test workflow (#1)

.github/workflows/deploy.yml

@@ -1,19 +1,23 @@
 name: 'Deploy'
 
 on:
-  pull_request:
+  push:
     branches: ['workshop/*']
 
 jobs:
-  set_name:
-    name: 'Get name from branch name and set env'
+  setup:
+    name: 'Setup'
+    outputs:
+      my_name: ${{ steps.set-name.outputs.my_name }}
     runs-on: ubuntu-latest
     steps:
-      - run: echo "MY_NAME=${BRANCH##*/}" >> "$GITHUB_ENV"
+      - name: 'Setup'
+        id: set-name
+        run: echo "my_name=${BRANCH##*/}" >> "$GITHUB_OUTPUT"
         env:
           BRANCH: ${{ github.ref_name }}
 
-  run_tests:
+  run-tests:
     name: 'Run frontend tests'
     runs-on: ubuntu-latest
     defaults:
@@ -44,36 +48,51 @@ jobs:
   build:
     name: 'Build Docker image and push to registry'
     # Task A.2:
-    # needs: [set_name]
+    # needs: [setup]
     # Answer A.2:
-    needs: [set_name, run_tests]
+    needs: [setup, run-tests]
     #
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: 'ghcr.io'
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Build and push image to registry
         uses: docker/build-push-action@v5
         with:
           push: 'true'
-          tags: 'ghcr.io/${{ github.repository }}/${{ env.MY_NAME }}:latest'
-          file: 'frontend/Dockerfile'
+          tags: 'ghcr.io/${{ github.repository }}/${{ needs.setup.outputs.my_name }}:latest'
+          context: 'frontend'
 
   deploy:
     name: 'Deploy using Terraform'
     runs-on: ubuntu-latest
-    needs: [build]
+    needs: [build, setup]
     env:
       TF_VAR_revision_suffix: ${{ github.sha }}
-      TF_VAR_my_name: ${{ env.MY_NAME }}
+      TF_VAR_my_name: ${{ needs.setup.outputs.my_name }}
+      TF_VAR_repository: ${{ github.repository }}
       ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }}
-      ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
       ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }}
       ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }}
+      ARM_USE_OIDC: 'true'
+    permissions:
+      contents: read
+      id-token: write
+    environment: prod
     defaults:
       run:
         working-directory: 'terraform'
@@ -88,7 +107,7 @@ jobs:
         run: terraform init
 
       - name: Set Terraform workspace
-        run: teraform workspace new $MY_NAME || terraform workspace select $MY_NAME
+        run: terraform workspace new $TF_VAR_my_name || terraform workspace select $TF_VAR_my_name
 
       - name: Run Terraform plan
         run: terraform plan

README.md

@@ -179,15 +179,12 @@ Push branchen din til GitHub og sjekk ut om den kjører.
 
 Installer Terraform [her](https://developer.hashicorp.com/terraform/install).
 
-For å kunne kjøre Terraform lokalt kjøre denne kommandoen i mappen [terraform](terraform):
-
-```bash
-terraform init
-```
+I denne workshoppen har dere ikke mulighet til å kjøre Terraform lokalt,
+men du kan pushe til branch'en din og se på output fra GitHub Actions.
 
 ## 🔨 Oppgave 3.1
 
-Kjør en lokal `plan`. Dette kommer til å feile.
+Se på output fra GitHub Actions i steget `deploy`. Her kan du se hva Terraform har tenkt til å lage.
 
 ## 🔨 Oppgave 3.2
 
@@ -229,3 +226,19 @@ resource "azurerm_container_app" "devops" {
 ```
 
 </details>
+
+# Setup (ikke en del av workshop'en)
+
+1. Få tak i en Azure subscription. Pass på at provider `Microsoft.App` er registrert i subscription'en din.
+Se [her](https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-register-resource-provider?tabs=azure-cli) for mer informasjon,
+evt. kjør kommandoen `az provider register --namespace Microsoft.App` for å registrere den.
+
+2. Lag en ny Storage Account i Azure for å lagre Terraform state.
+Bruk skriptet `bootstrap.sh` for å sette opp en ny Storage Account, som vil lages i resource group `tfstate`.
+
+3. Lag en App Registration i Entra, og pek den mot riktig GitHub repository/environment. Se [link]().
+Du kan bruke `prod` som environment, det er det som brukes i `.github/workflows/deploy.yml`.
+Gi den `Contributor`-tilgang til subscription'en din.
+
+4. Hent ut client ID fra App Registration og legg den i GitHub repository variables under `ARM_CLIENT_ID`.
+Hent også ut subscription ID og tentant ID og legg de i GitHub repository variables under `ARM_SUBSCRIPTION_ID` og `ARM_TENANT_ID`.

bootstrap.sh

@@ -9,12 +9,6 @@ create() {
     local location="$4"
     local subscription_id="$5"
 
-    # Create service principal
-    az ad sp create-for-rbac \
-        --name "terraform" \
-        --role "Contributor" \
-        --scopes "/subscriptions/$subscription_id"
-
     # Create resource group
     az group create \
         --name "$resource_group_name" \
@@ -78,11 +72,6 @@ delete() {
     az group delete \
         --name "$resource_group_name" \
         --yes
-
-    # Delete service principal
-    local sp_name
-    sp_name=$(az ad sp list --display-name terraform --query '[0].appId' -o tsv)
-    az ad sp delete --id "$sp_name"
 }
 
 main() {

terraform/main.tf

@@ -25,7 +25,7 @@ resource "azurerm_container_app" "devops" {
     # Answer T.2:
     container {
       name   = "devops-workshop"
-      image  = "ghcr.io/computas/devops-workshop/${var.my_name}:latest"
+      image  = "ghcr.io/${var.repository}/${var.my_name}:latest"
       cpu    = "0.25"
       memory = "0.5Gi"
     }

terraform/providers.tf

@@ -7,10 +7,10 @@ terraform {
   }
 
   backend "azurerm" {
-    resource_group_name  = "tfstate"
-    storage_account_name = "tfstate24321"
-    container_name       = "tfstate"
-    key                  = "terraform.tfstate"
+    resource_group_name   = "tfstate"
+    storage_account_name  = "tfstate27968"
+    container_name        = "tfstate"
+    key                   = "terraform.tfstate"
   }
 }
 

terraform/variables.tf

@@ -3,6 +3,11 @@ variable "my_name" {
   description = "Your name. Must be lowercase and only a-z."
 }
 
+variable "repository" {
+  type        = string
+  description = "GitHub repository to use for the GHCR image."
+}
+
 variable "revision_suffix" {
   type        = string
   description = "Unique suffix to differentiate versions of container in the container app, use e.g. git SHA."