-verbosity:
type: string
default: quiet
description: Verbosity parameter for msbuild.
build-treat-warnings-as-errors:
type: string
default: 'false'
description: Indicates whether warnings should be treated as errors during msbuild.
build-enable-code-analysis:
type: string
default: 'false'
description: Indicates whether to enable static code analysis during msbuild.
app-name:
required: true
type: string
description: What you see at the top of the blade on the Azure Portal. Can contain uppercase letters too.
slot-name:
required: true
type: string
description: >
What you see at the top of the blade on the Azure Portal, when you open the slot, before the app name in
parenthesis.
resource-group-name:
required: true
type: string
description: Name of the resource group.
application-insights-resource-id:
type: string
default: ''
description: >
ID of the Application Insights resource that the release annotation for the deployment should be added to.
This can e.g. be looked up on the Azure Portal under the given AI resource's Overview page -> JSON View.
maintenance-host-name:
type: string
description: >
The hostname of the Orchard 1-based application that runs a maintenance based on the Multi Tenancy feature
(https://github.com/Lombiq/Hosting-Multi-Tenancy#writing-maintenance-providers).
maintenance-batch-size:
type: string
default: '0'
description: The batch size of the maintenance.
jobs:
deploy:
runs-on: ${{ inputs.machine-type }}
name: Deploy to Azure App Service
environment: ${{ inputs.slot-name }}
defaults:
run:
shell: pwsh
timeout-minutes: ${{ inputs.timeout-minutes }}
steps:
- name: Checkout
uses: Lombiq/GitHub-Actions/.github/actions/checkout@dev
with:
token: ${{ secrets.CHECKOUT_TOKEN }}
- name: Enable Node corepack
uses: Lombiq/GitHub-Actions/.github/actions/enable-corepack@dev
# Calling nuget restore separately on the actual solution, because we're passing Orchard.proj to the msbuild
# action instead to be able to call the Precompiled target.
- name: Restore NuGet packages
run: nuget restore ${{ inputs.build-directory }}\${{ inputs.solution-or-project-path }}
- name: Publish Precompiled App
uses: Lombiq/GitHub-Actions/.github/actions/msbuild@dev
with:
solution-or-project-path: Orchard.proj
verbosity: ${{ inputs.build-verbosity }}
treat-warnings-as-errors: ${{ inputs.build-treat-warnings-as-errors }}
enable-code-analysis: ${{ inputs.build-enable-code-analysis }}
msbuild-switches: |
/t:Precompiled
/p:Solution=${{ inputs.build-directory }}\${{ inputs.solution-or-project-path }}
- name: Login to Azure
uses: Lombiq/GitHub-Actions/.github/actions/login-to-azure@dev
env:
AZURE_CLIENT_ID: ${{ secrets.AZURE_APP_SERVICE_DEPLOYMENT_SERVICE_PRINCIPAL_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_APP_SERVICE_DEPLOYMENT_AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_APP_SERVICE_DEPLOYMENT_AZURE_SUBSCRIPTION_ID }}
- name: Initialize PowerShell modules
uses: Lombiq/Infrastructure-Scripts/.github/actions/initialize@dev
- name: Stop Web App Slot
run: |
Stop-AzureWebAppSlot `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SlotName ${{ inputs.slot-name }}
# Give the App Slot some time to actually stop, otherwise the deployment might go wrong and the app won't start,
# even though the deployment succeeds without warnings or errors.
- name: Wait for App Slot to Stop
run: Start-Sleep -Seconds 30
- name: Deploy to Azure App Service
uses: azure/webapps-deploy@8e359a3761daf647ae3fa56123a9c3aa8a51d269 # v2.2.12
with:
app-name: ${{ inputs.app-name }}
slot-name: ${{ inputs.slot-name }}
publish-profile: ${{ secrets.AZURE_APP_SERVICE_PUBLISH_PROFILE }}
package: build\Precompiled
- name: Add Azure Application Insights Release Annotation
if: ${{ inputs.application-insights-resource-id != '' }}
uses: Lombiq/GitHub-Actions/.github/actions/add-azure-application-insights-release-annotation@dev
with:
release-name: 'Deploy #${{ github.run_number }} to ${{ inputs.slot-name }}'
application-insights-resource-id: ${{ inputs.application-insights-resource-id }}
- name: Start Web App Slot
run: |
Start-AzureWebAppSlot `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SlotName ${{ inputs.slot-name }}
- name: Test Web App Slot
run: |
Test-AzureWebApp `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SlotName ${{ inputs.slot-name }}
- name: Start AfterDeploy Maintenance on the Destination Slot
if: inputs.maintenance-host-name != ''
run: |
$maintenanceParameters = @{
HostName = '${{ inputs.maintenance-host-name }}'
UserName = '${{ secrets.MAINTENANCE_USER_NAME }}'
Password = '${{ secrets.MAINTENANCE_PASSWORD }}'
BatchSize = '${{ inputs.maintenance-batch-size }}'
MaintenanceName = '${{ inputs.slot-name }}AfterDeploy'
}
Start-Maintenance @maintenanceParameters
- name: Cancel Workflow on Failure
if: failure() && inputs.cancel-workflow-on-failure == 'true'
uses: Lombiq/GitHub-Actions/.github/actions/cancel-workflow@dev
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}