Skip to content
This repository has been archived by the owner on Mar 8, 2024. It is now read-only.

chore(deps): update dependency dotnet-sdk to v8.0.201 (#628) #255

chore(deps): update dependency dotnet-sdk to v8.0.201 (#628)

chore(deps): update dependency dotnet-sdk to v8.0.201 (#628) #255

name: Deploy global and staging environments
on:
push:
branches:
- main
workflow_dispatch:
env:
DOCKER_FILE: './Dockerfile'
IMAGE_NAME: ${{ vars.REGISTRY_NAME }}.azurecr.io/${{ vars.IMAGE_NAME }}:${{ github.sha }}
jobs:
build:
name: Build container image
runs-on: ubuntu-latest
environment: staging
permissions:
actions: read
contents: read
id-token: write
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Login to Azure
uses: azure/login@v1
with:
client-id: ${{ vars.AZURE_CLIENT_ID }}
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
- name: Login to Azure Container Registry
run: az acr login --name ${{ vars.REGISTRY_NAME }}
- name: Build image
run: docker build -t ${{ env.IMAGE_NAME }} -f ${{ env.DOCKER_FILE }} .
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
with:
image: ${{ env.IMAGE_NAME }}
args: --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
- name: Push image to registry
run: docker push ${{ env.IMAGE_NAME }}
apply-global:
name: Apply global environment
runs-on: ubuntu-latest
environment: global
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Terraform apply
uses: ./.github/actions/terraform-apply
with:
tf-api-token: ${{ secrets.TF_API_TOKEN }}
tf-cloud-organization: ${{ vars.TF_CLOUD_ORGANIZATION }}
tf-cloud-workspace: ${{ vars.TF_CLOUD_WORKSPACE }}
working-directory: ${{ vars.TF_WORKING_DIRECTORY }}
apply-staging:
name: Apply staging environment
runs-on: ubuntu-latest
environment: staging
needs:
- build
- apply-global
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Terraform apply
uses: ./.github/actions/terraform-apply
with:
image-name: ${{ env.IMAGE_NAME }}
tf-api-token: ${{ secrets.TF_API_TOKEN }}
tf-cloud-organization: ${{ vars.TF_CLOUD_ORGANIZATION }}
tf-cloud-workspace: ${{ vars.TF_CLOUD_WORKSPACE }}
working-directory: ${{ vars.TF_WORKING_DIRECTORY }}