As feature in Infocus Series 2021 - Automating CI/CD and security on a single platform with GitHub Enterprise
This nodejs app will allow you to search for any GitHub user by their handle!
Leverage the GitHub Platform to build, test, containerize, deploy, and secure your code.
To deploy to Azure you will need to create a service principal. You can do that with the following command:
az ad sp create-for-rbac --name {yourServicePrincipalName} --role contributor \
--scopes /subscriptions/{subscription-id} \
--sdk-auth
# Replace {yourServicePrincipalName}, {subscription-id} with the a service principal name and subscription id.
# The command should output a JSON object similar to the example below
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)
} az ad sp create-for-rbac --name {ServicePrincipalName} --role owner \
--scopes /subscriptions/{subscription-id} \
--skip-assignment false \
--sdk-authThis service principal does the work but is probably way too powerful for what you need, you might want to consider reducing its privileges, check the docs to know more!
Add the JSON output as the following secrets in the GitHub repository:
TF_VAR_agent_client_id
TF_VAR_agent_client_secret
TF_VAR_subscription_id
TF_VAR_tenant_id
For steps to create and storing secrets, please check here
These secrets are assigned in the workflow .yml files for the AzureRM Provider Argument References found here
ARM_CLIENT_ID: ${{ secrets.TF_VAR_agent_client_id }}
ARM_CLIENT_SECRET: ${{ secrets.TF_VAR_agent_client_secret }}
ARM_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_subscription_id }}
ARM_TENANT_ID: ${{ secrets.TF_VAR_tenant_id }}
Add the the following secrets in the GitHub repository:
TF_TOKEN
Generated from your Terraform Cloud User Account (if using Terraform Cloud for state management). See Terraform API Tokens.
Add the the following secrets in the GitHub repository:
GHCR_PASSWORD
See About scopes and permissions for GitHub Container Registry
- Fork/Clone Repo
- Open in Codespaces or IDE of your choice
npm installnpm run testnpm run dev
docker build --tag nodejs-demo .docker run -p 8000:8000 nodejs-demo
docker run -it -p 8000:8000 ghcr.io/octodemo/demoday-node:<tag> /bin/bash
- Create a new issue using the issue template: "Terraform Request - Azure App Service"
- Fill out required JSON body fields for the Azure App Service
- Add a comment to the issue that includes the trigger string '/approved'
- GitHub Action will kick off generating:
- an Azure Resource Group, App Service plan and App Service (with deployment slots)
- GitHub Environments (for UAT and STAGING - will include protection rules for STAGING)
- Create an environment secret for the two generate environments with a value for the AZURE_WEBAPP_PUBLISH_PROFILE downloaded from the Azure App Service slots
- Create a New PR, include in the JSON body the issue # from step 4
- Deploy Container via PR workflow will trigger performing:
- Issue Ops grabbing Azure resource values from the TF request Issue
- Build and Test
- Build and Deploy to GHCR
- Deploying to UAT and STAGING Slots for Azure Web App
- Close the Issue to perform an Azure Resource Teardown and deletion of the generated Environments and Deployments
- Environments - GitHub Docs
- GitHub + Microsoft Teams Integration
- GitHub Container Registry - GitHub Docs
- Deploy to App Service using GitHub Actions - Microsoft Docs
- Terraform Workspaces - HashiCorp Docs
- GitHub Codespaces
Open a discussion thread in this repo!
Participate in our Support Community for Code-to-Cloud: