@cormacpayne,how to pass the env variable from github action pipeline
Opened this issue · 0 comments
how to pass the env variable from github action pipeline
config.yaml
location: centralus
name: ${{ env.CONTAINER_APP }}
resourceGroup: $NEW_ACR_RESOURCE_GROUP
type: Microsoft.App/containerApps
properties:
managedEnvironmentId: /subscriptions/${{ env.AZURE_SUBSCRIPTION_ID }}/resourceGroups/$NEW_ACR_RESOURCE_GROUP/providers/Microsoft.App/managedEnvironments/${{ env.CONTAINER_APP_ENV }}
configuration:
activeRevisionsMode: Single
ingress:
external: true
allowInsecure: false
targetPort: 80
traffic:
- latestRevision: true
weight: 100
transport: Auto
registries:
- passwordSecretRef: ${{ secrets.CONTAINERPASSWORD }}
server: ${{ env.registryuri }}
username: ${{ secrets.CONTAINERUSERNAME }}
template:
revisionSuffix: ""
containers:
- image: $imageToBuild
name: ${{ env.IMAGE_NAME }}
env:
- name: HTTP_PORT
value: 80
- name: queue_name
value: abc
resources:
cpu: 0.5
memory: 1Gi
ephemeralStorage: 2Gi
scale:
maxReplicas: 10
minReplicas: null
rules: null
github action.yaml
name: IDR Soar Pipeline
on:
workflow_dispatch:
push:
branches:
- main
tags:
- test-*
- demo-*
pull_request:
types: [opened, synchronize, reopened]
branches:
- main
#concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}
env:
REGISTRY: abh
IMAGE_NAME: idrsoaragent
ACR_RESOURCE_GROUP: -data-recommender
ACR_NAME: new
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_NONPROD_SUBSCRIPTION_ID }}
CONTAINER_APP: api
jobs:
#codeql:
uses: ./.github/workflows/codeql-analysis.yml
#sonar:
uses: ./.github/workflows/sonar_setup.yml
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
build:
runs-on: [ self-hosted ]
needs: [codeql, sonar]
name: docker build-push-deploy
steps:
- uses: actions/checkout@v3
- id: env_setup
run: |
chmod +x ./env_setup.sh
./env_setup.sh ${{ github.event_name }} ${{ github.ref_type }} ${{ github.ref_name }}
- uses: actions/checkout@v3
- name: Create pip.conf
run: |
mkdir -p ~/.config/pip/
sudo chmod -R 750 ~/.config/pip/
cat <<EOF | sudo tee ~/.config/pip/pip.conf
[global]
index = https://repo1.uhc.com/artifactory/api/pypi/pypi-virtual
index-url = https://repo1.uhc.com/artifactory/api/pypi/pypi-virtual/simple
EOF
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
pip install --upgrade pip
pip install pylint
#- name: Run Pylint
# run: pylint ${{ github.workspace }}/src
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set new env variable
id: set_vars_pr
run: |
registryuri="abx.azurecr.io"
NEW_ACR_RESOURCE_GROUP="$ACR_RESOURCE_GROUP-centralus-${{ steps.env_setup.outputs.build_env }}"
NEW_IMAGE_NAME=${{ env.IMAGE_NAME }}
NEW_ACR_NAME=${{ env.ACR_NAME }}
keyvault="idr-vault-${{ steps.env_setup.outputs.build_env }}-6bc2d247"
container_app="api-${{ steps.env_setup.outputs.build_env }}"
echo "registryuri=$registryuri" >>$GITHUB_ENV
echo "NEW_ACR_RESOURCE_GROUP=$NEW_ACR_RESOURCE_GROUP" >>$GITHUB_ENV
echo "NEW_IMAGE_NAME=$NEW_IMAGE_NAME" >>$GITHUB_ENV
echo "NEW_ACR_NAME=$NEW_ACR_NAME" >>$GITHUB_ENV
echo "keyvault=$keyvault" >>$GITHUB_ENV
echo "container_app=$container_app" >>$GITHUB_ENV
- name: Azure ClI script
id: step_one_pr
uses: azure/CLI@v1
with:
InlineScript: |
echo secret= $(az keyvault secret show --vault-name $keyvault --name SERVICEBUS-KEY --query value)>> $GITHUB_ENV
VAULT_NAME=$keyvault
echo VAULT_ENDPOINT=$(az keyvault show --name $VAULT_NAME --query "properties.vaultUri" -o tsv)>> $GITHUB_ENV
echo VAULT_ENDPOINT=$(az keyvault show --name $VAULT_NAME --query "properties.vaultUri" -o tsv)>> $GITHUB_ENV
echo ${{ github.sha }}
- name: config setup and docker build/push to dev env
env:
BUILD_ARGS: |
--build-arg VAULT_ENDPOINT=${{ env.VAULT_ENDPOINT }}
--build-arg AZURE_CLIENT_ID=${{secrets.AZURE_CLIENT_ID}}
--build-arg AZURE_CLIENT_SECRET=${{secrets.AZURE_CLIENT_SECRET}}
--build-arg AZURE_TENANT_ID=${{secrets.AZURE_TENANT_ID}}
run: |
docker_filepath="./src/agent/Dockerfile"
context_path="./src/agent"
date=$(date +%Y%m%d%H%M%S)
docker build -f $docker_filepath -t $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }} $context_path $BUILD_ARGS
az acr login --name $NEW_ACR_NAME --resource-group $ACR_RESOURCE_GROUP
docker push $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }}
# az containerapp update -n $container_app -g $NEW_ACR_RESOURCE_GROUP --image $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }}
- name: Build and deploy Container App
uses: azure/container-apps-deploy-action@v1
with:
appSourcePath: ${{ github.workspace }}/src/soar_agent
acrName: abc
registryuri: $registryuri
acrUsername: ${{ secrets.CONTAINERUSERNAME }}
acrPassword: ${{ secrets.CONTAINERPASSWORD }}
containerAppName: apps
resourceGroup: $NEW_ACR_RESOURCE_GROUP
containerAppEnvironment: idr-cae-centralus-${{ steps.env_setup.outputs.build_env }}
imageToBuild: $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }}