From 74951807c0215a39ede882ef69854e5925787b52 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 14:43:41 +0100
Subject: [PATCH 01/22] Fix issues with DNS not auto-provisioning

---
 terraform/instance/dns.tf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index d67b0a3..302517a 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -24,7 +24,6 @@ resource "azurerm_dns_txt_record" "api" {
 resource "azurerm_container_app_custom_domain" "api" {
   name                     = trimsuffix(trimprefix(azurerm_dns_txt_record.api.fqdn, "asuid."), ".")
   container_app_id         = azurerm_container_app.api.id
-  certificate_binding_type = "SniEnabled"
 
   depends_on = [
     azurerm_dns_txt_record.api,
@@ -57,7 +56,6 @@ resource "azurerm_dns_txt_record" "website" {
 resource "azurerm_container_app_custom_domain" "website" {
   name                     = trimsuffix(trimprefix(azurerm_dns_txt_record.website.fqdn, "asuid."), ".")
   container_app_id         = azurerm_container_app.website.id
-  certificate_binding_type = "SniEnabled"
 
   depends_on = [
     azurerm_dns_txt_record.website,
@@ -90,7 +88,6 @@ resource "azurerm_dns_txt_record" "monitoring" {
 resource "azurerm_container_app_custom_domain" "monitoring" {
   name                     = trimsuffix(trimprefix(azurerm_dns_txt_record.monitoring.fqdn, "asuid."), ".")
   container_app_id         = azurerm_container_app.monitoring.id
-  certificate_binding_type = "SniEnabled"
 
   depends_on = [
     azurerm_dns_txt_record.monitoring,

From 2e4daaa03beaaddb9d5696c4af5028c2b8f2da36 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 14:53:49 +0100
Subject: [PATCH 02/22] Prefix container apps

---
 .github/workflows/instance-deploy-prod.yml | 2 +-
 .github/workflows/instance-deploy-test.yml | 2 +-
 terraform/instance/container_apps.tf       | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/instance-deploy-prod.yml b/.github/workflows/instance-deploy-prod.yml
index e0c7c26..6c18be1 100644
--- a/.github/workflows/instance-deploy-prod.yml
+++ b/.github/workflows/instance-deploy-prod.yml
@@ -124,7 +124,7 @@ jobs:
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
           targetPort: 8080
-          environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://onlinestore-monitoring:18889
+          environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://prod-onlinestore-monitoring:18889
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:
diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index ca52a24..0d5c681 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -122,7 +122,7 @@ jobs:
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
           targetPort: 8080
-          environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://onlinestore-monitoring:18889
+          environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ github.head_ref }}-onlinestore-monitoring:18889
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:
diff --git a/terraform/instance/container_apps.tf b/terraform/instance/container_apps.tf
index aec3ff8..38fa68c 100644
--- a/terraform/instance/container_apps.tf
+++ b/terraform/instance/container_apps.tf
@@ -1,5 +1,5 @@
 data  "azurerm_container_app_environment" "apps" {
-  name                = "${var.name}-containerapps"
+  name                = "${lower(var.environment)}-${var.name}-containerapps"
   resource_group_name = "onlinestore-shared-rg"
 }
 
@@ -39,7 +39,7 @@ resource "azurerm_container_app" "api" {
 }
 
 resource "azurerm_container_app" "website" {
-  name                         = "${var.name}-website"
+  name                         = "${lower(var.environment)}-${var.name}-website"
   container_app_environment_id = data.azurerm_container_app_environment.apps.id
   resource_group_name          = azurerm_resource_group.instance.name
   revision_mode                = "Single"
@@ -74,7 +74,7 @@ resource "azurerm_container_app" "website" {
 }
 
 resource "azurerm_container_app" "monitoring" {
-  name                         = "${var.name}-monitoring"
+  name                         = "${lower(var.environment)}-${var.name}-monitoring"
   container_app_environment_id = data.azurerm_container_app_environment.apps.id
   resource_group_name          = azurerm_resource_group.instance.name
   revision_mode                = "Single"

From 64f85ed3da9510fe7f665900621f8e36b405af5b Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 14:55:02 +0100
Subject: [PATCH 03/22] Update container_apps.tf

---
 terraform/instance/container_apps.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/terraform/instance/container_apps.tf b/terraform/instance/container_apps.tf
index 38fa68c..c0bb36b 100644
--- a/terraform/instance/container_apps.tf
+++ b/terraform/instance/container_apps.tf
@@ -1,10 +1,10 @@
 data  "azurerm_container_app_environment" "apps" {
-  name                = "${lower(var.environment)}-${var.name}-containerapps"
+  name                = "${var.name}-containerapps"
   resource_group_name = "onlinestore-shared-rg"
 }
 
 resource "azurerm_container_app" "api" {
-  name                         = "${var.name}-api"
+  name                         = "${lower(var.environment)}-${var.name}-api"
   container_app_environment_id = data.azurerm_container_app_environment.apps.id
   resource_group_name          = azurerm_resource_group.instance.name
   revision_mode                = "Single"

From d43cf5eeace6acb6f681eeb07dfa689fd8a310f4 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 15:00:14 +0100
Subject: [PATCH 04/22] Update instance-deploy-test.yml

---
 .github/workflows/instance-deploy-test.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index 0d5c681..cea2aeb 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -71,9 +71,9 @@ jobs:
           TF_VAR_environment: ${{ github.head_ref }}
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-          TF_VAR_website_dns_subdomain: ${{ github.head_ref }}
-          TF_VAR_api_dns_subdomain: api
-          TF_VAR_monitoring_dns_subdomain: monitoring
+          TF_VAR_website_dns_subdomain: ${{ github.head_ref }}-site
+          TF_VAR_api_dns_subdomain: ${{ github.head_ref }}-api
+          TF_VAR_monitoring_dns_subdomain: ${{ github.head_ref }}-monitoring
       - name: Save terraform outputs
         shell: bash
         run: |

From a8a84315042aea233f09240045e1b4be2ecc9cb4 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 15:11:33 +0100
Subject: [PATCH 05/22] Update instance-deploy-test.yml

---
 .github/workflows/instance-deploy-test.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index cea2aeb..1ca6ace 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -60,7 +60,7 @@ jobs:
           TF_VAR_environment: ${{ github.head_ref }}
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-          TF_VAR_website_dns_subdomain: ${{ github.head_ref }}-site
+          TF_VAR_website_dns_subdomain: ${{ github.head_ref }}-website
           TF_VAR_api_dns_subdomain: ${{ github.head_ref }}-api
           TF_VAR_monitoring_dns_subdomain: ${{ github.head_ref }}-monitoring
       - name: Terraform Apply
@@ -71,7 +71,7 @@ jobs:
           TF_VAR_environment: ${{ github.head_ref }}
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-          TF_VAR_website_dns_subdomain: ${{ github.head_ref }}-site
+          TF_VAR_website_dns_subdomain: ${{ github.head_ref }}-website
           TF_VAR_api_dns_subdomain: ${{ github.head_ref }}-api
           TF_VAR_monitoring_dns_subdomain: ${{ github.head_ref }}-monitoring
       - name: Save terraform outputs
@@ -119,7 +119,7 @@ jobs:
           acrPassword: ${{ secrets.ACR_TOKEN }}
           containerAppName: onlinestore-api
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-api:${{ github.sha }}
-          location: 'East US'
+          # location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
           targetPort: 8080
           environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ github.head_ref }}-onlinestore-monitoring:18889

From 48eee39c23c93e4a7be700fc6d66e1912729431b Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 15:25:01 +0100
Subject: [PATCH 06/22] Update instance-deploy-test.yml

---
 .github/workflows/instance-deploy-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index 1ca6ace..8b4760a 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -119,7 +119,7 @@ jobs:
           acrPassword: ${{ secrets.ACR_TOKEN }}
           containerAppName: onlinestore-api
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-api:${{ github.sha }}
-          # location: 'East US'
+          location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
           targetPort: 8080
           environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ github.head_ref }}-onlinestore-monitoring:18889

From 0569e1ea57208201b2fcd9783869c993ab51dbed Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 15:25:58 +0100
Subject: [PATCH 07/22] Update instance-deploy-test.yml

---
 .github/workflows/instance-deploy-test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index 8b4760a..7d7181b 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -114,6 +114,7 @@ jobs:
       - name: Deploy api
         uses: azure/container-apps-deploy-action@v1
         with:
+          yamlConfigPath: .github/workflows/config/container-environment-config.yaml
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
@@ -126,6 +127,7 @@ jobs:
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:
+          yamlConfigPath: .github/workflows/config/container-environment-config.yaml
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}

From d0566646a14dbd10ffa29fe3a8f53f91f35d3702 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 15:34:42 +0100
Subject: [PATCH 08/22] Correct container app names

---
 .github/workflows/instance-deploy-prod.yml | 4 ++--
 .github/workflows/instance-deploy-test.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/instance-deploy-prod.yml b/.github/workflows/instance-deploy-prod.yml
index 6c18be1..fe99090 100644
--- a/.github/workflows/instance-deploy-prod.yml
+++ b/.github/workflows/instance-deploy-prod.yml
@@ -119,7 +119,7 @@ jobs:
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
-          containerAppName: onlinestore-api
+          containerAppName: prod-onlinestore-api
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-api:${{ github.sha }}
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
@@ -132,7 +132,7 @@ jobs:
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
-          containerAppName: onlinestore-website
+          containerAppName: prod-onlinestore-website
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-website:${{ github.sha }}
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index 7d7181b..07f37d7 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -118,7 +118,7 @@ jobs:
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
-          containerAppName: onlinestore-api
+          containerAppName: ${{ github.head_ref }}-onlinestore-api
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-api:${{ github.sha }}
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
@@ -131,7 +131,7 @@ jobs:
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
-          containerAppName: onlinestore-website
+          containerAppName: ${{ github.head_ref }}-onlinestore-website
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-website:${{ github.sha }}
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}

From 40a8dce42b95a3110da2dc7bdc0cfc4a688b2630 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 15:58:16 +0100
Subject: [PATCH 09/22] Update dns.tf

---
 terraform/instance/dns.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index 302517a..58d8e71 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -22,7 +22,7 @@ resource "azurerm_dns_txt_record" "api" {
 }
 
 resource "azurerm_container_app_custom_domain" "api" {
-  name                     = trimsuffix(trimprefix(azurerm_dns_txt_record.api.fqdn, "asuid."), ".")
+  name                     = trimsuffix(azurerm_dns_txt_record.api.fqdn, ".")
   container_app_id         = azurerm_container_app.api.id
 
   depends_on = [
@@ -54,7 +54,7 @@ resource "azurerm_dns_txt_record" "website" {
 }
 
 resource "azurerm_container_app_custom_domain" "website" {
-  name                     = trimsuffix(trimprefix(azurerm_dns_txt_record.website.fqdn, "asuid."), ".")
+  name                     = trimsuffix(azurerm_dns_txt_record.website.fqdn, ".")
   container_app_id         = azurerm_container_app.website.id
 
   depends_on = [
@@ -86,7 +86,7 @@ resource "azurerm_dns_txt_record" "monitoring" {
 }
 
 resource "azurerm_container_app_custom_domain" "monitoring" {
-  name                     = trimsuffix(trimprefix(azurerm_dns_txt_record.monitoring.fqdn, "asuid."), ".")
+  name                     = trimsuffix(azurerm_dns_txt_record.monitoring.fqdn, ".")
   container_app_id         = azurerm_container_app.monitoring.id
 
   depends_on = [

From b9925b1f896fb0411c4ff110907683659187019b Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 16:01:43 +0100
Subject: [PATCH 10/22] Update dns.tf

---
 terraform/instance/dns.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index 58d8e71..259045b 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -22,7 +22,7 @@ resource "azurerm_dns_txt_record" "api" {
 }
 
 resource "azurerm_container_app_custom_domain" "api" {
-  name                     = trimsuffix(azurerm_dns_txt_record.api.fqdn, ".")
+  name                     = trimsuffix(azurerm_dns_cname_record.api.fqdn, ".")
   container_app_id         = azurerm_container_app.api.id
 
   depends_on = [
@@ -54,7 +54,7 @@ resource "azurerm_dns_txt_record" "website" {
 }
 
 resource "azurerm_container_app_custom_domain" "website" {
-  name                     = trimsuffix(azurerm_dns_txt_record.website.fqdn, ".")
+  name                     = trimsuffix(azurerm_dns_cname_record.website.fqdn, ".")
   container_app_id         = azurerm_container_app.website.id
 
   depends_on = [
@@ -86,7 +86,7 @@ resource "azurerm_dns_txt_record" "monitoring" {
 }
 
 resource "azurerm_container_app_custom_domain" "monitoring" {
-  name                     = trimsuffix(azurerm_dns_txt_record.monitoring.fqdn, ".")
+  name                     = trimsuffix(azurerm_dns_cname_record.monitoring.fqdn, ".")
   container_app_id         = azurerm_container_app.monitoring.id
 
   depends_on = [

From 66039cb32723dec44e1758e304edc9c1d07d5e3b Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 16:28:15 +0100
Subject: [PATCH 11/22] Bind DNS via terraform module

---
 .../instance/container_apps_bind_dns/main.tf  |  44 +++++++
 .../container_apps_bind_dns/scripts/create.sh | 122 ++++++++++++++++++
 .../scripts/destroy.sh                        |  29 +++++
 .../container_apps_bind_dns/variables.tf      |  22 ++++
 terraform/instance/dns.tf                     |  14 ++
 5 files changed, 231 insertions(+)
 create mode 100644 terraform/instance/container_apps_bind_dns/main.tf
 create mode 100644 terraform/instance/container_apps_bind_dns/scripts/create.sh
 create mode 100644 terraform/instance/container_apps_bind_dns/scripts/destroy.sh
 create mode 100644 terraform/instance/container_apps_bind_dns/variables.tf

diff --git a/terraform/instance/container_apps_bind_dns/main.tf b/terraform/instance/container_apps_bind_dns/main.tf
new file mode 100644
index 0000000..4e21096
--- /dev/null
+++ b/terraform/instance/container_apps_bind_dns/main.tf
@@ -0,0 +1,44 @@
+terraform {}
+
+resource "null_resource" "null" {
+  for_each = { for svc in var.services : svc.key => svc }
+
+  lifecycle {
+    create_before_destroy = false
+  }
+
+  triggers = {
+    ca_name        = each.value.container_app_name
+    ca_rg_name     = var.container_app_env_name
+    ca_env_name    = var.container_app_env_name
+    ca_env_rg_name = var.container_app_env_resource_group_name
+    custom_domain  = each.value.custom_domain
+  }
+
+  # provision a managed cert and apply it to the container app
+  provisioner "local-exec" {
+    when    = create
+    command = "sh ${path.module}/scripts/create.sh"
+
+    environment = {
+      CONTAINER_APP_NAME               = self.triggers.ca_name
+      CONTAINER_APP_RESOURCE_GROUP     = self.triggers.container_app
+      CONTAINER_APP_ENV_NAME           = self.triggers.ca_env_name_env_name
+      CONTAINER_APP_ENV_RESOURCE_GROUP = self.triggers.container_app_env_resource_group_name
+      CUSTOM_DOMAIN                    = self.triggers.custom_domain
+    }
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "sh ${path.module}/scripts/destroy.sh"
+
+    environment = {
+      CONTAINER_APP_NAME               = self.triggers.ca_name
+      CONTAINER_APP_RESOURCE_GROUP     = self.triggers.container_app
+      CONTAINER_APP_ENV_NAME           = self.triggers.ca_env_name_env_name
+      CONTAINER_APP_ENV_RESOURCE_GROUP = self.triggers.container_app_env_resource_group_name
+      CUSTOM_DOMAIN                    = self.triggers.custom_domain
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/instance/container_apps_bind_dns/scripts/create.sh b/terraform/instance/container_apps_bind_dns/scripts/create.sh
new file mode 100644
index 0000000..a586e3e
--- /dev/null
+++ b/terraform/instance/container_apps_bind_dns/scripts/create.sh
@@ -0,0 +1,122 @@
+# env variables used throughout this script:
+# CONTAINER_APP_NAME
+# CONTAINER_APP_RESOURCE_GROUP
+# CONTAINER_APP_ENV_NAME
+# CONTAINER_APP_ENV_RESOURCE_GROUP
+# CUSTOM_DOMAIN
+
+
+# functions below taken from: https://stackoverflow.com/a/25515370
+yell() { echo "$0: $*" >&2; }
+die() {
+  yell "$*"
+  exit 111
+}
+
+# use dig to verify the asuid txt record exists on the DNS host
+# azure requires this to exist prior to adding the domain
+# azure's dns can also be slow, so best to check propagation
+tries=0
+until [ "$tries" -ge 12 ]; do
+  [[ ! -z $(dig @8.8.8.8 txt asuid.$CUSTOM_DOMAIN +short) ]] && break
+  tries=$((tries + 1))
+  sleep 10
+done
+if [ "$tries" -ge 12 ]; then
+  die "'asuid.${CUSTOM_DOMAIN}' txt record does not exist"
+fi
+
+echo "took $tries trie(s) for the dns record to exist publically"
+
+# check if the hostname already exists on the container app
+# if not, add it since it's required to provision a managed cert
+DOES_CUSTOM_DOMAIN_EXIST=$(
+  az containerapp hostname list \
+    -n $CONTAINER_APP_NAME \
+    -g $CONTAINER_APP_RESOURCE_GROUP \
+    --query "[?name=='$CUSTOM_DOMAIN'].name" \
+    --output tsv
+)
+if [ -z "${DOES_CUSTOM_DOMAIN_EXIST}" ]; then
+  echo "adding custom hostname to container app first since it does not exist yet"
+  az containerapp hostname add \
+    -n $CONTAINER_APP_CONTAINER_APP_NAME \
+    -g $CONTAINER_APP_RESOURCE_GROUP \
+    --hostname $CUSTOM_DOMAIN \
+    --output none
+fi
+
+# check if a managed cert for the domain already exists
+# if it does not exist, provision one
+# if it does, save its name to use for binding it later
+MANAGED_CERTIFICATE_NAME=$(
+  az containerapp env certificate list \
+    -g $CONTAINER_APP_ENV_RESOURCE_GROUP \
+    -n $CONTAINER_APP_ENV_NAME \
+    --managed-certificates-only \
+    --query "[?properties.subjectName=='$CUSTOM_DOMAIN'].name" \
+    --output tsv
+)
+if [ -z "${MANAGED_CERTIFICATE_NAME}" ]; then
+  MANAGED_CERTIFICATE_NAME=$(
+    az containerapp env certificate create \
+      -g $CONTAINER_APP_ENV_RESOURCE_GROUP \
+      -n $CONTAINER_APP_ENV_NAME \
+      --hostname $CUSTOM_DOMAIN \
+      --validation-method CNAME \
+      --query "name" \
+      --output tsv
+  )
+  echo "created cert for '$CUSTOM_DOMAIN'. waiting for it to provision now..."
+
+  # poll azcli to check for the certificate status
+  # this is better than waiting 5 minutes, because it could be
+  # faster and we get to exit the script faster
+  # ---
+  # the default 20 tries means it'll check for 5 mins
+  # at 15 second intervals
+  tries=0
+  until [ "$tries" -ge 20 ]; do
+    STATE=$(
+      az containerapp env certificate list \
+        -g $CONTAINER_APP_ENV_RESOURCE_GROUP \
+        -n $CONTAINER_APP_ENV_NAME \
+        --managed-certificates-only \
+        --query "[?properties.subjectName=='$CUSTOM_DOMAIN'].properties.provisioningState" \
+        --output tsv
+    )
+    [[ $STATE == "Succeeded" ]] && break
+    tries=$((tries + 1))
+
+    sleep 15
+  done
+  if [ "$tries" -ge 20 ]; then
+    die "waited for 5 minutes, checked the certificate status 20 times and its not done. check azure portal..."
+  fi
+else
+  echo "found existing cert in the env. proceeding to use that"
+fi
+
+# check if the cert has already been bound
+# if not, bind it then
+IS_CERT_ALREADY_BOUND=$(
+  az containerapp hostname list \
+    -n $CONTAINER_APP_NAME \
+    -g $CONTAINER_APP_RESOURCE_GROUP \
+    --query "[?name=='$CUSTOM_DOMAIN'].bindingType" \
+    --output tsv
+)
+if [ $IS_CERT_ALREADY_BOUND = "SniEnabled" ]; then
+  echo "cert is already bound, exiting..."
+else
+  # try bind the cert to the container app
+  echo "cert successfully provisioned. binding the cert id to the hostname"
+  az containerapp hostname bind \
+    -g $CONTAINER_APP_RESOURCE_GROUP \
+    -n $CONTAINER_APP_NAME \
+    --hostname $CUSTOM_DOMAIN \
+    --environment $CONTAINER_APP_ENV_NAME \
+    --certificate $MANAGED_CERTIFICATE_NAME \
+    --output none
+  echo "finished binding. the domain is now secured and ready to use"
+fi
\ No newline at end of file
diff --git a/terraform/instance/container_apps_bind_dns/scripts/destroy.sh b/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
new file mode 100644
index 0000000..52e2382
--- /dev/null
+++ b/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
@@ -0,0 +1,29 @@
+# functions below taken from: https://stackoverflow.com/a/25515370
+yell() { echo "$0: $*" >&2; }
+die() {
+  yell "$*"
+  exit 111
+}
+
+# get the managed cert using the custom domain
+CERTIFICATE_ID=$(
+  az containerapp env certificate list \
+    -g $CONTAINER_APP_ENV_RESOURCE_GROUP \
+    -n $CONTAINER_APP_ENV_NAME \
+    --managed-certificates-only \
+    --query "[?properties.subjectName=='$CUSTOM_DOMAIN'].id" \
+    --output tsv
+)
+
+# destroy the cert
+az containerapp env certificate delete \
+  -g $CONTAINER_APP_ENV_RESOURCE_GROUP \
+  -n $CONTAINER_APP_ENV_NAME \
+  --certificate $CERTIFICATE_ID --yes
+echo "destroyed the managed certificate"
+
+# remove the custom domain from the container app
+az containerapp hostname delete --hostname $CUSTOM_DOMAIN \
+  -g $CONTAINER_APP_RESOURCE_GROUP \
+  -n $CONTAINER_APP_NAME
+echo "removed the custom domain from the container app"
\ No newline at end of file
diff --git a/terraform/instance/container_apps_bind_dns/variables.tf b/terraform/instance/container_apps_bind_dns/variables.tf
new file mode 100644
index 0000000..2b01b23
--- /dev/null
+++ b/terraform/instance/container_apps_bind_dns/variables.tf
@@ -0,0 +1,22 @@
+variable "container_app_resource_group_name" {
+  description = "name of the resource group where the container apps are deployed"
+  type = string
+}
+
+variable "container_app_env_resource_group_name" {
+  description = "name of the resource group where the container app environment is deployed"
+  type = string
+}
+
+variable "container_app_env_name" {
+  description = "name of the container app environment name"
+  type = string
+}
+
+variable "services" {
+  type = list(object({
+    key = string
+    custom_domain = string
+    container_app_name = string
+  }))
+}
\ No newline at end of file
diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index 259045b..7d3b365 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -98,3 +98,17 @@ resource "azurerm_container_app_custom_domain" "monitoring" {
     ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
   }
 }
+
+module "container_apps_bind_dns"{
+  source                                = "./container_apps_bind_dns"
+  container_app_resource_group_name     = azurerm_resource_group.instance.name
+  container_app_env_resource_group_name = data.azurerm_container_app_environment.apps.resource_group_name
+  container_app_env_name                = data.azurerm_container_app_environment.apps.name
+  services = [
+    {
+      key                = "api",
+      custom_domain      = trimsuffix(azurerm_dns_cname_record.api.fqdn, "."),
+      container_app_name = azurerm_container_app.api.name
+    }
+  ]
+}

From 934f17a77d0c2f0543c5fed72dc9848738ad284a Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 16:32:33 +0100
Subject: [PATCH 12/22] Typos

---
 .../instance/container_apps_bind_dns/main.tf  | 14 +++++-----
 terraform/instance/dns.tf                     | 26 ++++++++++++-------
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/terraform/instance/container_apps_bind_dns/main.tf b/terraform/instance/container_apps_bind_dns/main.tf
index 4e21096..3e66559 100644
--- a/terraform/instance/container_apps_bind_dns/main.tf
+++ b/terraform/instance/container_apps_bind_dns/main.tf
@@ -9,7 +9,7 @@ resource "null_resource" "null" {
 
   triggers = {
     ca_name        = each.value.container_app_name
-    ca_rg_name     = var.container_app_env_name
+    ca_rg_name     = var.container_app_resource_group_name
     ca_env_name    = var.container_app_env_name
     ca_env_rg_name = var.container_app_env_resource_group_name
     custom_domain  = each.value.custom_domain
@@ -22,9 +22,9 @@ resource "null_resource" "null" {
 
     environment = {
       CONTAINER_APP_NAME               = self.triggers.ca_name
-      CONTAINER_APP_RESOURCE_GROUP     = self.triggers.container_app
-      CONTAINER_APP_ENV_NAME           = self.triggers.ca_env_name_env_name
-      CONTAINER_APP_ENV_RESOURCE_GROUP = self.triggers.container_app_env_resource_group_name
+      CONTAINER_APP_RESOURCE_GROUP     = self.triggers.ca_rg_name
+      CONTAINER_APP_ENV_NAME           = self.triggers.ca_env_name
+      CONTAINER_APP_ENV_RESOURCE_GROUP = self.triggers.ca_env_rg_name
       CUSTOM_DOMAIN                    = self.triggers.custom_domain
     }
   }
@@ -35,9 +35,9 @@ resource "null_resource" "null" {
 
     environment = {
       CONTAINER_APP_NAME               = self.triggers.ca_name
-      CONTAINER_APP_RESOURCE_GROUP     = self.triggers.container_app
-      CONTAINER_APP_ENV_NAME           = self.triggers.ca_env_name_env_name
-      CONTAINER_APP_ENV_RESOURCE_GROUP = self.triggers.container_app_env_resource_group_name
+      CONTAINER_APP_RESOURCE_GROUP     = self.triggers.ca_rg_name
+      CONTAINER_APP_ENV_NAME           = self.triggers.ca_env_name
+      CONTAINER_APP_ENV_RESOURCE_GROUP = self.triggers.ca_env_rg_name
       CUSTOM_DOMAIN                    = self.triggers.custom_domain
     }
   }
diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index 7d3b365..c9380f5 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -1,6 +1,6 @@
-data "azurerm_dns_zone" "rockpal-co-uk"{
-    resource_group_name = "onlinestore-shared-rg"
-    name                = "rockpal.co.uk"
+data "azurerm_dns_zone" "rockpal-co-uk" {
+  resource_group_name = "onlinestore-shared-rg"
+  name                = "rockpal.co.uk"
 }
 
 resource "azurerm_dns_cname_record" "api" {
@@ -22,8 +22,8 @@ resource "azurerm_dns_txt_record" "api" {
 }
 
 resource "azurerm_container_app_custom_domain" "api" {
-  name                     = trimsuffix(azurerm_dns_cname_record.api.fqdn, ".")
-  container_app_id         = azurerm_container_app.api.id
+  name             = trimsuffix(azurerm_dns_cname_record.api.fqdn, ".")
+  container_app_id = azurerm_container_app.api.id
 
   depends_on = [
     azurerm_dns_txt_record.api,
@@ -54,8 +54,8 @@ resource "azurerm_dns_txt_record" "website" {
 }
 
 resource "azurerm_container_app_custom_domain" "website" {
-  name                     = trimsuffix(azurerm_dns_cname_record.website.fqdn, ".")
-  container_app_id         = azurerm_container_app.website.id
+  name             = trimsuffix(azurerm_dns_cname_record.website.fqdn, ".")
+  container_app_id = azurerm_container_app.website.id
 
   depends_on = [
     azurerm_dns_txt_record.website,
@@ -86,8 +86,8 @@ resource "azurerm_dns_txt_record" "monitoring" {
 }
 
 resource "azurerm_container_app_custom_domain" "monitoring" {
-  name                     = trimsuffix(azurerm_dns_cname_record.monitoring.fqdn, ".")
-  container_app_id         = azurerm_container_app.monitoring.id
+  name             = trimsuffix(azurerm_dns_cname_record.monitoring.fqdn, ".")
+  container_app_id = azurerm_container_app.monitoring.id
 
   depends_on = [
     azurerm_dns_txt_record.monitoring,
@@ -99,7 +99,7 @@ resource "azurerm_container_app_custom_domain" "monitoring" {
   }
 }
 
