Enhance CI/CD workflows by adding OIDC environment variables for Azur…

…e and updating action versions
octodemo · Nov 5, 2024 · 413e6cd · 413e6cd
1 parent 4aefb52
commit 413e6cd
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 14 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -68,6 +68,11 @@ jobs:
         run: |
           echo "CONTAINER_APP_URL=$(terraform output -raw container_app_url)" >> $GITHUB_ENV
         working-directory: ./terraform/staging
+        env:
+          ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          ARM_USE_OIDC: true
 
       - name: Upload Teraaform State and files
         uses: actions/[email protected]
@@ -170,9 +175,19 @@ jobs:
           echo "ARTIFACT_ID=$ARTIFACT_ID" >> $GITHUB_ENV
           echo "ARTIFACT_URL=https://github.com/octodemo/dotnet-razor-pages-movie/actions/runs/${{ github.run_id }}/artifacts/${ARTIFACT_ID}" >> $GITHUB_ENV
       
+      - name: Capture Terraform Output
+        id: output
+        run: echo "CONTAINER_APP_URL=$(terraform output -raw container_app_url)" >> $GITHUB_ENV
+        working-directory: ./terraform/production
+        env:
+          ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          ARM_USE_OIDC: true
+
       - name: Create GitHub Release
         id: create_release
-        uses: actions/create-release@v1
+        uses: ncipollo/release-action@v1.14.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           IMAGE_TAG: ${{ inputs.image_tag }}
@@ -181,8 +196,7 @@ jobs:
           ARTIFACT_URL: ${{ env.ARTIFACT_URL }}
 
         with:
-          tag_name: ${{ inputs.image_tag }}
-          release_name: "Production Release - ${{ inputs.image_tag }}"
+          tag: ${{ inputs.image_tag }}
           body: |
             🎉 **Production Environment Deployed!** 🎉
       
@@ -193,7 +207,4 @@ jobs:
              **Additional Information:**
             - **App Server URL:** https://${process.env.CONTAINER_APP_URL}
 
-            🎊 Thank you to everyone who contributed to this release! Let's keep up the great work! 🎊
-
-          draft: false
-          prerelease: false
+            🎊 Thank you to everyone who contributed to this release! Let's keep up the great work! 🎊
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -94,7 +94,7 @@ jobs:
       run: dotnet publish RazorPagesMovie.csproj --configuration Release --output ./publish --self-contained --runtime ${{ env.RUNTIME }}
 
     - name: Upload published app
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4.4.3
       with:
         name: razor-linux-arm64
         path: publish/
@@ -118,23 +118,23 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4.1.7
+      uses: actions/checkout@v4.2.2
 
     - name: Setup .NET
-      uses: actions/setup-dotnet@v4.0.1
+      uses: actions/setup-dotnet@v4.1.0
       with:
         dotnet-version: '6.0.x'
 
     - name: Cache NuGet packages
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.1.2
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/global.json') }}
         restore-keys: |
           ${{ runner.os }}-nuget-
 
     - name: Setup tmate session
-      uses: mxschmitt/action-tmate@v3
+      uses: mxschmitt/action-tmate@v3.19
       if: ${{ github.event_name == 'workflow_dispatch' && inputs.ssh_debug_enabled }}
 
     - name: Split Tests
@@ -220,7 +220,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-      - uses: actions/download-artifact@v3 # download the published app artifact from the build job
+      - uses: actions/download-artifact@v4.1.8 # download the published app artifact from the build job
         with:
           name: razor-linux-arm64
           path: publish/
@@ -236,7 +236,7 @@ jobs:
 
       - name: Build and push Docker image
         id: build_image
-        uses: docker/build-push-action@v4 # using the docker build and push action from the github marketplace - github.com/marketplace/actions/build-and-push-docker-images
+        uses: docker/build-push-action@v6.9.0 # using the docker build and push action from the github marketplace - github.com/marketplace/actions/build-and-push-docker-images
         with: 
           context: . # using the current directory as the context
           push: true # push the docker image to the registry