diff --git a/.github/workflows/auto-assign-issues.yml b/.github/workflows/auto-assign-issues.yml
index 0cb9345..adaa8d6 100644
--- a/.github/workflows/auto-assign-issues.yml
+++ b/.github/workflows/auto-assign-issues.yml
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Auto-assign issue'
- uses: pozil/auto-assign-issue@v1.10.0
+ uses: pozil/auto-assign-issue@v1.11.0
with:
assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft
numOfAssignee: 1
diff --git a/README.md b/README.md
index f39892f..7ff406f 100644
--- a/README.md
+++ b/README.md
@@ -12,10 +12,11 @@ These are the workflow files for helping people get started with GitHub Actions.
### Directory structure
-* [ci](ci): solutions for Continuous Integration workflows.
-* [deployments](deployments): solutions for Deployment workflows.
-* [automation](automation): solutions for automating workflows.
-* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
+* [ci](ci): solutions for Continuous Integration workflows
+* [deployments](deployments): solutions for Deployment workflows
+* [automation](automation): solutions for automating workflows
+* [code-scanning](code-scanning): solutions for [Code Scanning](https://github.com/features/security)
+* [pages](pages): solutions for Pages workflows
* [icons](icons): svg icons for the relevant template
Each workflow must be written in YAML and have a `.yml` extension. They also need a corresponding `.properties.json` file that contains extra metadata about the workflow (this is displayed in the GitHub.com UI).
@@ -40,6 +41,8 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
* monitoring
* Automation
* utilities
+* Pages
+* Hugo
### Variables
These variables can be placed in the starter workflow and will be substituted as detailed below:
diff --git a/ci/ant.yml b/ci/ant.yml
index 1614664..e9dba01 100644
--- a/ci/ant.yml
+++ b/ci/ant.yml
@@ -1,5 +1,5 @@
# This workflow will build a Java project with Ant
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-ant
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-ant
name: Java CI
diff --git a/ci/dotnet.yml b/ci/dotnet.yml
index 7465e23..f11f050 100644
--- a/ci/dotnet.yml
+++ b/ci/dotnet.yml
@@ -1,3 +1,6 @@
+# This workflow will build a .NET project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
+
name: .NET
on:
diff --git a/ci/go.yml b/ci/go.yml
index bb3ec96..4d95674 100644
--- a/ci/go.yml
+++ b/ci/go.yml
@@ -1,3 +1,6 @@
+# This workflow will build a golang project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+
name: Go
on:
diff --git a/ci/gradle.yml b/ci/gradle.yml
index 0c0f12c..2be0b58 100644
--- a/ci/gradle.yml
+++ b/ci/gradle.yml
@@ -3,7 +3,7 @@
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
name: Java CI with Gradle
diff --git a/ci/maven.yml b/ci/maven.yml
index 65e0dff..c553f73 100644
--- a/ci/maven.yml
+++ b/ci/maven.yml
@@ -1,5 +1,10 @@
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
name: Java CI with Maven
@@ -24,3 +29,7 @@ jobs:
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml
+
+ # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+ - name: Update dependency graph
+ uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
diff --git a/ci/node.js.yml b/ci/node.js.yml
index a89108d..f230593 100644
--- a/ci/node.js.yml
+++ b/ci/node.js.yml
@@ -1,5 +1,5 @@
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
name: Node.js CI
diff --git a/ci/npm-publish-github-packages.yml b/ci/npm-publish-github-packages.yml
index 638ccf8..e790f4d 100644
--- a/ci/npm-publish-github-packages.yml
+++ b/ci/npm-publish-github-packages.yml
@@ -1,5 +1,5 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
-# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
name: Node.js Package
diff --git a/ci/npm-publish.yml b/ci/npm-publish.yml
index c461c85..6cdebaf 100644
--- a/ci/npm-publish.yml
+++ b/ci/npm-publish.yml
@@ -1,5 +1,5 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
-# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
name: Node.js Package
diff --git a/ci/properties/jekyll-docker.properties.json b/ci/properties/jekyll-docker.properties.json