-module "container_apps_bind_dns"{
+module "container_apps_bind_dns" {
   source                                = "./container_apps_bind_dns"
   container_app_resource_group_name     = azurerm_resource_group.instance.name
   container_app_env_resource_group_name = data.azurerm_container_app_environment.apps.resource_group_name
@@ -111,4 +111,10 @@ module "container_apps_bind_dns"{
       container_app_name = azurerm_container_app.api.name
     }
   ]
+
+  depends_on = [
+    azurerm_container_app_custom_domain.api,
+    azurerm_container_app_custom_domain.website,
+    azurerm_container_app_custom_domain.monitoring
+  ]
 }

From 0d9270815f3253e6a8a35b512bf360c906471c77 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 17:02:08 +0100
Subject: [PATCH 13/22] Linux-ify

---
 terraform/instance/container_apps_bind_dns/scripts/create.sh  | 4 ++--
 terraform/instance/container_apps_bind_dns/scripts/destroy.sh | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/instance/container_apps_bind_dns/scripts/create.sh b/terraform/instance/container_apps_bind_dns/scripts/create.sh
index a586e3e..a4bd2b3 100644
--- a/terraform/instance/container_apps_bind_dns/scripts/create.sh
+++ b/terraform/instance/container_apps_bind_dns/scripts/create.sh
@@ -40,7 +40,7 @@ DOES_CUSTOM_DOMAIN_EXIST=$(
 if [ -z "${DOES_CUSTOM_DOMAIN_EXIST}" ]; then
   echo "adding custom hostname to container app first since it does not exist yet"
   az containerapp hostname add \
-    -n $CONTAINER_APP_CONTAINER_APP_NAME \
+    -n $CONTAINER_APP_NAME \
     -g $CONTAINER_APP_RESOURCE_GROUP \
     --hostname $CUSTOM_DOMAIN \
     --output none
@@ -119,4 +119,4 @@ else
     --certificate $MANAGED_CERTIFICATE_NAME \
     --output none
   echo "finished binding. the domain is now secured and ready to use"
-fi
\ No newline at end of file
+fi
diff --git a/terraform/instance/container_apps_bind_dns/scripts/destroy.sh b/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
index 52e2382..b92c405 100644
--- a/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
+++ b/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
@@ -26,4 +26,4 @@ echo "destroyed the managed certificate"
 az containerapp hostname delete --hostname $CUSTOM_DOMAIN \
   -g $CONTAINER_APP_RESOURCE_GROUP \
   -n $CONTAINER_APP_NAME
-echo "removed the custom domain from the container app"
\ No newline at end of file
+echo "removed the custom domain from the container app"

From a950b60c606bc3eb5c4d193b1c0eb972aca4d33e Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 17:18:45 +0100
Subject: [PATCH 14/22] Update instance-deploy-test.yml

---
 .github/workflows/instance-deploy-test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index 07f37d7..c32f609 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -43,6 +43,8 @@ jobs:
         uses: hashicorp/setup-terraform@v2
         with:
           terraform_wrapper: false
+      - name: Setup Azure CLI
+        run: sudo apt-get install -y dnsutils
       - name: Terraform Format
         id: fmt
         run: terraform -chdir=instance fmt

From 1dc160fd47cd35e8e64c48ca2ce2a4cbf18f28cf Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 17:33:35 +0100
Subject: [PATCH 15/22] Add bin/bash

---
 .github/workflows/instance-deploy-test.yml             | 10 ++++++++--
 .../instance/container_apps_bind_dns/scripts/create.sh |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index c32f609..661eec7 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -43,8 +43,14 @@ jobs:
         uses: hashicorp/setup-terraform@v2
         with:
           terraform_wrapper: false
-      - name: Setup Azure CLI
-        run: sudo apt-get install -y dnsutils
+      - name: Login via Azure CLI
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+      # - name: Setup azure CLI
+      #   run: 
+      # - name: Setup dnsutils (dig) CLI
+      #   run: sudo apt-get install -y dnsutils
       - name: Terraform Format
         id: fmt
         run: terraform -chdir=instance fmt
diff --git a/terraform/instance/container_apps_bind_dns/scripts/create.sh b/terraform/instance/container_apps_bind_dns/scripts/create.sh
index a4bd2b3..c44a4e4 100644
--- a/terraform/instance/container_apps_bind_dns/scripts/create.sh
+++ b/terraform/instance/container_apps_bind_dns/scripts/create.sh
@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # env variables used throughout this script:
 # CONTAINER_APP_NAME
 # CONTAINER_APP_RESOURCE_GROUP

From ed2404b0cf8db289639843fe44fbdeaaf7bb4ea3 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 17:37:51 +0100
Subject: [PATCH 16/22] Update main.tf

---
 terraform/instance/container_apps_bind_dns/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/terraform/instance/container_apps_bind_dns/main.tf b/terraform/instance/container_apps_bind_dns/main.tf
index 3e66559..2958914 100644
--- a/terraform/instance/container_apps_bind_dns/main.tf
+++ b/terraform/instance/container_apps_bind_dns/main.tf
@@ -18,7 +18,7 @@ resource "null_resource" "null" {
   # provision a managed cert and apply it to the container app
   provisioner "local-exec" {
     when    = create
-    command = "sh ${path.module}/scripts/create.sh"
+    command = "bash ${path.module}/scripts/create.sh"
 
     environment = {
       CONTAINER_APP_NAME               = self.triggers.ca_name
@@ -31,7 +31,7 @@ resource "null_resource" "null" {
 
   provisioner "local-exec" {
     when    = destroy
-    command = "sh ${path.module}/scripts/destroy.sh"
+    command = "bash ${path.module}/scripts/destroy.sh"
 
     environment = {
       CONTAINER_APP_NAME               = self.triggers.ca_name

From 99ed0fbb2f0d8e651ce7e9d920b23f059913ce56 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 18:25:54 +0100
Subject: [PATCH 17/22] Get certificate ID over name

---
 .../container_apps_bind_dns/scripts/create.sh        | 12 ++++++------
 .../container_apps_bind_dns/scripts/destroy.sh       |  2 ++
 .../instance/container_apps_bind_dns/variables.tf    |  8 ++++----
 terraform/instance/dns.tf                            |  2 +-
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/terraform/instance/container_apps_bind_dns/scripts/create.sh b/terraform/instance/container_apps_bind_dns/scripts/create.sh
index c44a4e4..222279c 100644
--- a/terraform/instance/container_apps_bind_dns/scripts/create.sh
+++ b/terraform/instance/container_apps_bind_dns/scripts/create.sh
@@ -51,22 +51,22 @@ fi
 # check if a managed cert for the domain already exists
 # if it does not exist, provision one
 # if it does, save its name to use for binding it later
-MANAGED_CERTIFICATE_NAME=$(
+MANAGED_CERTIFICATE_ID=$(
   az containerapp env certificate list \
     -g $CONTAINER_APP_ENV_RESOURCE_GROUP \
     -n $CONTAINER_APP_ENV_NAME \
     --managed-certificates-only \
-    --query "[?properties.subjectName=='$CUSTOM_DOMAIN'].name" \
+    --query "[?properties.subjectName=='$CUSTOM_DOMAIN'].id" \
     --output tsv
 )
-if [ -z "${MANAGED_CERTIFICATE_NAME}" ]; then
-  MANAGED_CERTIFICATE_NAME=$(
+if [ -z "${MANAGED_CERTIFICATE_ID}" ]; then
+  MANAGED_CERTIFICATE_ID=$(
     az containerapp env certificate create \
       -g $CONTAINER_APP_ENV_RESOURCE_GROUP \
       -n $CONTAINER_APP_ENV_NAME \
       --hostname $CUSTOM_DOMAIN \
       --validation-method CNAME \
-      --query "name" \
+      --query "id" \
       --output tsv
   )
   echo "created cert for '$CUSTOM_DOMAIN'. waiting for it to provision now..."
@@ -118,7 +118,7 @@ else
     -n $CONTAINER_APP_NAME \
     --hostname $CUSTOM_DOMAIN \
     --environment $CONTAINER_APP_ENV_NAME \
-    --certificate $MANAGED_CERTIFICATE_NAME \
+    --certificate $MANAGED_CERTIFICATE_ID \
     --output none
   echo "finished binding. the domain is now secured and ready to use"
 fi
diff --git a/terraform/instance/container_apps_bind_dns/scripts/destroy.sh b/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
index b92c405..df31b37 100644
--- a/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
+++ b/terraform/instance/container_apps_bind_dns/scripts/destroy.sh
@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # functions below taken from: https://stackoverflow.com/a/25515370
 yell() { echo "$0: $*" >&2; }
 die() {
diff --git a/terraform/instance/container_apps_bind_dns/variables.tf b/terraform/instance/container_apps_bind_dns/variables.tf
index 2b01b23..182175f 100644
--- a/terraform/instance/container_apps_bind_dns/variables.tf
+++ b/terraform/instance/container_apps_bind_dns/variables.tf
@@ -3,13 +3,13 @@ variable "container_app_resource_group_name" {
   type = string
 }
 
-variable "container_app_env_resource_group_name" {
-  description = "name of the resource group where the container app environment is deployed"
+variable "container_app_env_name" {
+  description = "name of the container app environment name"
   type = string
 }
 
-variable "container_app_env_name" {
-  description = "name of the container app environment name"
+variable "container_app_env_resource_group_name" {
+  description = "name of the resource group where the container app environment is deployed"
   type = string
 }
 
diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index c9380f5..7a3d82f 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -102,8 +102,8 @@ resource "azurerm_container_app_custom_domain" "monitoring" {
 module "container_apps_bind_dns" {
   source                                = "./container_apps_bind_dns"
   container_app_resource_group_name     = azurerm_resource_group.instance.name
-  container_app_env_resource_group_name = data.azurerm_container_app_environment.apps.resource_group_name
   container_app_env_name                = data.azurerm_container_app_environment.apps.name
+  container_app_env_resource_group_name = data.azurerm_container_app_environment.apps.resource_group_name
   services = [
     {
       key                = "api",

From afd518fdcff7b0f9aa4679ca88cc3aee69c531b8 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 18:28:37 +0100
Subject: [PATCH 18/22] Update dns.tf

---
 terraform/instance/dns.tf | 82 ++++++++++++++++++++-------------------
 1 file changed, 43 insertions(+), 39 deletions(-)

diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index 7a3d82f..d6819dc 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -21,19 +21,19 @@ resource "azurerm_dns_txt_record" "api" {
   }
 }
 
-resource "azurerm_container_app_custom_domain" "api" {
-  name             = trimsuffix(azurerm_dns_cname_record.api.fqdn, ".")
-  container_app_id = azurerm_container_app.api.id
+# resource "azurerm_container_app_custom_domain" "api" {
+#   name             = trimsuffix(azurerm_dns_cname_record.api.fqdn, ".")
+#   container_app_id = azurerm_container_app.api.id
 
-  depends_on = [
-    azurerm_dns_txt_record.api,
-  ]
+#   depends_on = [
+#     azurerm_dns_txt_record.api,
+#   ]
 
-  lifecycle {
-    // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
-    ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
-  }
-}
+#   lifecycle {
+#     // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
+#     ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
+#   }
+# }
 
 resource "azurerm_dns_cname_record" "website" {
   name                = var.website_dns_subdomain
@@ -53,19 +53,19 @@ resource "azurerm_dns_txt_record" "website" {
   }
 }
 
-resource "azurerm_container_app_custom_domain" "website" {
-  name             = trimsuffix(azurerm_dns_cname_record.website.fqdn, ".")
-  container_app_id = azurerm_container_app.website.id
+# resource "azurerm_container_app_custom_domain" "website" {
+#   name             = trimsuffix(azurerm_dns_cname_record.website.fqdn, ".")
+#   container_app_id = azurerm_container_app.website.id
 
-  depends_on = [
-    azurerm_dns_txt_record.website,
-  ]
+#   depends_on = [
+#     azurerm_dns_txt_record.website,
+#   ]
 
-  lifecycle {
-    // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
-    ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
-  }
-}
+#   lifecycle {
+#     // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
+#     ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
+#   }
+# }
 
 resource "azurerm_dns_cname_record" "monitoring" {
   name                = var.monitoring_dns_subdomain
@@ -85,19 +85,19 @@ resource "azurerm_dns_txt_record" "monitoring" {
   }
 }
 
-resource "azurerm_container_app_custom_domain" "monitoring" {
-  name             = trimsuffix(azurerm_dns_cname_record.monitoring.fqdn, ".")
-  container_app_id = azurerm_container_app.monitoring.id
+# resource "azurerm_container_app_custom_domain" "monitoring" {
+#   name             = trimsuffix(azurerm_dns_cname_record.monitoring.fqdn, ".")
+#   container_app_id = azurerm_container_app.monitoring.id
 
-  depends_on = [
-    azurerm_dns_txt_record.monitoring,
-  ]
+#   depends_on = [
+#     azurerm_dns_txt_record.monitoring,
+#   ]
 
-  lifecycle {
-    // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
-    ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
-  }
-}
+#   lifecycle {
+#     // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
+#     ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
+#   }
+# }
 
 module "container_apps_bind_dns" {
   source                                = "./container_apps_bind_dns"
@@ -109,12 +109,16 @@ module "container_apps_bind_dns" {
       key                = "api",
       custom_domain      = trimsuffix(azurerm_dns_cname_record.api.fqdn, "."),
       container_app_name = azurerm_container_app.api.name
+    },
+    {
+      key                = "website",
+      custom_domain      = trimsuffix(azurerm_dns_cname_record.website.fqdn, "."),
+      container_app_name = azurerm_container_app.website.name
+    },
+    {
+      key                = "monitoring",
+      custom_domain      = trimsuffix(azurerm_dns_cname_record.monitoring.fqdn, "."),
+      container_app_name = azurerm_container_app.monitoring.name
     }
   ]
-
-  depends_on = [
-    azurerm_container_app_custom_domain.api,
-    azurerm_container_app_custom_domain.website,
-    azurerm_container_app_custom_domain.monitoring
-  ]
 }

From 28f4b13d3164e2a800e66ab5d5206bd1d9f98f21 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 18:42:28 +0100
Subject: [PATCH 19/22] Tidy up terraform + workflows

---
 .github/workflows/instance-deploy-test.yml    |  4 --
 ...oy-test.yaml => instance-destroy-test.yml} |  2 +
 terraform/instance/dns.tf                     | 42 -------------------
 3 files changed, 2 insertions(+), 46 deletions(-)
 rename .github/workflows/{instance-destroy-test.yaml => instance-destroy-test.yml} (91%)

diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index 661eec7..fbb97ee 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -47,10 +47,6 @@ jobs:
         uses: azure/login@v1
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
-      # - name: Setup azure CLI
-      #   run: 
-      # - name: Setup dnsutils (dig) CLI
-      #   run: sudo apt-get install -y dnsutils
       - name: Terraform Format
         id: fmt
         run: terraform -chdir=instance fmt
diff --git a/.github/workflows/instance-destroy-test.yaml b/.github/workflows/instance-destroy-test.yml
similarity index 91%
rename from .github/workflows/instance-destroy-test.yaml
rename to .github/workflows/instance-destroy-test.yml
index 6c660d0..d8c04f0 100644
--- a/.github/workflows/instance-destroy-test.yaml
+++ b/.github/workflows/instance-destroy-test.yml
@@ -31,3 +31,5 @@ jobs:
           TF_VAR_acr_username: "not-used"
           TF_VAR_acr_password: "not-used"
           TF_VAR_website_dns_subdomain: "not-used"
+          TF_VAR_api_dns_subdomain: "not-used"
+          TF_VAR_monitoring_dns_subdomain: "not-used"
diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index d6819dc..c8dd8a8 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -21,20 +21,6 @@ resource "azurerm_dns_txt_record" "api" {
   }
 }
 
-# resource "azurerm_container_app_custom_domain" "api" {
-#   name             = trimsuffix(azurerm_dns_cname_record.api.fqdn, ".")
-#   container_app_id = azurerm_container_app.api.id
-
-#   depends_on = [
-#     azurerm_dns_txt_record.api,
-#   ]
-
-#   lifecycle {
-#     // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
-#     ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
-#   }
-# }
-
 resource "azurerm_dns_cname_record" "website" {
   name                = var.website_dns_subdomain
   zone_name           = data.azurerm_dns_zone.rockpal-co-uk.name
@@ -53,20 +39,6 @@ resource "azurerm_dns_txt_record" "website" {
   }
 }
 
-# resource "azurerm_container_app_custom_domain" "website" {
-#   name             = trimsuffix(azurerm_dns_cname_record.website.fqdn, ".")
-#   container_app_id = azurerm_container_app.website.id
-
-#   depends_on = [
-#     azurerm_dns_txt_record.website,
-#   ]
-
-#   lifecycle {
-#     // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
-#     ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
-#   }
-# }
-
 resource "azurerm_dns_cname_record" "monitoring" {
   name                = var.monitoring_dns_subdomain
   zone_name           = data.azurerm_dns_zone.rockpal-co-uk.name
@@ -85,20 +57,6 @@ resource "azurerm_dns_txt_record" "monitoring" {
   }
 }
 
-# resource "azurerm_container_app_custom_domain" "monitoring" {
-#   name             = trimsuffix(azurerm_dns_cname_record.monitoring.fqdn, ".")
-#   container_app_id = azurerm_container_app.monitoring.id
-
-#   depends_on = [
-#     azurerm_dns_txt_record.monitoring,
-#   ]
-
-#   lifecycle {
-#     // When using an Azure created Managed Certificate these values must be added to ignore_changes to prevent resource recreation.
-#     ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
-#   }
-# }
-
 module "container_apps_bind_dns" {
   source                                = "./container_apps_bind_dns"
   container_app_resource_group_name     = azurerm_resource_group.instance.name

From 67a03c8ccd62d58bdc7ab6ee39833b201f48d1cc Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Mon, 1 Jul 2024 20:09:24 +0100
Subject: [PATCH 20/22] Use my updated action

---
 .github/workflows/instance-deploy-prod.yml |  8 --------
 .github/workflows/instance-deploy-test.yml | 12 +++---------
 terraform/instance/main.tf                 | 15 ---------------
 3 files changed, 3 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/instance-deploy-prod.yml b/.github/workflows/instance-deploy-prod.yml
index fe99090..edeb066 100644
--- a/.github/workflows/instance-deploy-prod.yml
+++ b/.github/workflows/instance-deploy-prod.yml
@@ -80,9 +80,6 @@ jobs:
         run: |
           mkdir terraform-outputs
           terraform -chdir=instance output -raw resource_group_name > terraform-outputs/resource_group_name.txt
-          terraform -chdir=instance output -raw container_app_api_fqdn > terraform-outputs/container_app_api_fqdn.txt
-          terraform -chdir=instance output -raw container_app_website_fqdn > terraform-outputs/container_app_website_fqdn.txt
-          terraform -chdir=instance show -json | jq -r '.values.outputs.container_app_monitoring_fqdn.value // ""' > container_app_monitoring_fqdn.txt
       - name: Upload terraform outputs for deploy job
         uses: actions/upload-artifact@v3
         with:
@@ -105,9 +102,6 @@ jobs:
         shell: bash
         run: |
           echo "resource_group_name=$(cat resource_group_name.txt)" >> $GITHUB_ENV
-          echo "container_app_api_fqdn=$(cat container_app_api_fqdn.txt)" >> $GITHUB_ENV
-          echo "container_app_website_fqdn=$(cat container_app_website_fqdn.txt)" >> $GITHUB_ENV
-          echo "container_app_monitoring_fqdn=$(cat container_app_monitoring_fqdn.txt)" >> $GITHUB_ENV
       - name: Login via Azure CLI
         uses: azure/login@v1
         with:
@@ -115,7 +109,6 @@ jobs:
       - name: Deploy api
         uses: azure/container-apps-deploy-action@v1
         with:
-          yamlConfigPath: .github/workflows/config/container-environment-config.yaml
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
@@ -128,7 +121,6 @@ jobs:
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:
-          yamlConfigPath: .github/workflows/config/container-environment-config.yaml
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index fbb97ee..48b204d 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -83,9 +83,6 @@ jobs:
         run: |
           mkdir terraform-outputs
           terraform -chdir=instance output -raw resource_group_name > terraform-outputs/resource_group_name.txt
-          terraform -chdir=instance output -raw container_app_api_fqdn > terraform-outputs/container_app_api_fqdn.txt
-          terraform -chdir=instance output -raw container_app_website_fqdn > terraform-outputs/container_app_website_fqdn.txt
-          terraform -chdir=instance output -raw container_app_monitoring_fqdn > terraform-outputs/container_app_monitoring_fqdn.txt
       - name: Upload terraform outputs for deploy job
         uses: actions/upload-artifact@v3
         with:
@@ -108,21 +105,18 @@ jobs:
         shell: bash
         run: |
           echo "resource_group_name=$(cat resource_group_name.txt)" >> $GITHUB_ENV
-          echo "container_app_api_fqdn=$(cat container_app_api_fqdn.txt)" >> $GITHUB_ENV
-          echo "container_app_website_fqdn=$(cat container_app_website_fqdn.txt)" >> $GITHUB_ENV
-          echo "container_app_monitoring_fqdn=$(cat container_app_monitoring_fqdn.txt)" >> $GITHUB_ENV
       - name: Login via Azure CLI
         uses: azure/login@v1
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
       - name: Deploy api
-        uses: azure/container-apps-deploy-action@v1
+        uses: benchiverton/container-apps-deploy-action@container-env-resource-group
         with:
-          yamlConfigPath: .github/workflows/config/container-environment-config.yaml
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
           containerAppName: ${{ github.head_ref }}-onlinestore-api
+          containerAppEnvironmentResourceGroup: onlinestore-shared-rg
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-api:${{ github.sha }}
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
@@ -131,11 +125,11 @@ jobs:
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:
-          yamlConfigPath: .github/workflows/config/container-environment-config.yaml
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
           containerAppName: ${{ github.head_ref }}-onlinestore-website
+          containerAppEnvironmentResourceGroup: onlinestore-shared-rg
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-website:${{ github.sha }}
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
diff --git a/terraform/instance/main.tf b/terraform/instance/main.tf
index f792457..0097f17 100644
--- a/terraform/instance/main.tf
+++ b/terraform/instance/main.tf
@@ -32,18 +32,3 @@ output "resource_group_name" {
   value       = azurerm_resource_group.instance.name
   sensitive   = false
 }
-
-output "container_app_api_fqdn" {
-  value       = azurerm_container_app.api.ingress[0].fqdn
-  sensitive   = false
-}
-
-output "container_app_website_fqdn" {
-  value       = azurerm_container_app.website.ingress[0].fqdn
-  sensitive   = false
-}
-
-output "container_app_monitoring_fqdn" {
-  value       = azurerm_container_app.monitoring.ingress[0].fqdn
-  sensitive   = false
-}

From c4903c9aa163f0922c3ba85f2d7edfdf6f93daef Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Tue, 2 Jul 2024 08:27:59 +0100
Subject: [PATCH 21/22] Move apps into shared resource group

---
 .../workflows/config/container-environment-config.yaml    | 2 --
 .github/workflows/instance-deploy-test.yml                | 8 +++-----
 terraform/instance/container_apps.tf                      | 6 +++---
 3 files changed, 6 insertions(+), 10 deletions(-)
 delete mode 100644 .github/workflows/config/container-environment-config.yaml

diff --git a/.github/workflows/config/container-environment-config.yaml b/.github/workflows/config/container-environment-config.yaml
deleted file mode 100644
index 3006337..0000000
--- a/.github/workflows/config/container-environment-config.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-properties:
-  managedEnvironmentId: /subscriptions/c57c2a02-297d-4f68-979b-1960df722627/resourceGroups/onlinestore-shared-rg/providers/Microsoft.App/managedEnvironments/onlinestore-containerapps
diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
index 48b204d..6a08489 100644
--- a/.github/workflows/instance-deploy-test.yml
+++ b/.github/workflows/instance-deploy-test.yml
@@ -110,16 +110,15 @@ jobs:
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
       - name: Deploy api
-        uses: benchiverton/container-apps-deploy-action@container-env-resource-group
+        uses: azure/container-apps-deploy-action@v1
         with:
           acrName: onlinestorecontainerregistry
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
           containerAppName: ${{ github.head_ref }}-onlinestore-api
-          containerAppEnvironmentResourceGroup: onlinestore-shared-rg
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-api:${{ github.sha }}
           location: 'East US'
-          resourceGroup: ${{ env.resource_group_name }}
+          resourceGroup: onlinestore-shared-rg
           targetPort: 8080
           environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ github.head_ref }}-onlinestore-monitoring:18889
       - name: Deploy website
@@ -129,10 +128,9 @@ jobs:
           acrUsername: ${{ secrets.ACR_USERNAME }}
           acrPassword: ${{ secrets.ACR_TOKEN }}
           containerAppName: ${{ github.head_ref }}-onlinestore-website
-          containerAppEnvironmentResourceGroup: onlinestore-shared-rg
           imageToDeploy: onlinestorecontainerregistry.azurecr.io/onlinestore-website:${{ github.sha }}
           location: 'East US'
-          resourceGroup: ${{ env.resource_group_name }}
+          resourceGroup: onlinestore-shared-rg
           targetPort: 80
           environmentVariables: "API__BASEPATH=https://${{ github.head_ref }}-api.rockpal.co.uk"
       - name: Find Comment
diff --git a/terraform/instance/container_apps.tf b/terraform/instance/container_apps.tf
index c0bb36b..4caf469 100644
--- a/terraform/instance/container_apps.tf
+++ b/terraform/instance/container_apps.tf
@@ -6,7 +6,7 @@ data  "azurerm_container_app_environment" "apps" {
 resource "azurerm_container_app" "api" {
   name                         = "${lower(var.environment)}-${var.name}-api"
   container_app_environment_id = data.azurerm_container_app_environment.apps.id
-  resource_group_name          = azurerm_resource_group.instance.name
+  resource_group_name          = data.azurerm_container_app_environment.apps.resource_group_name
   revision_mode                = "Single"
 
   template {
@@ -41,7 +41,7 @@ resource "azurerm_container_app" "api" {
 resource "azurerm_container_app" "website" {
   name                         = "${lower(var.environment)}-${var.name}-website"
   container_app_environment_id = data.azurerm_container_app_environment.apps.id
-  resource_group_name          = azurerm_resource_group.instance.name
+  resource_group_name          = data.azurerm_container_app_environment.apps.resource_group_name
   revision_mode                = "Single"
 
   template {
@@ -76,7 +76,7 @@ resource "azurerm_container_app" "website" {
 resource "azurerm_container_app" "monitoring" {
   name                         = "${lower(var.environment)}-${var.name}-monitoring"
   container_app_environment_id = data.azurerm_container_app_environment.apps.id
-  resource_group_name          = azurerm_resource_group.instance.name
+  resource_group_name          = data.azurerm_container_app_environment.apps.resource_group_name
   revision_mode                = "Single"
 
   template {

From 83cd5f3a7a81ae9d038ea6142d522f1ec8c22bb4 Mon Sep 17 00:00:00 2001
From: Benjamin Chiverton <b.chiverton@warwick.ac.uk>
Date: Tue, 2 Jul 2024 08:32:52 +0100
Subject: [PATCH 22/22] Update dns.tf

---
 terraform/instance/dns.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/instance/dns.tf b/terraform/instance/dns.tf
index c8dd8a8..f85b817 100644
--- a/terraform/instance/dns.tf
+++ b/terraform/instance/dns.tf
@@ -59,7 +59,7 @@ resource "azurerm_dns_txt_record" "monitoring" {
 
 module "container_apps_bind_dns" {
   source                                = "./container_apps_bind_dns"
-  container_app_resource_group_name     = azurerm_resource_group.instance.name
+  container_app_resource_group_name     = data.azurerm_container_app_environment.apps.resource_group_name
   container_app_env_name                = data.azurerm_container_app_environment.apps.name
   container_app_env_resource_group_name = data.azurerm_container_app_environment.apps.resource_group_name
   services = [