Release to production

.github/workflows/build.yml

@@ -3,13 +3,20 @@ name: Build
 on:
   workflow_dispatch:
 
-  pull_request:
-    branches: [ develop, production ]
+  workflow_call:
+    inputs:
+      push_image:
+        description: "Push docker image to registry"
+        required: false
+        default: false
+        type: boolean
 
 jobs:
   core-build:
     name: Build codebase
     uses: ./.github/workflows/core-build.yml
+    with:
+      push_image: ${{ inputs.push_image }}
     secrets: inherit
 
   infra-build:
@@ -19,5 +26,5 @@ jobs:
 
   sonarcloud:
     name: SonarCloud
-    uses: ./.github/workflows/core-sonarcloud.yml
-    secrets: inherit
+    uses: ./.github/workflows/sonarcloud.yml
+    secrets: inherit

.github/workflows/core-build.yml

@@ -9,6 +9,7 @@ on:
       push_image:
         description: "Push docker image to registry"
         required: false
+        default: false
         type: boolean
 
   workflow_dispatch:

.github/workflows/deploy-dev.yml

@@ -0,0 +1,13 @@
+name: Deploy to dev
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  dev-deploy:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      environment: dev

.github/workflows/deploy-prd.yml

@@ -0,0 +1,12 @@
+name: Deploy to prd
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  prd-deploy:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      environment: prd

.github/workflows/deploy.yml

@@ -1,43 +1,79 @@
-name: Deploy
+name: Deployment
 
 on:
-  push:
-    branches: [ develop, production ]
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        required: true
+        description: "Target Environment. Can either be 'dev' or 'prd'"
 
 jobs:
-  core-build:
+  build-all:
     name: Build codebase
-    uses: ./.github/workflows/core-build.yml
+    uses: ./.github/workflows/build.yml
     with:
       push_image: true
     secrets: inherit
-
-  infra-build:
-    name: Build infrastructure
-    uses: ./.github/workflows/infra-build.yml
-    secrets: inherit
 
-  sonarcloud:
-    name: SonarCloud
-    uses: ./.github/workflows/core-sonarcloud.yml
-    secrets: inherit
+  deploy:
+    needs: [build-all]
+    name: Azure Deployment
+    runs-on: ubuntu-22.04
+    environment:
+      name: ${{ inputs.environment }}
+      url: ${{ vars.AZURE_SUBSCRIPTION_URL }}
+    concurrency:
+      group: ${{ inputs.environment }}
+      cancel-in-progress: false
 
-  deploy_dev:
-    name: Deploy dev
-    if: github.ref_name == 'develop'
-    needs: [ core-build, infra-build ]
-    uses: ./.github/workflows/template-deploy.yml
-    secrets: inherit
-    with:
-      environment: dev
-      subscriptionId: analogio-dev
-
-  deploy_prod:
-    name: Deploy prd
-    if: github.ref_name == 'production'
-    needs: [ core-build, infra-build ]
-    uses: ./.github/workflows/template-deploy.yml
-    secrets: inherit
-    with:
-      environment: prd
-      subscriptionId: analogio-prd
+    steps:
+      - name: Download Artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: arm
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Deploy ARM template
+        uses: azure/arm-deploy@v1
+        with:
+          subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+          scope: subscription
+          region: "West Europe"
+          template: azuredeploy.json
+          parameters: "environment=${{ inputs.environment }}"
+          deploymentName: "azuredeploy-${{github.run_number}}"
+          failOnStdErr: true
+
+      - name: Deploy analog core
+        id: webapp-deploy
+        uses: azure/webapps-deploy@v2
+        with:
+          app-name: ${{ vars.AZURE_WEBAPP_NAME }}
+          images: "ghcr.io/analogio/coffeecard-api:${{ github.sha }}"
+
+      - name: Invoke Web App CD Webhook
+        run: |
+          curl --location --request POST '${{ vars.AZURE_APPSERVICE_WEBHOOK_URL }}' --header 'Authorization: Basic ${{ secrets.AZURE_APPSERVICE_WEBHOOK_AUTH }}'
+
+      - name: Smoke tests
+        uses: Azure/powershell@v1
+        with:
+          inlineScript: |
+            $apiKey = az keyvault secret show --name IdentitySettings-ApiKey --vault-name ${{ vars.KEY_VAULT_NAME }} | ConvertFrom-Json | Select -ExpandProperty value
+            $header = @{'x-api-key' = $apiKey}
+
+            Write-Host 'Running smoke tests' -ForegroundColor Yellow
+            Write-Host '- GET /api/v2/health/ping'
+            Invoke-RestMethod -Method Get -Uri ${{ steps.webapp-deploy.outputs.webapp-url }}/api/v2/health/ping -Headers $header -MaximumRetryCount 4 -RetryIntervalSec 15
+
+            Write-Host '- GET /api/v2/health/check'
+            Invoke-RestMethod -Method Get -Uri ${{ steps.webapp-deploy.outputs.webapp-url }}/api/v2/health/check -Headers $header -MaximumRetryCount 4 -RetryIntervalSec 15
+
+            Write-Host 'Smoke tests successful!' -ForegroundColor Green
+          failOnStandardError: true
+          azPSVersion: "latest"

.github/workflows/pullrequest.yml

@@ -0,0 +1,10 @@
+name: Pull Request
+
+on:
+  pull_request:
+    branches: [develop]
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yml
+    secrets: inherit

.github/workflows/sonarcloud.yml

@@ -0,0 +1,55 @@
+name: Static Analysis using SonarCloud
+
+on:
+  workflow_call:
+
+  workflow_dispatch:
+
+jobs:
+  core-sonarcloud:
+    name: Configure and scan using SonarCloud
+    runs-on: windows-latest
+    steps:
+      # Sonarscanner part
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.17
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~\sonar\cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache SonarCloud scanner
+        id: cache-sonar-scanner
+        uses: actions/cache@v1
+        with:
+          path: .\.sonar\scanner
+          key: ${{ runner.os }}-sonar-scanner
+          restore-keys: ${{ runner.os }}-sonar-scanner
+      - name: Install SonarCloud scanner
+        if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
+        shell: powershell
+        run: |
+          New-Item -Path .\.sonar\scanner -ItemType Directory
+          dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        shell: powershell
+        run: |
+          .\.sonar\scanner\dotnet-sonarscanner begin /k:"AnalogIO_analog-core" /o:"analogio" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="coverageunit.xml,coverageintegration.xml" /d:sonar.exclusions="CoffeeCard.Library/Migrations/*"
+
+          dotnet tool install --global coverlet.console
+
+          dotnet build --no-incremental coffeecard/
+
+          coverlet ./coffeecard/CoffeeCard.Tests.Unit/bin/Debug/net6.0/CoffeeCard.Tests.Unit.dll --target "dotnet" --targetargs "test --no-build coffeecard/CoffeeCard.Tests.Unit" -f=opencover -o="coverageunit.xml"
+          coverlet ./coffeecard/CoffeeCard.Tests.Integration/bin/Debug/net6.0/CoffeeCard.Tests.Integration.dll --target "dotnet" --targetargs "test --no-build coffeecard/CoffeeCard.Tests.Integration" -f=opencover -o="coverageintegration.xml"
+
+          .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"

.vscode/settings.json

@@ -1,3 +1,7 @@
 {
-    "editor.formatOnSave": true
+    "editor.formatOnSave": true,
+    "yaml.schemas": {
+        "https://json.schemastore.org/github-workflow.json": "file:///c%3A/code/private/analogio/analog-core/.github/actions/deploy.yml",
+        "https://json.schemastore.org/github-action.json": "file:///c%3A/code/private/analogio/analog-core/.github/actions/core-sonarcloud.yml"
+    }
 }