index bbe279c..7c66dba 100644
--- a/ci/properties/jekyll-docker.properties.json
+++ b/ci/properties/jekyll-docker.properties.json
@@ -1,5 +1,5 @@
{
- "name": "Jekyll",
+ "name": "Jekyll using Docker image",
"description": "Package a Jekyll site using the jekyll/builder Docker image.",
"iconName": "jekyll",
"categories": ["Continuous integration", "HTML"]
diff --git a/ci/python-app.yml b/ci/python-app.yml
index 4b7fa5f..9945382 100644
--- a/ci/python-app.yml
+++ b/ci/python-app.yml
@@ -1,5 +1,5 @@
# This workflow will install Python dependencies, run tests and lint with a single version of Python
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Python application
diff --git a/ci/python-package.yml b/ci/python-package.yml
index 583a366..de579a3 100644
--- a/ci/python-package.yml
+++ b/ci/python-package.yml
@@ -1,5 +1,5 @@
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Python package
diff --git a/ci/python-publish.yml b/ci/python-publish.yml
index ec70354..bdaab28 100644
--- a/ci/python-publish.yml
+++ b/ci/python-publish.yml
@@ -1,5 +1,5 @@
# This workflow will upload a Python Package using Twine when a release is created
-# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
diff --git a/ci/scala.yml b/ci/scala.yml
index 6f80a22..14ba966 100644
--- a/ci/scala.yml
+++ b/ci/scala.yml
@@ -1,3 +1,8 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
name: Scala CI
on:
@@ -24,3 +29,6 @@ jobs:
cache: 'sbt'
- name: Run tests
run: sbt test
+ # Optional: This step uploads information to the GitHub dependency graph and unblocking Dependabot alerts for the repository
+ - name: Upload dependency graph
+ uses: scalacenter/sbt-dependency-submission@ab086b50c947c9774b70f39fc7f6e20ca2706c91
diff --git a/ci/swift.yml b/ci/swift.yml
index 3668fc0..91276e3 100644
--- a/ci/swift.yml
+++ b/ci/swift.yml
@@ -1,3 +1,6 @@
+# This workflow will build a Swift project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-swift
+
name: Swift
on:
diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml
index a2dfbd2..209e882 100644
--- a/code-scanning/apisec-scan.yml
+++ b/code-scanning/apisec-scan.yml
@@ -46,7 +46,8 @@ permissions:
contents: read
jobs:
- Trigger APIsec scan:
+
+ Trigger_APIsec_scan:
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml
index 00ffcdb..34c5de7 100644
--- a/code-scanning/codeql.yml
+++ b/code-scanning/codeql.yml
@@ -53,7 +53,7 @@ jobs:
# queries: security-extended,security-and-quality
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
diff --git a/code-scanning/ethicalcheck.yml b/code-scanning/ethicalcheck.yml
new file mode 100644
index 0000000..2818bc6
--- /dev/null
+++ b/code-scanning/ethicalcheck.yml
@@ -0,0 +1,69 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# EthicalCheck addresses the critical need to continuously security test APIs in development and in production.
+
+# EthicalCheck provides the industry’s only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list.
+# Developers relies on EthicalCheck to evaluate every update and release, ensuring that no APIs go to production with exploitable vulnerabilities.
+
+# You develop the application and API, we bring complete and continuous security testing to you, accelerating development.
+
+# Know your API and Applications are secure with EthicalCheck – our free & automated API security testing service.
+
+# How EthicalCheck works?
+# EthicalCheck functions in the following simple steps.
+# 1. Security Testing.
+# Provide your OpenAPI specification or start with a public Postman collection URL.
+# EthicalCheck instantly instrospects your API and creates a map of API endpoints for security testing.
+# It then automatically creates hundreds of security tests that are non-intrusive to comprehensively and completely test for authentication, authorizations, and OWASP bugs your API. The tests addresses the OWASP API Security categories including OAuth 2.0, JWT, Rate Limit etc.
+
+# 2. Reporting.
+# EthicalCheck generates security test report that includes all the tested endpoints, coverage graph, exceptions, and vulnerabilities.
