Safeguarding ScanReport file exporting name (#938) #245
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy to Dev and Test | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| env: | |
| AZURE_FUNCTIONAPP_PACKAGE_PATH: "./app/workers" | |
| AZURE_WEBAPP_PACKAGE_PATH: "./app/next-client-app" | |
| PYTHON_VERSION: "3.11" | |
| NODE_VERSION: 20 | |
| jobs: | |
| build-and-publish-workers: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Checkout GitHub Action" | |
| uses: actions/checkout@v4 | |
| - name: Setup Python ${{ env.PYTHON_VERSION }} Environment | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: "Install Poetry" | |
| uses: snok/install-poetry@v1 | |
| with: | |
| plugins: poetry-plugin-export | |
| - name: "Resolve Project Dependencies Using Poetry" | |
| run: | | |
| pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' | |
| poetry config virtualenvs.create false | |
| poetry export --format requirements.txt --output requirements.txt --without-hashes | |
| popd | |
| shell: bash | |
| - name: "Install Dependencies Using Pip" | |
| shell: bash | |
| run: | | |
| pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt --target=".python_packages/lib/site-packages" | |
| popd | |
| - name: Upload artifact for deployment job | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: functionsapp | |
| path: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} | |
| include-hidden-files: true | |
| build-and-publish-web: | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ccomreg.azurecr.io | |
| username: ${{ secrets.REGISTRY_USERNAME_DEV }} | |
| password: ${{ secrets.REGISTRY_PASSWORD_DEV }} | |
| - name: Build and push container image to registry | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./app | |
| push: true | |
| tags: ccomreg.azurecr.io/${{ secrets.REGISTRY_USERNAME_DEV }}/latest:${{ github.sha }} | |
| file: ./app/api/Dockerfile | |
| build-and-publish-next-app: | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| env: | |
| BACKEND_ORIGIN: ${{ secrets.BACKEND_ORIGIN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ env.NODE_VERSION }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: npm install and build | |
| run: | | |
| npm i --workspaces=false | |
| working-directory: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} | |
| - name: Cache .next/cache | |
| uses: actions/cache@v4 | |
| env: | |
| cache-name: cache-node-modules | |
| with: | |
| path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/.next/cache | |
| key: nextjs | $(Agent.OS) | ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/package-lock.json | |
| - name: Build | |
| run: npm run build --workspaces=false | |
| working-directory: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} | |
| - name: Copy Static Assets | |
| run: | | |
| cp -r .next/static .next/standalone/.next/ | |
| cp -r public .next/standalone/ | |
| working-directory: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} | |
| - name: Publish webapp artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/.next/standalone | |
| name: frontendwebapp | |
| include-hidden-files: true | |
| # Deploy Workers Dev | |
| deploy-workers-dev: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-publish-workers, build-and-publish-web] | |
| environment: dev | |
| steps: | |
| - name: Download artifact from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: functionsapp | |
| name: functionsapp | |
| - name: "Run Azure Functions Action" | |
| uses: Azure/[email protected] | |
| id: fa | |
| with: | |
| app-name: ${{ vars.AZURE_FUNCTIONS_NAME }} | |
| slot-name: "production" | |
| package: ${{ github.workspace }}/functionsapp | |
| publish-profile: ${{ secrets.AZURE_FUNCAPP_PUBLISH_PROFILE }} | |
| # Deploy Web App Dev | |
| deploy-web-dev: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-publish-web, deploy-workers-dev] | |
| environment: | |
| name: "dev" | |
| url: ${{ steps.deploy-web-dev.outputs.webapp-url }} | |
| steps: | |
| - name: Deploy to Azure Web App | |
| id: deploy-to-webapp | |
| uses: azure/webapps-deploy@v2 | |
| with: | |
| app-name: ${{ vars.AZURE_WEBAPP_NAME }} | |
| publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} | |
| images: "ccomreg.azurecr.io/${{ secrets.REGISTRY_USERNAME_DEV }}/latest:${{ github.sha }}" | |
| # Deploy Next.js Client App Dev | |
| deploy-next-dev: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-publish-next-app, deploy-web-dev] | |
| environment: dev | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download artifact from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: frontendwebapp | |
| name: frontendwebapp | |
| - name: Deploy to Azure WebApp | |
| uses: azure/webapps-deploy@v2 | |
| with: | |
| app-name: ${{ vars.AZURE_WEBAPP_NEXT_NAME }} | |
| publish-profile: ${{ secrets.AZURE_WEBAPP_NEXT_PUBLISH_PROFILE }} | |
| package: ${{ github.workspace }}/frontendwebapp | |
| # Deploy Workers Test | |
| deploy-workers-test: | |
| runs-on: ubuntu-latest | |
| needs: deploy-workers-dev | |
| environment: test | |
| steps: | |
| - name: Download artifact from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: functionsapp | |
| name: functionsapp | |
| - name: "Run Azure Functions Action" | |
| uses: Azure/[email protected] | |
| id: fa | |
| with: | |
| app-name: ${{ vars.AZURE_FUNCTIONS_NAME }} | |
| slot-name: "production" | |
| package: ${{ github.workspace }}/functionsapp | |
| publish-profile: ${{ secrets.AZURE_FUNCAPP_PUBLISH_PROFILE }} | |
| # Deploy Web App Test | |
| deploy-web-test: | |
| runs-on: ubuntu-latest | |
| needs: [deploy-web-dev, deploy-workers-test] | |
| environment: | |
| name: "test" | |
| url: ${{ steps.deploy-to-webapp.outputs.webapp-url }} | |
| steps: | |
| - name: Deploy to Azure Web App | |
| id: deploy-to-webapp | |
| uses: azure/webapps-deploy@v2 | |
| with: | |
| app-name: ${{ vars.AZURE_WEBAPP_NAME }} | |
| publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} | |
| images: "ccomreg.azurecr.io/${{ secrets.REGISTRY_USERNAME_DEV }}/latest:${{ github.sha }}" | |
| # Deploy Next.js Client App Test | |
| deploy-next-test: | |
| runs-on: ubuntu-latest | |
| needs: [deploy-next-dev, deploy-web-test] | |
| environment: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download artifact from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: frontendwebapp | |
| name: frontendwebapp | |
| - name: Deploy to Azure WebApp | |
| uses: azure/webapps-deploy@v2 | |
| with: | |
| app-name: ${{ vars.AZURE_WEBAPP_NEXT_NAME }} | |
| publish-profile: ${{ secrets.AZURE_WEBAPP_NEXT_PUBLISH_PROFILE }} | |
| package: ${{ github.workspace }}/frontendwebapp |