Add initial FHIR endpoint for CodeSystem by OID (#56) #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
permissions: | |
id-token: write | |
jobs: | |
deploy: | |
name: Deploy phinvads-go | |
runs-on: ubuntu-latest | |
environment: main | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23.0" | |
- name: Azure CLI Login | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Allow GitHub Runner IP | |
run: | | |
set -eu | |
agentIP=$(curl -s https://api.ipify.org/) | |
az network nsg rule create \ | |
--resource-group phinvads-go \ | |
--nsg-name phinvads-go-nsg \ | |
--name AllowSSHFromGitHubActions \ | |
--priority 200 \ | |
--direction Inbound \ | |
--access Allow \ | |
--protocol Tcp \ | |
--destination-port-ranges 22 \ | |
--source-address-prefixes $agentIP \ | |
--destination-address-prefixes '*' \ | |
--description "Allow SSH from GitHub Actions" | |
sleep 3 | |
- name: Write SSH key to file | |
env: | |
AZURE_VM_SSH_KEY: ${{ secrets.AZURE_VM_SSH_KEY }} | |
run: | | |
install -m 600 -D /dev/null ~/.ssh/phinvads-go | |
echo "${{ secrets.AZURE_VM_SSH_KEY }}" > ~/.ssh/phinvads-go | |
echo "IdentityFile /home/runner/.ssh/phinvads-go" >> ~/.ssh/config | |
- name: Build phinvads-go | |
run: | | |
go install github.com/a-h/templ/cmd/templ@latest | |
templ generate | |
go build -o phinvads-go ./cmd/phinvads-go | |
- name: Deploy phinvads-go to VM | |
env: | |
AZURE_VM_IP: ${{ secrets.AZURE_VM_IP }} | |
run: | | |
ssh -o StrictHostKeyChecking=accept-new azureuser@${AZURE_VM_IP} "sudo systemctl stop phinvads-go" | |
scp ./phinvads-go azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go | |
scp ./remote/production/phinvads-go.service azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go.service | |
ssh azureuser@${AZURE_VM_IP} "sudo mv phinvads-go.service /etc/systemd/system/phinvads-go.service && sudo systemctl enable phinvads-go && sudo systemctl restart phinvads-go" | |
- name: Disallow GitHub Runner IP | |
if: always() | |
run: | | |
set -eu | |
agentIP=$(curl -s https://api.ipify.org/) | |
az network nsg rule delete \ | |
--resource-group phinvads-go \ | |
--nsg-name phinvads-go-nsg \ | |
--name AllowSSHFromGitHubActions |