9797 - name : Azure Login
9898 uses : azure/login@v3
9999 with :
100- client-id : ${{ secrets.ESSENTIALCSHARPDEV_CLIENT_ID }}
100+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
101101 tenant-id : ${{ secrets.ESSENTIALCSHARP_APPIDENTITY_TENANT_ID }}
102102 subscription-id : ${{ secrets.ESSENTIALCSHARP_SUBSCRIPTION_ID }}
103103
@@ -113,11 +113,9 @@ jobs:
113113 docker image ls -a
114114
115115name : Log in to container registry
116- uses : docker/login-action@v4
117- with :
118- registry : ${{ vars.DEVCONTAINER_REGISTRY }}
119- username : ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
120- password : ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
116+ run : |
117+ REGISTRY="${{ vars.DEVCONTAINER_REGISTRY }}"
118+ az acr login --name "${REGISTRY%.azurecr.io}"
121119
122120name : Push Image to Container Registry
123121 run : docker push --all-tags ${{ vars.DEVCONTAINER_REGISTRY }}/essentialcsharpweb
@@ -129,12 +127,10 @@ jobs:
129127 RESOURCEGROUP : ${{ vars.RESOURCEGROUP }}
130128 CONTAINER_REGISTRY : ${{ vars.DEVCONTAINER_REGISTRY }}
131129 CONTAINER_APP_ENVIRONMENT : ${{ vars.CONTAINER_APP_ENVIRONMENT }}
132- ACR_USERNAME : ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
133- ACR_PASSWORD : ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
134130 with :
135131 inlineScript : |
136- az config set extension.use_dynamic_install=yes_without_prompt
137- az containerapp up -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --image $CONTAINER_REGISTRY/essentialcsharpweb:${{ github.sha }} --environment $CONTAINER_APP_ENVIRONMENT --registry-server $CONTAINER_REGISTRY --ingress external --target-port 8080 --registry-username $ACR_USERNAME --registry-password $ACR_PASSWORD
132+ az extension add --name containerapp --upgrade
133+ az containerapp up -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --image $CONTAINER_REGISTRY/essentialcsharpweb:${{ github.sha }} --environment $CONTAINER_APP_ENVIRONMENT --registry-server $CONTAINER_REGISTRY --registry-identity ${{ secrets.WEB_UAMI_RESOURCE_ID }} --user-assigned ${{ secrets.WEB_UAMI_RESOURCE_ID }} --ingress external --target-port 8080
138134
139135name : Assign Managed Identity to Container App and Set Secrets and Environment Variables
140136 uses : azure/CLI@v3
@@ -144,14 +140,11 @@ jobs:
144140 CONTAINER_REGISTRY : ${{ vars.DEVCONTAINER_REGISTRY }}
145141 CONTAINER_APP_ENVIRONMENT : ${{ vars.CONTAINER_APP_ENVIRONMENT }}
146142 KEYVAULTURI : ${{ secrets.ESSENTIALCSHARP_KEYVAULT_URI }}
147- MANAGEDIDENTITYID : ${{ secrets.ESSENTIALCSHARP_APPIDENTITY_ID }}
148- ACR_USERNAME : ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
149- ACR_PASSWORD : ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
150- AZURECLIENTID : ${{ secrets.IDENTITY_CLIENT_ID }}
143+ MANAGEDIDENTITYID : ${{ secrets.WEB_UAMI_RESOURCE_ID }}
144+ AZURECLIENTID : ${{ secrets.WEB_UAMI_CLIENT_ID }}
151145 TRYDOTNET_ORIGIN : ${{ vars.TRYDOTNET_ORIGIN }}
152146 with :
153147 inlineScript : |
154- az containerapp identity assign -n ${{ vars.CONTAINER_APP_NAME }} -g ${{ vars.RESOURCEGROUP }} --user-assigned ${{ vars.CONTAINER_APP_IDENTITY }}
155148 az containerapp secret set -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --secrets github-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientid,identityref:$MANAGEDIDENTITYID \
156149 github-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientsecret,identityref:$MANAGEDIDENTITYID msft-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientid,identityref:$MANAGEDIDENTITYID \
157150 msft-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientsecret,identityref:$MANAGEDIDENTITYID emailsender-apikey=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-apikey,identityref:$MANAGEDIDENTITYID \
@@ -194,7 +187,7 @@ jobs:
194187 - name : Azure Login
195188 uses : azure/login@v3
196189 with :
197- client-id : ${{ secrets.ESSENTIALCSHARP_CLIENT_ID }}
190+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
198191 tenant-id : ${{ secrets.ESSENTIALCSHARP_TENANT_ID }}
199192 subscription-id : ${{ secrets.ESSENTIALCSHARP_SUBSCRIPTION_ID }}
200193
@@ -210,11 +203,9 @@ jobs:
210203 docker image ls -a
211204
212205name : Log in to container registry
213- uses : docker/login-action@v4
214- with :
215- registry : ${{ vars.PRODCONTAINER_REGISTRY }}
216- username : ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
217- password : ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
206+ run : |
207+ REGISTRY="${{ vars.PRODCONTAINER_REGISTRY }}"
208+ az acr login --name "${REGISTRY%.azurecr.io}"
218209
219210name : Push Image to Container Registry
220211 run : docker push --all-tags ${{ vars.PRODCONTAINER_REGISTRY }}/essentialcsharpweb
@@ -226,12 +217,10 @@ jobs:
226217 RESOURCEGROUP : ${{ vars.RESOURCEGROUP }}
227218 CONTAINER_REGISTRY : ${{ vars.PRODCONTAINER_REGISTRY }}
228219 CONTAINER_APP_ENVIRONMENT : ${{ vars.CONTAINER_APP_ENVIRONMENT }}
229- ACR_USERNAME : ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
230- ACR_PASSWORD : ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
231220 with :
232221 inlineScript : |
233- az config set extension.use_dynamic_install=yes_without_prompt
234- az containerapp up -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --image $CONTAINER_REGISTRY/essentialcsharpweb:${{ github.sha }} --environment $CONTAINER_APP_ENVIRONMENT --registry-server $CONTAINER_REGISTRY --ingress external --target-port 8080 --registry-username $ACR_USERNAME --registry-password $ACR_PASSWORD
222+ az extension add --name containerapp --upgrade
223+ az containerapp up -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --image $CONTAINER_REGISTRY/essentialcsharpweb:${{ github.sha }} --environment $CONTAINER_APP_ENVIRONMENT --registry-server $CONTAINER_REGISTRY --registry-identity ${{ secrets.WEB_UAMI_RESOURCE_ID }} --user-assigned ${{ secrets.WEB_UAMI_RESOURCE_ID }} --ingress external --target-port 8080
235224
236225name : Assign Managed Identity to Container App and Set Secrets and Environment Variables
237226 uses : azure/CLI@v3
@@ -241,14 +230,11 @@ jobs:
241230 CONTAINER_REGISTRY : ${{ vars.PRODCONTAINER_REGISTRY }}
242231 CONTAINER_APP_ENVIRONMENT : ${{ vars.CONTAINER_APP_ENVIRONMENT }}
243232 KEYVAULTURI : ${{ secrets.ESSENTIALCSHARP_KEYVAULT_URI }}
244- MANAGEDIDENTITYID : ${{ secrets.ESSENTIALCSHARP_APPIDENTITY_ID }}
245- ACR_USERNAME : ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
246- ACR_PASSWORD : ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
247- AZURECLIENTID : ${{ secrets.IDENTITY_CLIENT_ID }}
233+ MANAGEDIDENTITYID : ${{ secrets.WEB_UAMI_RESOURCE_ID }}
234+ AZURECLIENTID : ${{ secrets.WEB_UAMI_CLIENT_ID }}
248235 TRYDOTNET_ORIGIN : ${{ vars.PROD_TRYDOTNET_ORIGIN }}
249236 with :
250237 inlineScript : |
251- az containerapp identity assign -n ${{ vars.CONTAINER_APP_NAME }} -g ${{ vars.RESOURCEGROUP }} --user-assigned ${{ vars.CONTAINER_APP_IDENTITY }}
252238 az containerapp secret set -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --secrets github-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientid,identityref:$MANAGEDIDENTITYID \
253239 github-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-github-clientsecret,identityref:$MANAGEDIDENTITYID msft-clientid=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientid,identityref:$MANAGEDIDENTITYID \
254240 msft-clientsecret=keyvaultref:$KEYVAULTURI/secrets/authentication-microsoft-clientsecret,identityref:$MANAGEDIDENTITYID emailsender-apikey=keyvaultref:$KEYVAULTURI/secrets/authmessagesender-apikey,identityref:$MANAGEDIDENTITYID \
0 commit comments