+# Vulnerabilities are fully triaged, it contains CVSS score, severity, endpoint information, and OWASP tagging.
+
+
+# This is a starter workflow to help you get started with EthicalCheck Actions
+
+name: EthicalCheck-Workflow
+
+# Controls when the workflow will run
+on:
+ # Triggers the workflow on push or pull request events but only for the $default-branch branch
+ # Customize trigger events based on your DevSecOps processes.
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+permissions:
+ contents: read
+
+jobs:
+ Trigger_EthicalCheck:
+ permissions:
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: EthicalCheck Free & Automated API Security Testing Service
+ uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641
+ with:
+ # The OpenAPI Specification URL or Swagger Path or Public Postman collection URL.
+ oas-url: "http://netbanking.apisec.ai:8080/v2/api-docs"
+ # The email address to which the penetration test report will be sent.
+ email: "xxx@apisec.ai"
+ sarif-result-file: "ethicalcheck-results.sarif"
+
+ - name: Upload sarif file to repository
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: ./ethicalcheck-results.sarif
+
diff --git a/code-scanning/properties/ethicalcheck.properties.json b/code-scanning/properties/ethicalcheck.properties.json
new file mode 100644
index 0000000..8728ca7
--- /dev/null
+++ b/code-scanning/properties/ethicalcheck.properties.json
@@ -0,0 +1,24 @@
+{
+ "name": "EthicalCheck",
+ "creator": "APIsec",
+ "description": "EthicalCheck provides the industry’s only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list.",
+ "iconName": "apisec",
+ "categories": [
+ "Code Scanning",
+ "C",
+ "C#",
+ "C++",
+ "Go",
+ "Java",
+ "JavaScript",
+ "Kotlin",
+ "Objective C",
+ "PHP",
+ "Python",
+ "Ruby",
+ "Rust",
+ "Scala",
+ "Swift",
+ "TypeScript"
+ ]
+}
diff --git a/code-scanning/properties/zscaler-iac-scan.properties.json b/code-scanning/properties/zscaler-iac-scan.properties.json
new file mode 100644
index 0000000..274d17a
--- /dev/null
+++ b/code-scanning/properties/zscaler-iac-scan.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Zscaler IaC Scan",
+ "creator": "Zscaler CWP",
+ "description": "Scan your Infrastructure as Code files using Zscaler Infrastructure as Code (IaC) Scan app",
+ "iconName": "zscaler",
+ "categories": ["Code Scanning"]
+}
\ No newline at end of file
diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml
index 9b58e90..95dfd67 100644
--- a/code-scanning/soos-dast-scan.yml
+++ b/code-scanning/soos-dast-scan.yml
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Run SOOS DAST Scan
- uses: soos-io/soos-dast-github-action@b524e2cfbc4f4a5733153a7e624f569913f6c6e9
+ uses: soos-io/soos-dast-github-action@093de8c09530d4b96f12322adeb74444def866db # Use latest version from https://github.com/marketplace/actions/soos-dast
with:
client_id: ${{ secrets.SOOS_CLIENT_ID }}
api_key: ${{ secrets.SOOS_API_KEY }}
diff --git a/code-scanning/zscaler-iac-scan.yml b/code-scanning/zscaler-iac-scan.yml
new file mode 100644
index 0000000..e880bdf
--- /dev/null
+++ b/code-scanning/zscaler-iac-scan.yml
@@ -0,0 +1,56 @@
+#This workflow uses actions that are not certified by GitHub.
+#They are provided by a third party and are governed by
+#separate terms of service, privacy policy, and support
+#documentation.
+
+#This workflow runs the Zscaler Infrastructure as Code (IaC) Scan app,
+#which detects security misconfigurations in IaC templates and publishes the findings
+#under the code scanning alerts section within the repository.
+
+#Log into the Zscaler Posture Control(ZPC) Portal to begin the onboarding process.
+#Copy the client ID and client secret key generated during the onboarding process and configure.
+#GitHub secrets (ZSCANNER_CLIENT_ID, ZSCANNER_CLIENT_SECRET).
+
+#Refer https://github.com/marketplace/actions/zscaler-iac-scan for additional details on setting up this workflow.
