From c072e94fe788de77a00364e4e50e7a2983305a12 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Mon, 22 Apr 2024 19:04:02 +0100 Subject: [PATCH 01/72] Add new PR workflow --- .github/workflows/DeployEverything.yml | 103 ++++++++++++++++++ .github/workflows/DeployPullRequest.yml | 13 +++ ....Development.json => appsettings.dev.json} | 0 ....Production.json => appsettings.prod.json} | 0 4 files changed, 116 insertions(+) create mode 100644 .github/workflows/DeployEverything.yml create mode 100644 .github/workflows/DeployPullRequest.yml rename PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/{appsettings.Development.json => appsettings.dev.json} (100%) rename PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/{appsettings.Production.json => appsettings.prod.json} (100%) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml new file mode 100644 index 0000000..702dffe --- /dev/null +++ b/.github/workflows/DeployEverything.yml @@ -0,0 +1,103 @@ +name: Deploy Everything +on: + workflow_call: + inputs: + env: + required: true + default: "dev" + type: string + secrets: + AZURE_CREDENTIALS: + required: true + type: string + AZURE_STATIC_WEB_APPS_API_TOKEN: + required: true + type: string + +env: + AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish + CONFIGURATION: Release + DOTNET_CORE_VERSION: 8.0.x + WORKING_DIRECTORY: PocketDDD.Server/PocketDDD.Server.WebAPI + +jobs: + deploy_terraform: + runs-on: ubuntu-latest + name: Deploy terraform + environment: ${{ inputs.env }} + + steps: + - uses: actions/checkout@v4 + - name: Setup terraform + uses: hashicorp/setup-terraform@v3 + - run: | + cd ./terraform + terraform init + - run: terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars + + build_api_server: + runs-on: ubuntu-latest + name: Build API Server + steps: + - uses: actions/checkout@v4 + - name: Setup .NET SDK + uses: actions/setup-dotnet@v3 + with: + dotnet-version: ${{ env.DOTNET_CORE_VERSION }} + - name: Restore + run: dotnet restore "${{ env.WORKING_DIRECTORY }}" + - name: Build + run: dotnet build "${{ env.WORKING_DIRECTORY }}" --configuration ${{ env.CONFIGURATION }} --no-restore + - name: Test + run: dotnet test "${{ env.WORKING_DIRECTORY }}" --no-build + - name: Publish + run: dotnet publish "${{ env.WORKING_DIRECTORY }}" --configuration ${{ env.CONFIGURATION }} --no-build --output "${{ env.AZURE_WEBAPP_PACKAGE_PATH }}" + - name: Publish Artifacts + uses: actions/upload-artifact@v3 + with: + name: webapp + path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} + + deploy_api_server: + name: Deploy API Server + runs-on: ubuntu-latest + environment: ${{ inputs.env }} + needs: build + steps: + - name: Log in with Azure + uses: azure/login@v1 + with: + creds: '${{ secrets.AZURE_CREDENTIALS }}' + - name: Download artifact from build job + uses: actions/download-artifact@v3 + with: + name: webapp + path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} + - name: Deploy to Azure WebApp + uses: azure/webapps-deploy@v2 + with: + app-name: pocketddd-dev-api-server + package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} + + build_and_deploy_blazor_client: + runs-on: ubuntu-latest + environment: ${{ inputs.env }} + name: Build and Deploy Blazor Client + steps: + - uses: actions/checkout@v2 + with: + submodules: true + - name: Build And Deploy + id: builddeploy + uses: Azure/static-web-apps-deploy@v1 + with: + azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} + repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) + action: "upload" + ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### + # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig + deployment_environment: ${{ inputs.env }} + app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path + api_location: "" # Api source code path - optional + output_location: "wwwroot" # Built app content directory - optional + ###### End of Repository/Build Configurations ###### diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml new file mode 100644 index 0000000..67b79e1 --- /dev/null +++ b/.github/workflows/DeployPullRequest.yml @@ -0,0 +1,13 @@ +name: Deploy Pull Request +on: + pull_request: + +jobs: + deploy_to_dev: + environment: dev + uses: ./.github/workflows/DeployEverything.yml + with: + env: dev + secrets: + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} \ No newline at end of file diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Development.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.dev.json similarity index 100% rename from PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Development.json rename to PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.dev.json diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.prod.json similarity index 100% rename from PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json rename to PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.prod.json From 37b3ea478bbbc46371728803315e07043145ae12 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Mon, 22 Apr 2024 19:04:18 +0100 Subject: [PATCH 02/72] Disable existing PR triggered workflows --- .github/workflows/DeployBlazorClient.yml | 1 - .github/workflows/DeployServerWebAPI.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/DeployBlazorClient.yml b/.github/workflows/DeployBlazorClient.yml index eeb0b43..daf5b41 100644 --- a/.github/workflows/DeployBlazorClient.yml +++ b/.github/workflows/DeployBlazorClient.yml @@ -2,7 +2,6 @@ name: Build and deploy Pocket DDD Blazor Client on: workflow_dispatch: - push: jobs: build_and_deploy_job: diff --git a/.github/workflows/DeployServerWebAPI.yml b/.github/workflows/DeployServerWebAPI.yml index a599f50..3a3f4a6 100644 --- a/.github/workflows/DeployServerWebAPI.yml +++ b/.github/workflows/DeployServerWebAPI.yml @@ -1,7 +1,6 @@ name: Build and deploy Pocket DDD Server on: workflow_dispatch: - push: env: AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish From 715b40572bbff2d773d9bf879bd9223864078c5a Mon Sep 17 00:00:00 2001 From: Russell Day Date: Mon, 22 Apr 2024 19:10:25 +0100 Subject: [PATCH 03/72] Fix syntax errors --- .github/workflows/DeployEverything.yml | 9 ++++----- .github/workflows/DeployPullRequest.yml | 5 +---- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 702dffe..1e6a7d5 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -9,10 +9,8 @@ on: secrets: AZURE_CREDENTIALS: required: true - type: string AZURE_STATIC_WEB_APPS_API_TOKEN: required: true - type: string env: AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish @@ -31,8 +29,8 @@ jobs: - name: Setup terraform uses: hashicorp/setup-terraform@v3 - run: | - cd ./terraform - terraform init + cd ./terraform + terraform init - run: terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars build_api_server: @@ -62,7 +60,7 @@ jobs: name: Deploy API Server runs-on: ubuntu-latest environment: ${{ inputs.env }} - needs: build + needs: [deploy_terraform, build_api_server] steps: - name: Log in with Azure uses: azure/login@v1 @@ -83,6 +81,7 @@ jobs: runs-on: ubuntu-latest environment: ${{ inputs.env }} name: Build and Deploy Blazor Client + needs: deploy_terraform steps: - uses: actions/checkout@v2 with: diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index 67b79e1..dfb1bca 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -4,10 +4,7 @@ on: jobs: deploy_to_dev: - environment: dev uses: ./.github/workflows/DeployEverything.yml with: env: dev - secrets: - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} \ No newline at end of file + secrets: inherit \ No newline at end of file From 5cd7b019794b96663673fa8a8f2f1c5195179136 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Mon, 22 Apr 2024 19:12:36 +0100 Subject: [PATCH 04/72] Set working dir for tf job --- .github/workflows/DeployEverything.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 1e6a7d5..96a87b0 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -23,14 +23,15 @@ jobs: runs-on: ubuntu-latest name: Deploy terraform environment: ${{ inputs.env }} + defaults: + run: + working-directory: ./terraform steps: - uses: actions/checkout@v4 - name: Setup terraform uses: hashicorp/setup-terraform@v3 - - run: | - cd ./terraform - terraform init + - run: terraform init - run: terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars build_api_server: From 0caed938357bc8e8b806262eaae801c47683169f Mon Sep 17 00:00:00 2001 From: Russell Day Date: Mon, 22 Apr 2024 19:14:38 +0100 Subject: [PATCH 05/72] Log in to Azure before applying TF --- .github/workflows/DeployEverything.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 96a87b0..768ca64 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -32,6 +32,10 @@ jobs: - name: Setup terraform uses: hashicorp/setup-terraform@v3 - run: terraform init + - name: Log in with Azure + uses: azure/login@v1 + with: + creds: '${{ secrets.AZURE_CREDENTIALS }}' - run: terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars build_api_server: From 85513be61e8daf0b08bd2a07b07f63717b8b2853 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 19:40:26 +0100 Subject: [PATCH 06/72] Use custom GitHub App with secret write permissions --- .github/workflows/DeployEverything.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 768ca64..ad52aed 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -28,6 +28,12 @@ jobs: working-directory: ./terraform steps: + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} + private-key: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} - uses: actions/checkout@v4 - name: Setup terraform uses: hashicorp/setup-terraform@v3 @@ -37,6 +43,8 @@ jobs: with: creds: '${{ secrets.AZURE_CREDENTIALS }}' - run: terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} build_api_server: runs-on: ubuntu-latest From 720e348cffce8da8bc4742c813728b908bcf47ed Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 19:57:28 +0100 Subject: [PATCH 07/72] Explicitly pass secrets as they only inherit from org or enterprise --- .github/workflows/DeployPullRequest.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index dfb1bca..63108ff 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -7,4 +7,9 @@ jobs: uses: ./.github/workflows/DeployEverything.yml with: env: dev - secrets: inherit \ No newline at end of file + secrets: + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TERRAFORM_DEPLOYER_APP_ID: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} + TERRAFORM_DEPLOYER_PRIVATE_KEY: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} From f8108c378f20298d5ff623f95ad801b8cf70c841 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 19:59:41 +0100 Subject: [PATCH 08/72] Except GITHUB_TOKEN --- .github/workflows/DeployPullRequest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index 63108ff..c468285 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -10,6 +10,5 @@ jobs: secrets: AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TERRAFORM_DEPLOYER_APP_ID: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} TERRAFORM_DEPLOYER_PRIVATE_KEY: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} From 6e1f52f08ff87ed11c0de6c0656c799a2f6b505c Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 20:01:29 +0100 Subject: [PATCH 09/72] Declare new app secrets on reusable workflow --- .github/workflows/DeployEverything.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index ad52aed..334e10a 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -11,6 +11,10 @@ on: required: true AZURE_STATIC_WEB_APPS_API_TOKEN: required: true + TERRAFORM_DEPLOYER_APP_ID: + required: true + TERRAFORM_DEPLOYER_PRIVATE_KEY: + required: true env: AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish From 674ef1202431fd8ed02bd6451a004e45be864453 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 20:03:59 +0100 Subject: [PATCH 10/72] RUn plan before apply --- .github/workflows/DeployEverything.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 334e10a..6ec1d2e 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -39,14 +39,16 @@ jobs: app-id: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} private-key: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} - uses: actions/checkout@v4 - - name: Setup terraform - uses: hashicorp/setup-terraform@v3 - - run: terraform init - name: Log in with Azure uses: azure/login@v1 with: creds: '${{ secrets.AZURE_CREDENTIALS }}' - - run: terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars + - name: Setup terraform + uses: hashicorp/setup-terraform@v3 + - run: | + terraform init + terraform plan --var-file ../tfvars/${{ inputs.env }}.tfvars + terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} From 8305e5ba888741d040896b8d5dc4860a418e2140 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 21:38:30 +0100 Subject: [PATCH 11/72] tf fmt, add tf state storage account --- .github/workflows/DeployEverything.yml | 6 ++++-- .github/workflows/DeployPullRequest.yml | 1 + README.md | 9 +++++++-- terraform/blazor_client.tf | 8 ++++---- terraform/database.tf | 8 ++++---- terraform/main.tf | 4 ++-- terraform/readme.md | 2 +- terraform/terraform.tf | 5 +++++ terraform/variables.tf | 24 ++++++++++++------------ 9 files changed, 40 insertions(+), 27 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 6ec1d2e..54273fe 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -15,6 +15,8 @@ on: required: true TERRAFORM_DEPLOYER_PRIVATE_KEY: required: true + TERRAFORM_STATE_ACCESS_KEY: + required: true env: AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish @@ -46,11 +48,11 @@ jobs: - name: Setup terraform uses: hashicorp/setup-terraform@v3 - run: | - terraform init - terraform plan --var-file ../tfvars/${{ inputs.env }}.tfvars + terraform init -backend-config="key=${{ inputs.env }}.terraform.tfstate" terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} + ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} build_api_server: runs-on: ubuntu-latest diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index c468285..16f8ce7 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -12,3 +12,4 @@ jobs: AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} TERRAFORM_DEPLOYER_APP_ID: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} TERRAFORM_DEPLOYER_PRIVATE_KEY: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} + TERRAFORM_STATE_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} diff --git a/README.md b/README.md index 19296f1..38f2267 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Authorization: Ensure the Azure, GitHub, and terraform CLIs are installed ``` brew install azure-cli -bre install gh +brew install gh brew install terraform ``` @@ -24,11 +24,16 @@ az login gh auth login ``` +Retrieve the access key for the terraform state storage account +``` +export ARM_ACCESS_KEY=$(az storage account keys list -g pocketddd-terraform-state -n pocketdddterraformstate --query [0].value -o tsv) +``` + From the `terraform` directory run init, plan, then apply if happy with the changes. ``` cd ./terraform -terraform init +terraform init -backend-config="dev.terraform.tfstate" terraform plan -var-file ../tfvars/dev.tfvars terraform apply -var-file ../tfvars/dev.tfvars ``` \ No newline at end of file diff --git a/terraform/blazor_client.tf b/terraform/blazor_client.tf index fe5cf9e..2dc8174 100644 --- a/terraform/blazor_client.tf +++ b/terraform/blazor_client.tf @@ -8,8 +8,8 @@ resource "azurerm_static_web_app" "blazor-client" { } resource "github_actions_environment_secret" "test_secret" { - repository = data.github_repository.repo.name - environment = github_repository_environment.repo_environment.environment - secret_name = "AZURE_STATIC_WEB_APPS_API_TOKEN" - plaintext_value = azurerm_static_web_app.blazor-client.api_key + repository = data.github_repository.repo.name + environment = github_repository_environment.repo_environment.environment + secret_name = "AZURE_STATIC_WEB_APPS_API_TOKEN" + plaintext_value = azurerm_static_web_app.blazor-client.api_key } \ No newline at end of file diff --git a/terraform/database.tf b/terraform/database.tf index d376f01..3068126 100644 --- a/terraform/database.tf +++ b/terraform/database.tf @@ -12,10 +12,10 @@ resource "azurerm_mssql_server" "sqlserver" { } resource "azurerm_mssql_database" "sqldb" { - name = "${local.resource_prefix}-sqldatabase" - server_id = azurerm_mssql_server.sqlserver.id - sku_name = var.sql_db_sku - max_size_gb = var.sql_max_storage + name = "${local.resource_prefix}-sqldatabase" + server_id = azurerm_mssql_server.sqlserver.id + sku_name = var.sql_db_sku + max_size_gb = var.sql_max_storage storage_account_type = "Local" tags = { diff --git a/terraform/main.tf b/terraform/main.tf index 3887522..121b71d 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -26,6 +26,6 @@ data "github_repository" "repo" { } resource "github_repository_environment" "repo_environment" { - repository = "PocketDDD" - environment = var.env + repository = "PocketDDD" + environment = var.env } diff --git a/terraform/readme.md b/terraform/readme.md index 38a002f..62f4c12 100644 --- a/terraform/readme.md +++ b/terraform/readme.md @@ -1,4 +1,4 @@ -Command to create a new deployment service principal +Command to create a new deployment service principal (requires the User Access Administrator role in an Azure subscription): ``` az ad sp create-for-rbac -n DevDeployment --role Contributor --scopes /subscriptions//resourceGroups/ --sdk-auth ``` diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 5027348..461e5b3 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -1,4 +1,9 @@ terraform { + backend "azurerm" { + resource_group_name = "pocketddd-terraform-state" + storage_account_name = "pocketdddterraformstate" + container_name = "tfstate" + } required_providers { azurerm = { source = "hashicorp/azurerm" diff --git a/terraform/variables.tf b/terraform/variables.tf index b3dbd44..a730615 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -5,37 +5,37 @@ variable "env" { } variable "sql_db_sku" { - default = "S0" + default = "S0" nullable = false - type = string + type = string } variable "sql_max_storage" { - default = "2" + default = "2" nullable = false - type = string + type = string } variable "api_app_service_sku" { - default = "B1" + default = "B1" nullable = false - type = string + type = string } variable "api_always_on" { - default = true + default = true nullable = false - type = bool + type = bool } variable "client_sku_tier" { - default = "" + default = "" nullable = false - type = string + type = string } variable "client_sku_size" { - default = "" + default = "" nullable = false - type = string + type = string } From f469451055e8d69af961a169674aa6048d56fa0a Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 21:49:15 +0100 Subject: [PATCH 12/72] Choose different names for name-conflicted resources --- terraform/api_server.tf | 2 +- terraform/keyvault.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/api_server.tf b/terraform/api_server.tf index 70dafb5..37e5e2a 100644 --- a/terraform/api_server.tf +++ b/terraform/api_server.tf @@ -8,7 +8,7 @@ resource "azurerm_service_plan" "api_server_service_plan" { resource "azurerm_linux_web_app" "api_server_web_app" { - name = "${local.resource_prefix}-api-server" + name = "${local.resource_prefix}-api-server-web-app" resource_group_name = azurerm_resource_group.rg.name location = azurerm_service_plan.api_server_service_plan.location service_plan_id = azurerm_service_plan.api_server_service_plan.id diff --git a/terraform/keyvault.tf b/terraform/keyvault.tf index 63d3522..a58c35d 100644 --- a/terraform/keyvault.tf +++ b/terraform/keyvault.tf @@ -1,7 +1,7 @@ data "azurerm_client_config" "current" {} resource "azurerm_key_vault" "key_vault" { - name = "${local.resource_prefix}-keyvault" + name = "${local.resource_prefix}-secrets-keyvault" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name enabled_for_disk_encryption = true From 1cad88bd766b8b34687fcf2a6b9c8fda9a56bc81 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 21:50:57 +0100 Subject: [PATCH 13/72] Try new keyvault name --- terraform/keyvault.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/keyvault.tf b/terraform/keyvault.tf index a58c35d..a1328bb 100644 --- a/terraform/keyvault.tf +++ b/terraform/keyvault.tf @@ -1,7 +1,7 @@ data "azurerm_client_config" "current" {} resource "azurerm_key_vault" "key_vault" { - name = "${local.resource_prefix}-secrets-keyvault" + name = "${local.resource_prefix}-secrets-kv" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name enabled_for_disk_encryption = true From c32557ad3adca74baeb695b7e238751578d71837 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 22:00:06 +0100 Subject: [PATCH 14/72] Fix incorrect GitHub env variable name --- .github/workflows/DeployEverything.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 54273fe..23a5006 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -51,7 +51,7 @@ jobs: terraform init -backend-config="key=${{ inputs.env }}.terraform.tfstate" terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} build_api_server: From 23f221c98ecd12b53554aa63a8e7885851e1d156 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 22:16:25 +0100 Subject: [PATCH 15/72] Auth with GitHub another way --- .github/workflows/DeployEverything.yml | 17 ++++++++++------- terraform/terraform.tf | 5 +++++ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 23a5006..b26c88b 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -34,12 +34,12 @@ jobs: working-directory: ./terraform steps: - - name: Generate a token - id: generate-token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} - private-key: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} + # - name: Generate a token + # id: generate-token + # uses: actions/create-github-app-token@v1 + # with: + # app-id: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} + # private-key: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} - uses: actions/checkout@v4 - name: Log in with Azure uses: azure/login@v1 @@ -51,8 +51,11 @@ jobs: terraform init -backend-config="key=${{ inputs.env }}.terraform.tfstate" terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars env: - GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} + GITHUB_APP_ID: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} + GITHUB_APP_PEM_FILE: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} + GITHUB_APP_INSTALLATION_ID: ${{ secrets.TERRAFORM_DEPLOYER_INSTALLATION_ID }} + build_api_server: runs-on: ubuntu-latest diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 461e5b3..2157d03 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -29,4 +29,9 @@ provider "azurerm" { provider "github" { owner = "dddsw" + app_auth { + id = var.app_id # or `GITHUB_APP_ID` + installation_id = var.app_installation_id # or `GITHUB_APP_INSTALLATION_ID` + pem_file = var.app_pem_file # or `GITHUB_APP_PEM_FILE` + } } \ No newline at end of file From 0b4eed19c1b0e33ec7d6f00d2869ed8f1cef4e45 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 22:17:10 +0100 Subject: [PATCH 16/72] Pass the secrets to the left hand side --- .github/workflows/DeployEverything.yml | 2 ++ .github/workflows/DeployPullRequest.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index b26c88b..51429f1 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -17,6 +17,8 @@ on: required: true TERRAFORM_STATE_ACCESS_KEY: required: true + TERRAFORM_DEPLOYER_INSTALLATION_ID: + required: true env: AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index 16f8ce7..3200811 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -13,3 +13,4 @@ jobs: TERRAFORM_DEPLOYER_APP_ID: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} TERRAFORM_DEPLOYER_PRIVATE_KEY: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} TERRAFORM_STATE_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} + TERRAFORM_DEPLOYER_INSTALLATION_ID: ${{ secrets.TERRAFORM_DEPLOYER_INSTALLATION_ID }} From 1d3f0b9b0a1b18aeb40b09a3c19f85375f21d895 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 22:18:26 +0100 Subject: [PATCH 17/72] Pls fix --- terraform/terraform.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 2157d03..394552f 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -30,8 +30,5 @@ provider "azurerm" { provider "github" { owner = "dddsw" app_auth { - id = var.app_id # or `GITHUB_APP_ID` - installation_id = var.app_installation_id # or `GITHUB_APP_INSTALLATION_ID` - pem_file = var.app_pem_file # or `GITHUB_APP_PEM_FILE` } } \ No newline at end of file From ddb71363234844bad884b7f99bc1f7823bca3f2e Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 22:56:55 +0100 Subject: [PATCH 18/72] Move client deployment token to key vault --- terraform/api_server.tf | 6 +++++ terraform/blazor_client.tf | 11 ++++---- terraform/database.tf | 12 +++++++++ terraform/keyvault.tf | 53 -------------------------------------- terraform/main.tf | 39 +++++++++++++++++++++++----- 5 files changed, 56 insertions(+), 65 deletions(-) delete mode 100644 terraform/keyvault.tf diff --git a/terraform/api_server.tf b/terraform/api_server.tf index 37e5e2a..adc587a 100644 --- a/terraform/api_server.tf +++ b/terraform/api_server.tf @@ -30,3 +30,9 @@ resource "azurerm_linux_web_app" "api_server_web_app" { "AdminKey" = random_password.admin_api_key.result } } + +resource "azurerm_key_vault_secret" "api_admin_key" { + name = "${local.resource_prefix}-admin-api-key" + value = random_password.admin_api_key.result + key_vault_id = azurerm_key_vault.key_vault.id +} diff --git a/terraform/blazor_client.tf b/terraform/blazor_client.tf index 2dc8174..7137be6 100644 --- a/terraform/blazor_client.tf +++ b/terraform/blazor_client.tf @@ -7,9 +7,8 @@ resource "azurerm_static_web_app" "blazor-client" { sku_size = var.client_sku_size } -resource "github_actions_environment_secret" "test_secret" { - repository = data.github_repository.repo.name - environment = github_repository_environment.repo_environment.environment - secret_name = "AZURE_STATIC_WEB_APPS_API_TOKEN" - plaintext_value = azurerm_static_web_app.blazor-client.api_key -} \ No newline at end of file +resource "azurerm_key_vault_secret" "blazor_client_deployment_token" { + name = "${local.resource_prefix}-blazor-client-deployment-token" + value = azurerm_static_web_app.blazor-client.api_key + key_vault_id = azurerm_key_vault.key_vault.id +} diff --git a/terraform/database.tf b/terraform/database.tf index 3068126..5484dba 100644 --- a/terraform/database.tf +++ b/terraform/database.tf @@ -34,3 +34,15 @@ resource "azurerm_mssql_firewall_rule" "firewall_rule" { start_ip_address = "0.0.0.0" end_ip_address = "0.0.0.0" } + +resource "azurerm_key_vault_secret" "sqldb_connectionstring" { + name = "${local.resource_prefix}-db-connection-string" + value = local.db_connection_string + key_vault_id = azurerm_key_vault.key_vault.id +} + +resource "azurerm_key_vault_secret" "sqldb_admin_password" { + name = "${local.resource_prefix}-db-admin-password" + value = random_password.admin_password.result + key_vault_id = azurerm_key_vault.key_vault.id +} diff --git a/terraform/keyvault.tf b/terraform/keyvault.tf deleted file mode 100644 index a1328bb..0000000 --- a/terraform/keyvault.tf +++ /dev/null @@ -1,53 +0,0 @@ -data "azurerm_client_config" "current" {} - -resource "azurerm_key_vault" "key_vault" { - name = "${local.resource_prefix}-secrets-kv" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - enabled_for_disk_encryption = true - tenant_id = data.azurerm_client_config.current.tenant_id - soft_delete_retention_days = 7 - purge_protection_enabled = false - - sku_name = "standard" - - access_policy { - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azurerm_client_config.current.object_id - - key_permissions = [ - "Get", - ] - - secret_permissions = [ - "Get", - "Set", - "List", - "Delete", - "Purge", - "Recover" - ] - - storage_permissions = [ - "Get", - ] - } -} - -resource "azurerm_key_vault_secret" "sqldb_connectionstring" { - name = "${local.resource_prefix}-db-connection-string" - value = local.db_connection_string - key_vault_id = azurerm_key_vault.key_vault.id -} - -resource "azurerm_key_vault_secret" "sqldb_admin_password" { - name = "${local.resource_prefix}-db-admin-password" - value = random_password.admin_password.result - key_vault_id = azurerm_key_vault.key_vault.id -} - -resource "azurerm_key_vault_secret" "api_admin_key" { - name = "${local.resource_prefix}-admin-api-key" - value = random_password.admin_api_key.result - key_vault_id = azurerm_key_vault.key_vault.id -} diff --git a/terraform/main.tf b/terraform/main.tf index 121b71d..865fb3d 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,3 +1,5 @@ +data "azurerm_client_config" "current" {} + resource "azurerm_resource_group" "rg" { name = "${local.resource_prefix}-rg" location = "UK South" @@ -21,11 +23,36 @@ locals { db_connection_string = "Server=tcp:${local.sql_server_name}.database.windows.net,1433;Initial Catalog=pocketddd-dev-sqldatabase;Persist Security Info=False;User ID=${random_string.admin_login.result};Password=${random_password.admin_password.result};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" } -data "github_repository" "repo" { - name = "PocketDDD" -} +resource "azurerm_key_vault" "key_vault" { + name = "${local.resource_prefix}-secrets-kv" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + enabled_for_disk_encryption = true + tenant_id = data.azurerm_client_config.current.tenant_id + soft_delete_retention_days = 7 + purge_protection_enabled = false + + sku_name = "standard" + + access_policy { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id + + key_permissions = [ + "Get", + ] + + secret_permissions = [ + "Get", + "Set", + "List", + "Delete", + "Purge", + "Recover" + ] -resource "github_repository_environment" "repo_environment" { - repository = "PocketDDD" - environment = var.env + storage_permissions = [ + "Get", + ] + } } From cf28dee3c7f0fc159b64359db36927be47de62aa Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 22:58:08 +0100 Subject: [PATCH 19/72] Remove other GitHub related bits out of terraform --- .github/workflows/DeployEverything.yml | 15 --------------- terraform/terraform.tf | 10 ---------- 2 files changed, 25 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 51429f1..a06b841 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -11,14 +11,8 @@ on: required: true AZURE_STATIC_WEB_APPS_API_TOKEN: required: true - TERRAFORM_DEPLOYER_APP_ID: - required: true - TERRAFORM_DEPLOYER_PRIVATE_KEY: - required: true TERRAFORM_STATE_ACCESS_KEY: required: true - TERRAFORM_DEPLOYER_INSTALLATION_ID: - required: true env: AZURE_WEBAPP_PACKAGE_PATH: PocketDDD.Server.WebAPI/publish @@ -36,12 +30,6 @@ jobs: working-directory: ./terraform steps: - # - name: Generate a token - # id: generate-token - # uses: actions/create-github-app-token@v1 - # with: - # app-id: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} - # private-key: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} - uses: actions/checkout@v4 - name: Log in with Azure uses: azure/login@v1 @@ -54,9 +42,6 @@ jobs: terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars env: ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} - GITHUB_APP_ID: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} - GITHUB_APP_PEM_FILE: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} - GITHUB_APP_INSTALLATION_ID: ${{ secrets.TERRAFORM_DEPLOYER_INSTALLATION_ID }} build_api_server: diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 394552f..a631d7b 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -9,10 +9,6 @@ terraform { source = "hashicorp/azurerm" version = "3.100.0" } - github = { - source = "integrations/github" - version = "6.2.1" - } random = { source = "hashicorp/random" version = "3.6.1" @@ -26,9 +22,3 @@ provider "azurerm" { } } - -provider "github" { - owner = "dddsw" - app_auth { - } -} \ No newline at end of file From d07a7dbe4496788944f7c39b67729d00d88facf5 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 23:00:28 +0100 Subject: [PATCH 20/72] Remove passed secrets that no longer exist --- .github/workflows/DeployPullRequest.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index 3200811..51bf952 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -10,7 +10,4 @@ jobs: secrets: AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} - TERRAFORM_DEPLOYER_APP_ID: ${{ secrets.TERRAFORM_DEPLOYER_APP_ID }} - TERRAFORM_DEPLOYER_PRIVATE_KEY: ${{ secrets.TERRAFORM_DEPLOYER_PRIVATE_KEY }} TERRAFORM_STATE_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} - TERRAFORM_DEPLOYER_INSTALLATION_ID: ${{ secrets.TERRAFORM_DEPLOYER_INSTALLATION_ID }} From 34ebd1929e2061ef825d748dc5b4a08b71f8bd3c Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 23:31:10 +0100 Subject: [PATCH 21/72] Try dynamically retrieving the API token --- .github/workflows/DeployEverything.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index a06b841..b1b1c4a 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -43,7 +43,6 @@ jobs: env: ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} - build_api_server: runs-on: ubuntu-latest name: Build API Server @@ -97,11 +96,16 @@ jobs: - uses: actions/checkout@v2 with: submodules: true + - run: | + apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) + echo "{WEB_APP_API_TOKEN}={$apiToken}" >> "$GITHUB_ENV" + - name: Build And Deploy id: builddeploy uses: Azure/static-web-apps-deploy@v1 with: - azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} + # azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} + azure_static_web_apps_api_token: ${{ env.WEB_APP_API_TOKEN }} repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### From b60c8167bcaa1761519d74ea8fbe8abdb697488e Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 23:38:17 +0100 Subject: [PATCH 22/72] az login first! --- .github/workflows/DeployEverything.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index b1b1c4a..2ecf97c 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -96,6 +96,10 @@ jobs: - uses: actions/checkout@v2 with: submodules: true + - name: Log in with Azure + uses: azure/login@v1 + with: + creds: '${{ secrets.AZURE_CREDENTIALS }}' - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) echo "{WEB_APP_API_TOKEN}={$apiToken}" >> "$GITHUB_ENV" From 9d945033c9c2a4823f6802ca6996a254b3b82e94 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 23:43:57 +0100 Subject: [PATCH 23/72] Remove the asterisks? --- .github/workflows/DeployEverything.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 2ecf97c..bea0287 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -102,7 +102,7 @@ jobs: creds: '${{ secrets.AZURE_CREDENTIALS }}' - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) - echo "{WEB_APP_API_TOKEN}={$apiToken}" >> "$GITHUB_ENV" + echo "WEB_APP_API_TOKEN=$apiToken" >> "$GITHUB_ENV" - name: Build And Deploy id: builddeploy From 65abf1e671897d97aeda006f9415beed1583837e Mon Sep 17 00:00:00 2001 From: Russell Day Date: Tue, 23 Apr 2024 23:48:31 +0100 Subject: [PATCH 24/72] Fix the PAI server name in deployment --- .github/workflows/DeployEverything.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index bea0287..bf35f20 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -84,7 +84,7 @@ jobs: - name: Deploy to Azure WebApp uses: azure/webapps-deploy@v2 with: - app-name: pocketddd-dev-api-server + app-name: pocketddd-${{ inputs.env }}-api-server-web-app package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} build_and_deploy_blazor_client: From 43c8b5ba4112e3b2ab4b26ea652b96d4a5449175 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Wed, 24 Apr 2024 00:05:36 +0100 Subject: [PATCH 25/72] Deploy to test instead --- .github/workflows/DeployPullRequest.yml | 4 ++-- .../PocketDDD.BlazorClient/wwwroot/appsettings.Test.json | 2 +- tfvars/test.tfvars | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index 51bf952..e87ef49 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -3,10 +3,10 @@ on: pull_request: jobs: - deploy_to_dev: + deploy_to_test: uses: ./.github/workflows/DeployEverything.yml with: - env: dev + env: test secrets: AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json index b71cadf..f327669 100644 --- a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json +++ b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json @@ -1,4 +1,4 @@ { - "apiUrl": "https://pocketddd-dev-api-server.azurewebsites.net/api/", + "apiUrl": "https://pocketddd-test-api-server-web-app.azurewebsites.net/api/", "fakeBackend": false } \ No newline at end of file diff --git a/tfvars/test.tfvars b/tfvars/test.tfvars index 52b2019..484b4d8 100644 --- a/tfvars/test.tfvars +++ b/tfvars/test.tfvars @@ -1,4 +1,4 @@ -env = "dev" +env = "test" sql_db_sku = "Basic" sql_max_storage = "2" api_app_service_sku = "F1" From 2d7c8f136430722db644b108c3f7e104af068e1a Mon Sep 17 00:00:00 2001 From: Russell Day Date: Wed, 24 Apr 2024 00:14:28 +0100 Subject: [PATCH 26/72] Quote the env name? --- .github/workflows/DeployPullRequest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployPullRequest.yml index e87ef49..88b465e 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployPullRequest.yml @@ -6,7 +6,7 @@ jobs: deploy_to_test: uses: ./.github/workflows/DeployEverything.yml with: - env: test + env: "test" secrets: AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} From c133667fd3180bc8bbd3860eb825c4404cea231f Mon Sep 17 00:00:00 2001 From: Russell Day Date: Wed, 24 Apr 2024 00:22:37 +0100 Subject: [PATCH 27/72] Reduce keyvault name length some more --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 865fb3d..1dd3d42 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -24,7 +24,7 @@ locals { } resource "azurerm_key_vault" "key_vault" { - name = "${local.resource_prefix}-secrets-kv" + name = "${local.resource_prefix}-kv" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name enabled_for_disk_encryption = true From d5bd5356a087df451a2a3f7894d1fb87f32906f4 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Wed, 24 Apr 2024 00:31:38 +0100 Subject: [PATCH 28/72] Fix the seed for EventDetail --- .../PocketDDD.Server.DB/Migrations/2024_SeedData.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PocketDDD.Server/PocketDDD.Server.DB/Migrations/2024_SeedData.sql b/PocketDDD.Server/PocketDDD.Server.DB/Migrations/2024_SeedData.sql index c7b9a49..37e6c8b 100644 --- a/PocketDDD.Server/PocketDDD.Server.DB/Migrations/2024_SeedData.sql +++ b/PocketDDD.Server/PocketDDD.Server.DB/Migrations/2024_SeedData.sql @@ -8,7 +8,7 @@ delete EventDetail GO -DBCC CHECKIDENT ('[EventDetail]', RESEED, 0); +DBCC CHECKIDENT ('[EventDetail]', RESEED, 1); DBCC CHECKIDENT ('[Tracks]', RESEED, 0); DBCC CHECKIDENT ('[TimeSlots]', RESEED, 0); DBCC CHECKIDENT ('[Sessions]', RESEED, 0); From ab1776e10015fb48726a5f6e547ef4af4d6e220d Mon Sep 17 00:00:00 2001 From: Russell Day Date: Wed, 24 Apr 2024 00:38:25 +0100 Subject: [PATCH 29/72] Remove special chars from SQL password --- terraform/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 1dd3d42..68b0a18 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -12,7 +12,8 @@ resource "random_string" "admin_login" { } resource "random_password" "admin_password" { - length = 25 + length = 30 + special = false } resource "random_password" "admin_api_key" { From ab558add7f7dd30d34b373a8a41c5792a81dacb5 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Wed, 24 Apr 2024 00:47:05 +0100 Subject: [PATCH 30/72] Remove special chars from admin login --- terraform/main.tf | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 68b0a18..0442544 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -6,13 +6,12 @@ resource "azurerm_resource_group" "rg" { } resource "random_string" "admin_login" { - length = 16 - special = true - override_special = "/@£$" + length = 20 + special = false } resource "random_password" "admin_password" { - length = 30 + length = 30 special = false } From 5a5aa359237ad7380241f1159b015324ca0ef9b6 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 09:45:23 +0100 Subject: [PATCH 31/72] Set app settings for blazor client at top level --- terraform/blazor_client.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/terraform/blazor_client.tf b/terraform/blazor_client.tf index 7137be6..99b4acf 100644 --- a/terraform/blazor_client.tf +++ b/terraform/blazor_client.tf @@ -5,6 +5,11 @@ resource "azurerm_static_web_app" "blazor-client" { sku_tier = var.client_sku_tier sku_size = var.client_sku_size + + app_settings = { + "apiUrl": "https://pocketddd-${ var.env }-api-server-web-app.azurewebsites.net/api/" + "fakeBackend": "false" + } } resource "azurerm_key_vault_secret" "blazor_client_deployment_token" { From 4f1e83fcad9318ffa99cb0e51f98a17bf8066686 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 09:53:05 +0100 Subject: [PATCH 32/72] Default to 'Production' blazor client environment --- .github/workflows/DeployBlazorClient.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/DeployBlazorClient.yml b/.github/workflows/DeployBlazorClient.yml index daf5b41..ba467ff 100644 --- a/.github/workflows/DeployBlazorClient.yml +++ b/.github/workflows/DeployBlazorClient.yml @@ -21,7 +21,6 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig - deployment_environment: Test app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From 18b545f7f031e4a857396928a593d7b3020adb5d Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 10:00:25 +0100 Subject: [PATCH 33/72] Remove client environment from correct pipeline --- .github/workflows/DeployEverything.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index bf35f20..bffe90b 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -114,7 +114,6 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig - deployment_environment: ${{ inputs.env }} app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From adb3156b8a2fee467e66e7135d9059f075b56abc Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 10:07:07 +0100 Subject: [PATCH 34/72] Explicitly deploy to Production --- .github/workflows/DeployEverything.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index bffe90b..ee3c31f 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -114,6 +114,7 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig + deployment_environment: "Production" app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From 94cc29bbadf8c5bd6f1ff2724ec00fa3fe88ca20 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 10:13:36 +0100 Subject: [PATCH 35/72] Explicitly set Production env for blazor client --- .github/workflows/DeployEverything.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index ee3c31f..38ca0ee 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -115,6 +115,7 @@ jobs: ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig deployment_environment: "Production" + production_branch: true app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From 3d7673fbd8e2e09b2487de74661d47701b761b92 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 10:23:02 +0100 Subject: [PATCH 36/72] Use the branch name --- .github/workflows/DeployEverything.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 38ca0ee..95692ee 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -115,7 +115,7 @@ jobs: ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig deployment_environment: "Production" - production_branch: true + production_branch: ${{ github.head_ref }} app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From 8987bd78c6ef49f7df87cf81037b58f6df744a4f Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 11:28:04 +0100 Subject: [PATCH 37/72] Explicitly set app settings after deployment --- .github/workflows/DeployEverything.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 95692ee..9246d3a 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -108,15 +108,21 @@ jobs: id: builddeploy uses: Azure/static-web-apps-deploy@v1 with: - # azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} azure_static_web_apps_api_token: ${{ env.WEB_APP_API_TOKEN }} repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments) action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig - deployment_environment: "Production" - production_branch: ${{ github.head_ref }} app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional ###### End of Repository/Build Configurations ###### + + - name: Set environment variables for environment + run: | + environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) + + apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) + + az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl + From a8901b747ad236f93ee6ef43489661d4af537052 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 11:47:03 +0100 Subject: [PATCH 38/72] Set client environments again --- .github/workflows/DeployBlazorClient.yml | 1 + .github/workflows/DeployEverything.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/DeployBlazorClient.yml b/.github/workflows/DeployBlazorClient.yml index ba467ff..daf5b41 100644 --- a/.github/workflows/DeployBlazorClient.yml +++ b/.github/workflows/DeployBlazorClient.yml @@ -21,6 +21,7 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig + deployment_environment: Test app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 9246d3a..b88af85 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -113,6 +113,7 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig + deployment_environment: ${{ inputs.env }} app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From 6d267009df0fc41430a1901e2a1baaa303282937 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 15:54:22 +0100 Subject: [PATCH 39/72] Turn off preview envirnoments for blazor client --- .github/workflows/DeployEverything.yml | 11 +++++------ terraform/blazor_client.tf | 2 ++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index b88af85..6483761 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -113,17 +113,16 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig - deployment_environment: ${{ inputs.env }} app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional ###### End of Repository/Build Configurations ###### - - name: Set environment variables for environment - run: | - environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) + # - name: Set environment variables for environment + # run: | + # environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) - apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) + # apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) - az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl + # az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl diff --git a/terraform/blazor_client.tf b/terraform/blazor_client.tf index 99b4acf..b41ffcf 100644 --- a/terraform/blazor_client.tf +++ b/terraform/blazor_client.tf @@ -10,6 +10,8 @@ resource "azurerm_static_web_app" "blazor-client" { "apiUrl": "https://pocketddd-${ var.env }-api-server-web-app.azurewebsites.net/api/" "fakeBackend": "false" } + + preview_environments_enabled = false } resource "azurerm_key_vault_secret" "blazor_client_deployment_token" { From 101f020bb6a89f8b5b8a72c78fa85d531417b32d Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:00:42 +0100 Subject: [PATCH 40/72] Deploy explicitly to Production environment --- .github/workflows/DeployEverything.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 6483761..5b55391 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -113,6 +113,7 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig + deployment_environment: Production app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From c76e2d4f36197461634d281cb1159882981c4c3d Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:09:47 +0100 Subject: [PATCH 41/72] Trigger on non-main branch push --- .../{DeployPullRequest.yml => DeployBranchPush.yml} | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) rename .github/workflows/{DeployPullRequest.yml => DeployBranchPush.yml} (83%) diff --git a/.github/workflows/DeployPullRequest.yml b/.github/workflows/DeployBranchPush.yml similarity index 83% rename from .github/workflows/DeployPullRequest.yml rename to .github/workflows/DeployBranchPush.yml index 88b465e..5e00ff1 100644 --- a/.github/workflows/DeployPullRequest.yml +++ b/.github/workflows/DeployBranchPush.yml @@ -1,6 +1,9 @@ -name: Deploy Pull Request +name: Deploy Branch Push on: - pull_request: + push: + branches-ignore: + - 'main' + jobs: deploy_to_test: From a4ce721f5c1760545ef8180b5fe7666748558fec Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:13:23 +0100 Subject: [PATCH 42/72] Update some actions --- .github/workflows/DeployEverything.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 5b55391..63d713b 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -49,7 +49,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Setup .NET SDK - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNET_CORE_VERSION }} - name: Restore @@ -61,7 +61,7 @@ jobs: - name: Publish run: dotnet publish "${{ env.WORKING_DIRECTORY }}" --configuration ${{ env.CONFIGURATION }} --no-build --output "${{ env.AZURE_WEBAPP_PACKAGE_PATH }}" - name: Publish Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: webapp path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} From c5befada0563442fea4008420ca3a7745faa8f4d Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:17:08 +0100 Subject: [PATCH 43/72] Remove environment specifier on blazor client deployment --- .github/workflows/DeployEverything.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 63d713b..73c3100 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -113,7 +113,6 @@ jobs: action: "upload" ###### Repository/Build Configurations - These values can be configured to match your app requirements. ###### # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig - deployment_environment: Production app_location: "/PocketDDD.BlazorClient/PocketDDD.BlazorClient" # App source code path api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional From 6269d6388cd0ebba04464f37341fafcb62cfb0cc Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:19:26 +0100 Subject: [PATCH 44/72] Update download artifact step --- .github/workflows/DeployEverything.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 73c3100..c1f366e 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -77,7 +77,7 @@ jobs: with: creds: '${{ secrets.AZURE_CREDENTIALS }}' - name: Download artifact from build job - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: webapp path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} From a7f465e3100b62c016f0c5cec0aaf3bf8ae17935 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:36:49 +0100 Subject: [PATCH 45/72] Dynamically set app setting before deployment --- .github/workflows/DeployEverything.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index c1f366e..ee2795d 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -100,6 +100,12 @@ jobs: uses: azure/login@v1 with: creds: '${{ secrets.AZURE_CREDENTIALS }}' + + - name: Set environment variables for environment + run: | + apiUrl=$(az webapp config hostname list --resource-group pocketddd-${{ inputs.env }}-rg --webapp-name pocketddd-${{ inputs.env }}-api-server-web-app --query "[0].name" -o tsv) + az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl + - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) echo "WEB_APP_API_TOKEN=$apiToken" >> "$GITHUB_ENV" @@ -118,11 +124,11 @@ jobs: output_location: "wwwroot" # Built app content directory - optional ###### End of Repository/Build Configurations ###### - # - name: Set environment variables for environment - # run: | - # environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) + - name: Set environment variables for environment + run: | + environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) - # apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) + apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) - # az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl + az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl From 19ad3b6b76a107936f588fa11d9422b8d0ba4fcb Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:41:03 +0100 Subject: [PATCH 46/72] Remove env name from set app settings command --- .github/workflows/DeployEverything.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index ee2795d..60ee12f 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -104,8 +104,8 @@ jobs: - name: Set environment variables for environment run: | apiUrl=$(az webapp config hostname list --resource-group pocketddd-${{ inputs.env }}-rg --webapp-name pocketddd-${{ inputs.env }}-api-server-web-app --query "[0].name" -o tsv) - az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl - + az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --setting-names fakeBackend=false apiUrl=$apiUrl + - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) echo "WEB_APP_API_TOKEN=$apiToken" >> "$GITHUB_ENV" From 786612f193c7a7af4b860f195186bebd71703187 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 16:49:29 +0100 Subject: [PATCH 47/72] Comment out now-failing code --- .github/workflows/DeployEverything.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 60ee12f..d574971 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -124,11 +124,11 @@ jobs: output_location: "wwwroot" # Built app content directory - optional ###### End of Repository/Build Configurations ###### - - name: Set environment variables for environment - run: | - environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) + # - name: Set environment variables for environment + # run: | + # environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) - apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) + # apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) - az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl + # az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl From b857a76b478cd770a66a55fc348da06fdd509824 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:04:13 +0100 Subject: [PATCH 48/72] Set the dotnet environment variables --- terraform/blazor_client.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/blazor_client.tf b/terraform/blazor_client.tf index b41ffcf..905ff05 100644 --- a/terraform/blazor_client.tf +++ b/terraform/blazor_client.tf @@ -7,6 +7,8 @@ resource "azurerm_static_web_app" "blazor-client" { sku_size = var.client_sku_size app_settings = { + "ASPNETCORE_ENVIRONMENT": "${ var.env }" + "DOTNET_ENVIRONMENT": "${ var.env }" "apiUrl": "https://pocketddd-${ var.env }-api-server-web-app.azurewebsites.net/api/" "fakeBackend": "false" } From eb3f62032606b9436a22fe648fedab2dc41796fb Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:09:39 +0100 Subject: [PATCH 49/72] Only apply terraform if there are changes --- .github/workflows/DeployEverything.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index d574971..fbfd2a9 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -39,7 +39,14 @@ jobs: uses: hashicorp/setup-terraform@v3 - run: | terraform init -backend-config="key=${{ inputs.env }}.terraform.tfstate" - terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars + + terraform plan --var-file ../tfvars/${{ inputs.env }}.tfvars -detailed-exitcode + + # Tests whether there are any changes to make, see: https://developer.hashicorp.com/terraform/cli/commands/plan#detailed-exitcode + exitCode=$? + if [ $exitCode -eq 2 ]; then + terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars + fi env: ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} From 5b7448863fbb3ce0e2915c7d0796af7991509648 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:11:41 +0100 Subject: [PATCH 50/72] Try having no app settings file --- .../PocketDDD.BlazorClient/wwwroot/appsettings.Test.json | 4 ---- .../PocketDDD.BlazorClient/wwwroot/appsettings.json | 4 ---- .../PocketDDD.BlazorClient/wwwroot/appsettings.prod.json | 4 ---- 3 files changed, 12 deletions(-) delete mode 100644 PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json delete mode 100644 PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json delete mode 100644 PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.prod.json diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json deleted file mode 100644 index f327669..0000000 --- a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "apiUrl": "https://pocketddd-test-api-server-web-app.azurewebsites.net/api/", - "fakeBackend": false -} \ No newline at end of file diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json deleted file mode 100644 index 870e657..0000000 --- a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "apiUrl": "", - "fakeBackend": false -} \ No newline at end of file diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.prod.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.prod.json deleted file mode 100644 index 5fdc5db..0000000 --- a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.prod.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "apiUrl": "https://dddsw2023pocketdddserverwebapi.azurewebsites.net/api/", - "fakeBackend": false -} \ No newline at end of file From 94cc4da889225f5c43595efebed2ee21ce1c8832 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:14:57 +0100 Subject: [PATCH 51/72] Set apiUrl with full HTTP bits --- .github/workflows/DeployEverything.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index fbfd2a9..b3fc0d2 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -39,7 +39,7 @@ jobs: uses: hashicorp/setup-terraform@v3 - run: | terraform init -backend-config="key=${{ inputs.env }}.terraform.tfstate" - + terraform plan --var-file ../tfvars/${{ inputs.env }}.tfvars -detailed-exitcode # Tests whether there are any changes to make, see: https://developer.hashicorp.com/terraform/cli/commands/plan#detailed-exitcode @@ -111,7 +111,7 @@ jobs: - name: Set environment variables for environment run: | apiUrl=$(az webapp config hostname list --resource-group pocketddd-${{ inputs.env }}-rg --webapp-name pocketddd-${{ inputs.env }}-api-server-web-app --query "[0].name" -o tsv) - az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --setting-names fakeBackend=false apiUrl=$apiUrl + az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --setting-names fakeBackend=false apiUrl='https://$apiUrl/api/' - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) From ea8bcf00fb9a563cf8fc6294d0f9964aa2021fee Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:18:21 +0100 Subject: [PATCH 52/72] Stop setting client environment variables explicitly --- .github/workflows/DeployEverything.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index b3fc0d2..e7060ce 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -108,11 +108,6 @@ jobs: with: creds: '${{ secrets.AZURE_CREDENTIALS }}' - - name: Set environment variables for environment - run: | - apiUrl=$(az webapp config hostname list --resource-group pocketddd-${{ inputs.env }}-rg --webapp-name pocketddd-${{ inputs.env }}-api-server-web-app --query "[0].name" -o tsv) - az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --setting-names fakeBackend=false apiUrl='https://$apiUrl/api/' - - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) echo "WEB_APP_API_TOKEN=$apiToken" >> "$GITHUB_ENV" @@ -130,12 +125,3 @@ jobs: api_location: "" # Api source code path - optional output_location: "wwwroot" # Built app content directory - optional ###### End of Repository/Build Configurations ###### - - # - name: Set environment variables for environment - # run: | - # environmentName=$(az staticwebapp environment list -n pocketddd-${{ inputs.env }}-blazorclient --query "[1].name" -o tsv) - - # apiUrl=$(az staticwebapp appsettings list -n pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiUrl" -o tsv) - - # az staticwebapp appsettings set -n pocketddd-${{ inputs.env }}-blazorclient --environment-name $environmentName --setting-names fakeBackend=false apiUrl=$apiUrl - From 9065f94efbcbe35b674600e43d1250b06538fbde Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:20:07 +0100 Subject: [PATCH 53/72] Add a bit of debug around tf switch --- .github/workflows/DeployEverything.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index e7060ce..c65f5bc 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -43,8 +43,12 @@ jobs: terraform plan --var-file ../tfvars/${{ inputs.env }}.tfvars -detailed-exitcode # Tests whether there are any changes to make, see: https://developer.hashicorp.com/terraform/cli/commands/plan#detailed-exitcode + echo 'Exit Code: $?' + echo $? + exitCode=$? if [ $exitCode -eq 2 ]; then + echo 'Change detected, applying' terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars fi env: From c5f625e8a90c1192fc0a75172f76693959817cdd Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:22:40 +0100 Subject: [PATCH 54/72] Remove tf optimisation --- .github/workflows/DeployEverything.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index c65f5bc..a97bec4 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -40,17 +40,7 @@ jobs: - run: | terraform init -backend-config="key=${{ inputs.env }}.terraform.tfstate" - terraform plan --var-file ../tfvars/${{ inputs.env }}.tfvars -detailed-exitcode - - # Tests whether there are any changes to make, see: https://developer.hashicorp.com/terraform/cli/commands/plan#detailed-exitcode - echo 'Exit Code: $?' - echo $? - - exitCode=$? - if [ $exitCode -eq 2 ]; then - echo 'Change detected, applying' - terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars - fi + terraform apply -auto-approve --var-file ../tfvars/${{ inputs.env }}.tfvars env: ARM_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} From 221951703f814b586ac814c6a5be078561bebecb Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:29:24 +0100 Subject: [PATCH 55/72] Add an empty app settings --- .../PocketDDD.BlazorClient/wwwroot/appsettings.json | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json new file mode 100644 index 0000000..a958748 --- /dev/null +++ b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json @@ -0,0 +1,4 @@ +{ + "apiUrl": "", + "fakeBackend": true +} \ No newline at end of file From 66ecd64074ba4a202ffb08e694d8b748f535a077 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:32:07 +0100 Subject: [PATCH 56/72] Reinstate app settings files --- .../wwwroot/appsettings.Production.json | 4 ++++ .../PocketDDD.BlazorClient/wwwroot/appsettings.test.json | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json create mode 100644 PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.test.json diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json new file mode 100644 index 0000000..a9c1e55 --- /dev/null +++ b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json @@ -0,0 +1,4 @@ +{ + "apiUrl": "https://pocketddd-production-api-server-web-app.azurewebsites.net/api/", + "fakeBackend": false +} \ No newline at end of file diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.test.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.test.json new file mode 100644 index 0000000..f327669 --- /dev/null +++ b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.test.json @@ -0,0 +1,4 @@ +{ + "apiUrl": "https://pocketddd-test-api-server-web-app.azurewebsites.net/api/", + "fakeBackend": false +} \ No newline at end of file From 76e9b23ba2b8e27befe354423f172c17735c02a0 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 17:43:10 +0100 Subject: [PATCH 57/72] Try just replacing the default app settings json --- .github/workflows/DeployEverything.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index a97bec4..1fdcc21 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -102,6 +102,9 @@ jobs: with: creds: '${{ secrets.AZURE_CREDENTIALS }}' + - run: | + cp PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.${{ inputs.env }}.json PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json + - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) echo "WEB_APP_API_TOKEN=$apiToken" >> "$GITHUB_ENV" From 92d4e9bc6c7810c5bd39bb5402c9396bb2d6743e Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 18:23:59 +0100 Subject: [PATCH 58/72] Add a user to kv --- terraform/main.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index 0442544..de9940e 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -55,4 +55,19 @@ resource "azurerm_key_vault" "key_vault" { "Get", ] } + + access_policy = { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = "a3c87bb8-7a90-4775-981c-d450d4baede2" + + key_permissions = [ ] + + secret_permissions = [ + "Get", + "List", + "Purge", + ] + + storage_permissions = [ ] + } } From 5172d2914aaae9b7e8a3e44d6f339ea3b4e2af0e Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 18:28:25 +0100 Subject: [PATCH 59/72] Change access policy assignee --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index de9940e..2523638 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -58,7 +58,7 @@ resource "azurerm_key_vault" "key_vault" { access_policy = { tenant_id = data.azurerm_client_config.current.tenant_id - object_id = "a3c87bb8-7a90-4775-981c-d450d4baede2" + object_id = "4a9cec89-cee2-44fb-978f-6ded96b60d31" key_permissions = [ ] From a6aaa94812e452a9830b6672cd1c20a98ae3c1a3 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 18:29:03 +0100 Subject: [PATCH 60/72] Fx tf syntax --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 2523638..b41d095 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -56,7 +56,7 @@ resource "azurerm_key_vault" "key_vault" { ] } - access_policy = { + access_policy { tenant_id = data.azurerm_client_config.current.tenant_id object_id = "4a9cec89-cee2-44fb-978f-6ded96b60d31" From 07e4a51d5d49c43fb2d3a68783ae03099afc19be Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 18:35:23 +0100 Subject: [PATCH 61/72] Set expected app setting file name --- .github/workflows/DeployEverything.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 1fdcc21..8cbfa83 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -103,7 +103,7 @@ jobs: creds: '${{ secrets.AZURE_CREDENTIALS }}' - run: | - cp PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.${{ inputs.env }}.json PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json + cp PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.${{ inputs.env }}.json PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Production.json - run: | apiToken=$(az staticwebapp secrets list --name pocketddd-${{ inputs.env }}-blazorclient --query "properties.apiKey" -o tsv) From 3b0f0b751d5a722ff8f71e584c6966d76cb84d1d Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 18:48:49 +0100 Subject: [PATCH 62/72] Fix connection string mistake --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index b41d095..3ddb7f7 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -20,7 +20,7 @@ resource "random_password" "admin_api_key" { } locals { - db_connection_string = "Server=tcp:${local.sql_server_name}.database.windows.net,1433;Initial Catalog=pocketddd-dev-sqldatabase;Persist Security Info=False;User ID=${random_string.admin_login.result};Password=${random_password.admin_password.result};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" + db_connection_string = "Server=tcp:${local.sql_server_name}.database.windows.net,1433;Initial Catalog=pocketddd-${var.env}-sqldatabase;Persist Security Info=False;User ID=${random_string.admin_login.result};Password=${random_password.admin_password.result};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" } resource "azurerm_key_vault" "key_vault" { From dd39a3dc9c57d7afeb4f388b14d6ca103abcd3c5 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 20:31:20 +0100 Subject: [PATCH 63/72] Revert settings changes --- .../{appsettings.dev.json => appsettings.Development.json} | 0 .../PocketDDD.BlazorClient/wwwroot/appsettings.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/{appsettings.dev.json => appsettings.Development.json} (100%) diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.dev.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Development.json similarity index 100% rename from PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.dev.json rename to PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Development.json diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json index a958748..870e657 100644 --- a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json +++ b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.json @@ -1,4 +1,4 @@ { "apiUrl": "", - "fakeBackend": true + "fakeBackend": false } \ No newline at end of file From 6c41e51f68409fad1b297034234f612d8de8fa44 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 20:35:56 +0100 Subject: [PATCH 64/72] Default to deploying to Test environment --- .github/workflows/DeployBranchPush.yml | 2 +- .github/workflows/DeployEverything.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DeployBranchPush.yml b/.github/workflows/DeployBranchPush.yml index 5e00ff1..748e960 100644 --- a/.github/workflows/DeployBranchPush.yml +++ b/.github/workflows/DeployBranchPush.yml @@ -9,7 +9,7 @@ jobs: deploy_to_test: uses: ./.github/workflows/DeployEverything.yml with: - env: "test" + env: "Test" secrets: AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} diff --git a/.github/workflows/DeployEverything.yml b/.github/workflows/DeployEverything.yml index 8cbfa83..c54a705 100644 --- a/.github/workflows/DeployEverything.yml +++ b/.github/workflows/DeployEverything.yml @@ -4,7 +4,7 @@ on: inputs: env: required: true - default: "dev" + default: "Test" type: string secrets: AZURE_CREDENTIALS: From d517fc25f13329fcddbbe9b58c904fab7c875d74 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 20:38:05 +0100 Subject: [PATCH 65/72] Rename tfvars files to match environment names --- tfvars/{prod.tfvars => Production.tfvars} | 0 tfvars/dev.tfvars | 7 ------- 2 files changed, 7 deletions(-) rename tfvars/{prod.tfvars => Production.tfvars} (100%) delete mode 100644 tfvars/dev.tfvars diff --git a/tfvars/prod.tfvars b/tfvars/Production.tfvars similarity index 100% rename from tfvars/prod.tfvars rename to tfvars/Production.tfvars diff --git a/tfvars/dev.tfvars b/tfvars/dev.tfvars deleted file mode 100644 index 52b2019..0000000 --- a/tfvars/dev.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -env = "dev" -sql_db_sku = "Basic" -sql_max_storage = "2" -api_app_service_sku = "F1" -api_always_on = false -client_sku_tier = "Free" -client_sku_size = "Free" \ No newline at end of file From 855d94e5fde7a0bc3c925ff8aa76f39a11f8abf3 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 20:46:04 +0100 Subject: [PATCH 66/72] Replace test file --- tfvars/{test.tfvars => Test copy.tfvars} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tfvars/{test.tfvars => Test copy.tfvars} (100%) diff --git a/tfvars/test.tfvars b/tfvars/Test copy.tfvars similarity index 100% rename from tfvars/test.tfvars rename to tfvars/Test copy.tfvars From 5ba78ac7db45a86cadc1e1610993439e6dde4cd1 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 20:46:20 +0100 Subject: [PATCH 67/72] Add Test tfvars --- tfvars/{Test copy.tfvars => Test.tfvars} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tfvars/{Test copy.tfvars => Test.tfvars} (100%) diff --git a/tfvars/Test copy.tfvars b/tfvars/Test.tfvars similarity index 100% rename from tfvars/Test copy.tfvars rename to tfvars/Test.tfvars From b7874f87d8b8ec68dd3a16fbf744679df36f6256 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 21:25:33 +0100 Subject: [PATCH 68/72] Let's deploy to Test2 --- .github/workflows/DeployBranchPush.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DeployBranchPush.yml b/.github/workflows/DeployBranchPush.yml index 748e960..0148f7b 100644 --- a/.github/workflows/DeployBranchPush.yml +++ b/.github/workflows/DeployBranchPush.yml @@ -9,7 +9,7 @@ jobs: deploy_to_test: uses: ./.github/workflows/DeployEverything.yml with: - env: "Test" + env: "Test2" secrets: AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} From 98fef8e6b384b1b650fc5d4c772a6280e084b98d Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 21:30:30 +0100 Subject: [PATCH 69/72] Add Test2 app settings and tfvars --- .../PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json | 4 ++++ tfvars/Test2.tfvars | 7 +++++++ 2 files changed, 11 insertions(+) create mode 100644 PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json create mode 100644 tfvars/Test2.tfvars diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json new file mode 100644 index 0000000..f327669 --- /dev/null +++ b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json @@ -0,0 +1,4 @@ +{ + "apiUrl": "https://pocketddd-test-api-server-web-app.azurewebsites.net/api/", + "fakeBackend": false +} \ No newline at end of file diff --git a/tfvars/Test2.tfvars b/tfvars/Test2.tfvars new file mode 100644 index 0000000..484b4d8 --- /dev/null +++ b/tfvars/Test2.tfvars @@ -0,0 +1,7 @@ +env = "test" +sql_db_sku = "Basic" +sql_max_storage = "2" +api_app_service_sku = "F1" +api_always_on = false +client_sku_tier = "Free" +client_sku_size = "Free" \ No newline at end of file From 383a3c2dcc8640284d769fdf96576e000e4c4be5 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 21:34:09 +0100 Subject: [PATCH 70/72] facepalm --- tfvars/Test2.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfvars/Test2.tfvars b/tfvars/Test2.tfvars index 484b4d8..1fe7546 100644 --- a/tfvars/Test2.tfvars +++ b/tfvars/Test2.tfvars @@ -1,4 +1,4 @@ -env = "test" +env = "test2" sql_db_sku = "Basic" sql_max_storage = "2" api_app_service_sku = "F1" From ee484cf9d4b825adff8cae3db8445d0658cc2004 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 21:34:25 +0100 Subject: [PATCH 71/72] facepalm 2 electric boogaloo --- .../PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json index f327669..6e7781d 100644 --- a/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json +++ b/PocketDDD.BlazorClient/PocketDDD.BlazorClient/wwwroot/appsettings.Test2.json @@ -1,4 +1,4 @@ { - "apiUrl": "https://pocketddd-test-api-server-web-app.azurewebsites.net/api/", + "apiUrl": "https://pocketddd-test2-api-server-web-app.azurewebsites.net/api/", "fakeBackend": false } \ No newline at end of file From 9d6d04dd295c18ff3ccbe03a31a9f7566217a6e5 Mon Sep 17 00:00:00 2001 From: Russell Day Date: Thu, 25 Apr 2024 21:42:14 +0100 Subject: [PATCH 72/72] Use different SKU --- tfvars/Test2.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfvars/Test2.tfvars b/tfvars/Test2.tfvars index 1fe7546..34a80f3 100644 --- a/tfvars/Test2.tfvars +++ b/tfvars/Test2.tfvars @@ -1,7 +1,7 @@ env = "test2" sql_db_sku = "Basic" sql_max_storage = "2" -api_app_service_sku = "F1" +api_app_service_sku = "B1" api_always_on = false client_sku_tier = "Free" client_sku_size = "Free" \ No newline at end of file