-
Notifications
You must be signed in to change notification settings - Fork 0
150 lines (128 loc) · 5.79 KB
/
ci-cd.yml
File metadata and controls
150 lines (128 loc) · 5.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: CI/CD - Build, Test, Upload Log to Azure
on:
push:
branches: [ 'master', 'main' ]
pull_request:
branches: [ 'master', 'main' ]
workflow_dispatch:
env:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
AZURE_WEBAPP_NAME: ${{ secrets.AZURE_WEBAPP_NAME }}
AZURE_RESOURCE_GROUP: ${{ secrets.AZURE_RESOURCE_GROUP }}
AZURE_WEBAPP_PLAN: ${{ secrets.AZURE_WEBAPP_PLAN }}
AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }}
AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
AZURE_STORAGE_CONTAINER: ${{ secrets.AZURE_STORAGE_CONTAINER }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read #This is required for actions/checkout
steps:
- uses: actions/checkout@v4
- name: Set up Java version
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'microsoft'
- name: Build with Maven (capture log)
run: |
mvn -B clean install 2>&1 | tee build-devops.log
- name: Upload build log artifact
uses: actions/upload-artifact@v4
with:
name: build-devops-log
path: build-devops.log
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v4
with:
name: java-app
path: '${{ github.workspace }}/target/*.jar'
deploy:
runs-on: ubuntu-latest
needs: build
permissions:
id-token: write #This is required for requesting the JWT
contents: read #This is required for actions/checkout
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v4
with:
name: java-app
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_3A8797C4CB3C4656B65B34FB82241A5C }}
tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_FD22B0C5825E4693B8B13024329E3E60 }}
subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_08EF1A59AA004F0CAA6E7C4835FB47C9 }}
- name: Deploy to Azure Web App (CLI) and capture log
id: deploy-to-webapp
run: |
echo "--- Deploying to Azure Web App (CLI) ---" | tee deploy-devops.log
JAR=$(ls *.jar 2>/dev/null | head -n1 || true)
if [ -z "$JAR" ]; then
echo "No jar found to deploy" | tee -a deploy-devops.log
exit 1
fi
az webapp deploy --resource-group "${{ secrets.AZURE_RESOURCE_GROUP }}" --name "${{ secrets.AZURE_WEBAPP_NAME }}" --src-path "$JAR" --type jar --restart true 2>&1 | tee -a deploy-devops.log
- name: Upload deploy log artifact
uses: actions/upload-artifact@v4
with:
name: deploy-devops-log
path: deploy-devops.log
upload-log:
runs-on: ubuntu-latest
needs: deploy
steps:
- name: Download build log artifact
uses: actions/download-artifact@v4
with:
name: build-devops-log
path: ./
- name: Ensure Azure Blob container exists
env:
AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
AZURE_STORAGE_CONTAINER: ${{ secrets.AZURE_STORAGE_CONTAINER }}
run: |
az storage container create --name "$AZURE_STORAGE_CONTAINER" --connection-string "$AZURE_STORAGE_CONNECTION_STRING" || true
- name: Download deploy log artifact
uses: actions/download-artifact@v4
with:
name: deploy-devops-log
path: ./
- name: Fetch GitHub Actions run logs (zip)
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
RUN_ID=${{ github.run_id }}
OWNER=${{ github.repository_owner }}
REPO=$(echo "${{ github.repository }}" | awk -F'/' '{print $2}')
echo "Fetching Actions run logs for run: $RUN_ID"
# Use the REST API to download the logs archive
logs_url="https://api.github.com/repos/${{ github.repository }}/actions/runs/${RUN_ID}/logs"
curl -sSL -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" "$logs_url" -o actions-run-logs.zip || true
- name: Upload only log files to Azure Blob (always)
if: always()
env:
AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
AZURE_STORAGE_CONTAINER: ${{ secrets.AZURE_STORAGE_CONTAINER }}
run: |
set -e
echo "Uploading log files to container: $AZURE_STORAGE_CONTAINER"
LOG_PREFIX="pipeline-logs/${{ github.run_id }}"
# UTC timestamp to make each upload unique (ISO-like compact)
TIMESTAMP=$(date -u +"%Y%m%dT%H%M%SZ")
# upload build and deploy logs and any other root .log files
for f in build-devops.log deploy-devops.log ./*.log build-*.log; do
[ -f "$f" ] || continue
BASENAME=$(basename "$f")
echo "Uploading $f -> $LOG_PREFIX/${BASENAME}.${TIMESTAMP}"
az storage blob upload --connection-string "$AZURE_STORAGE_CONNECTION_STRING" --container-name "$AZURE_STORAGE_CONTAINER" --name "$LOG_PREFIX/${BASENAME}.${TIMESTAMP}" --file "$f" --overwrite || true
done
# upload the GitHub Actions run logs zip if present (with timestamp)
if [ -f actions-run-logs.zip ]; then
echo "Uploading Actions run logs zip -> $LOG_PREFIX/actions-run-logs.zip.${TIMESTAMP}"
az storage blob upload --connection-string "$AZURE_STORAGE_CONNECTION_STRING" --container-name "$AZURE_STORAGE_CONTAINER" --name "$LOG_PREFIX/actions-run-logs.zip.${TIMESTAMP}" --file actions-run-logs.zip --overwrite || true
fi