Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: deploy Azure Web App with GitHub Actions #2111

Merged
merged 2 commits into from
May 21, 2024
Merged

CI: deploy Azure Web App with GitHub Actions #2111

merged 2 commits into from
May 21, 2024

Conversation

thekaveman
Copy link
Member

@thekaveman thekaveman commented May 21, 2024
edited
Loading

Closes #1880

This PR replaces usage of GitHub webhooks for the package.publish event that trigger the Azure Web App image pull + restart, with the azure/webapps-deploy action step. Using this actions step, we can target the specific Web App (e.g. dev, test, or prod) that needs to be deployed/restarted, and avoid the current situation where the package.publish event triggers a restart in all 3 environments, regardless of which branch/environment was deployed.

Use of a Publish Profile avoids needing a Microsoft Entra ID generated Service Principle.

Following the outline on Deploy a custom container to App Service using GitHub Actions.

Post-merge follow-up

dev

  • Delete the webhook

test

  • Turn off webhook deploys (e.g. the Container Registry option) in the Azure App Service "Deployment Center"; instead choose the GitHub Actions option
  • Fill in details for GitHub Actions deploy; don't generate a workflow file, we'll use the existing one
  • Create an environment variable AZURE_WEBAPP_NAME to hold the name of the Azure App Service, AS-CDT-PUB-VIP-CALITP-T-001
  • Create an environment secret AZURE_WEBAPP_PUBLISH_PROFILE to hold the contents of the Publish Profile for this App Service
  • Delete the webhook

prod

  • Turn off webhook deploys (e.g. the Container Registry option) in the Azure App Service "Deployment Center"; instead choose the GitHub Actions option
  • Fill in details for GitHub Actions deploy; don't generate a workflow file, we'll use the existing one
  • Create an environment variable AZURE_WEBAPP_NAME to hold the name of the Azure App Service, AS-CDT-PUB-VIP-CALITP-P-001
  • Create an environment secret AZURE_WEBAPP_PUBLISH_PROFILE to hold the contents of the Publish Profile for this App Service
  • Delete the webhook

@github-actions github-actions bot added the actions Related to GitHub Actions workflows label May 21, 2024
@thekaveman
chore(ci): only tag Docker image with SHA
223fd4f 
we're moving away from using the branch-based tags and
associated webhooks, so we won't need this image tag
@thekaveman
ci(deploy): azure/webapps-deploy deploys new image
98fc86a 
replaces the old webhooks-based deployment
@github-actions GitHub Actions
Copy link

Coverage report

This PR does not seem to contain any modification to coverable code.

@thekaveman thekaveman added the infrastructure Terraform, Azure, etc. label May 21, 2024
@thekaveman thekaveman self-assigned this May 21, 2024
@thekaveman thekaveman marked this pull request as ready for review May 21, 2024 12:11
@thekaveman thekaveman requested a review from a team as a code owner May 21, 2024 12:11
@thekaveman thekaveman mentioned this pull request May 21, 2024
Closed
angela-tran
angela-tran approved these changes May 21, 2024
View reviewed changes
Copy link
Member

@angela-tran angela-tran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me!

@thekaveman
Copy link
Member Author

OK! I'm going to merge and see if this works... 🤞

If it all looks good, I'll continue with the checklist above.

@thekaveman thekaveman merged commit 7f1878f into dev May 21, 2024
9 checks passed
@thekaveman thekaveman deleted the ci/actions-deploy branch May 21, 2024 20:42
@thekaveman
Copy link
Member Author

Confirming the deploy to dev

  • Deploy logs are showing the new image was pulled and started: 
    2024-05-21T20:46:29.2622198Z Pulling image: ghcr.io/cal-itp/benefits:7f1878fa64d5d7c858377ca3a9d47427f15afadf.
2024-05-21T20:47:06.4473622Z Container is starting.
...
2024-05-21T20:48:59.5692141Z [2024-05-21 20:48:59 +0000] [26] [INFO] Starting gunicorn 22.0.0
2024-05-21T20:48:59.5693623Z [2024-05-21 20:48:59 +0000] [26] [INFO] Listening at: unix:/home/calitp/run/gunicorn.sock (26)
2024-05-21T20:48:59.5693854Z [2024-05-21 20:48:59 +0000] [26] [INFO] Using worker: sync
2024-05-21T20:48:59.5916011Z [2024-05-21 20:48:59 +0000] [29] [INFO] Booting worker with pid: 29
2024-05-21T20:48:59.6797351Z [2024-05-21 20:48:59 +0000] [30] [INFO] Booting worker with pid: 30
2024-05-21T20:48:59.7494349Z [2024-05-21 20:48:59 +0000] [31] [INFO] Booting worker with pid: 31
  • We see the correct SHA at https://dev-benefits.calitp.org/static/sha.txt: 7f1878f

Confirming no impact to test

  • Logs for this timeframe show no container restarts, healthcheck and health probe continue to succeed 
    2024-05-21T20:45:54.902629991Z [21/May/2024:13:45:54 -0700] "HEAD / HTTP/1.1" 200 0 "-" "Edge Health Probe" "147.243.25.198:50488"
2024-05-21T20:46:49.922762006Z [21/May/2024:13:46:49 -0700] "HEAD / HTTP/1.1" 200 0 "-" "Edge Health Probe" "147.243.230.44:57134"
2024-05-21T20:47:06.000640085Z [21/May/2024:13:47:05 -0700] "GET /healthcheck HTTP/1.1" 200 17 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; AppInsights)" "13.86.97.224, 147.243.204.134:43628"
2024-05-21T20:48:00.342104697Z [21/May/2024:13:48:00 -0700] "HEAD / HTTP/1.1" 200 0 "-" "Edge Health Probe" "147.243.224.182:40068"
2024-05-21T20:48:30.584836076Z [21/May/2024:13:48:30 -0700] "GET /healthcheck HTTP/1.1" 200 17 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; AppInsights)" "20.42.35.32, 147.243.252.144:46248"
2024-05-21T20:51:14.233590530Z [21/May/2024:13:51:14 -0700] "GET /healthcheck HTTP/1.1" 200 17 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; AppInsights)" "20.45.5.160, 147.243.204.149:53230"

Confirming no impact to prod

  • Logs for this timeframe show no container restarts, healthcheck and health probe continue to succeed
2024-05-21T20:45:46.103961570Z [21/May/2024:13:45:46 -0700] "GET / HTTP/1.1" 200 17 "-" "AlwaysOn" "127.0.0.1:11448"
2024-05-21T20:46:10.947670571Z [21/May/2024:13:46:10 -0700] "HEAD / HTTP/1.1" 200 0 "-" "Edge Health Probe" "147.243.127.175:38748"
2024-05-21T20:47:46.198897113Z [21/May/2024:13:47:46 -0700] "GET /healthcheck HTTP/1.1" 200 17 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; AppInsights)" "20.45.5.160, 147.243.190.50:34194"
2024-05-21T20:49:49.984111374Z [21/May/2024:13:49:49 -0700] "GET /healthcheck HTTP/1.1" 200 17 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; AppInsights)" "40.91.82.48, 147.243.154.169:36256"
2024-05-21T20:50:43.495905542Z [21/May/2024:13:50:43 -0700] "GET /healthcheck HTTP/1.1" 200 17 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; AppInsights)" "23.100.224.16, 147.243.246.17:42214"
2024-05-21T20:51:17.678106829Z [21/May/2024:13:51:17 -0700] "HEAD / HTTP/1.1" 200 0 "-" "Edge Health Probe" "147.243.163.102:40883"

@thekaveman thekaveman mentioned this pull request May 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@angela-tran angela-tran angela-tran approved these changes

Assignees

@thekaveman thekaveman

Labels
actions Related to GitHub Actions workflows infrastructure Terraform, Azure, etc.
Projects
None yet
Milestone
Single deployment restarts a single e...
Development

Successfully merging this pull request may close these issues.

Merging into one branch causes all environments to restart
2 participants
@thekaveman @angela-tran