+#Any issues with this workflow, please raise it on https://github.com/ZscalerCWP/Zscaler-IaC-Action/issues for further investigation.
+
+name: Zscaler IaC Scan
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+permissions:
+ contents: read
+
+jobs:
+ zscaler-iac-scan:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ runs-on: ubuntu-latest
+ steps:
+ - name : Code Checkout
+ uses: actions/checkout@v3
+ - name : Zscaler IAC Scan
+ uses : ZscalerCWP/Zscaler-IaC-Action@8d2afb33b10b4bd50e2dc2c932b37c6e70ac1087
+ id : zscaler-iac-scan
+ with:
+ client_id : ${{ secrets.ZSCANNER_CLIENT_ID }}
+ client_secret : ${{ secrets.ZSCANNER_CLIENT_SECRET }}
+ #This is the user region specified during the onboarding process within the ZPC Admin Portal.
+ region : 'US'
+ iac_dir : #Enter the IaC directory path from root.
+ iac_file : #Enter the IaC file path from root.
+ output_format : #(Optional) By default, the output is provided in a human readable format. However, if you require a different format, you can specify it here.
+ #To fail the build based on policy violations identified in the IaC templates, set the input value (fail_build) to true.
+ fail_build : #Enter true/false
+ #Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository.
+ - name: Upload SARIF file
+ if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }}
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }}
diff --git a/deployments/azure-kubernetes-service-helm.yml b/deployments/azure-kubernetes-service-helm.yml
index 83a9163..86582e7 100644
--- a/deployments/azure-kubernetes-service-helm.yml
+++ b/deployments/azure-kubernetes-service-helm.yml
@@ -1,14 +1,16 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
+# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
+# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
-# 1. Set the following secrets in your repository (instructions for getting these
+# 1. Set the following secrets in your repository (instructions for getting these
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux)):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
@@ -34,7 +36,7 @@ name: Build and deploy an app to AKS with Helm
on:
push:
- branches: [ $default-branch ]
+ branches: [$default-branch]
workflow_dispatch:
env:
@@ -42,7 +44,6 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
- IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
CHART_PATH: "your-chart-path"
CHART_OVERRIDE_PATH: "your-chart-override-path"
@@ -53,63 +54,21 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
-
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Builds and pushes an image up to your Azure Container Registry
- - name: Build and push image to ACR
- run: |
- az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- createSecret:
- permissions:
- contents: read
- id-token: write
- runs-on: ubuntu-latest
- steps:
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
-
- # Retrieves the credentials for pulling images from your Azure Container Registry
- - name: Get ACR credentials
- run: |
- az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
- ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
- ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
- echo "::add-mask::${ACR_USERNAME}"
- echo "::set-output name=username::${ACR_USERNAME}"
- echo "::add-mask::${ACR_PASSWORD}"
- echo "::set-output name=password::${ACR_PASSWORD}"
- id: get-acr-creds
-
- # Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- - name: Create K8s secret for pulling image from ACR
- uses: Azure/k8s-create-secret@v1.1
- with:
- container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
- container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
- container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
- secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
+ # Builds and pushes an image up to your Azure Container Registry
+ - name: Build and push image to ACR
+ run: |
+ az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
deploy:
permissions:
@@ -117,45 +76,43 @@ jobs:
contents: read
id-token: write
runs-on: ubuntu-latest
- needs: [buildImage, createSecret]
+ needs: [buildImage]
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
-
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- # Runs Helm to create manifest files
- - name: Bake deployment
- uses: azure/k8s-bake@v2.1
- with:
- renderEngine: 'helm'
- helmChart: ${{ env.CHART_PATH }}
- overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
- overrides: |
- replicas:2
- helm-version: 'latest'
- id: bake
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- # Deploys application based on manifest files from previous step
- - name: Deploy application
- uses: Azure/k8s-deploy@v3.1
- with:
- action: deploy
- manifests: ${{ steps.bake.outputs.manifestsBundle }}
- images: |
- ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
- imagepullsecrets: |
- ${{ env.IMAGE_PULL_SECRET_NAME }}
\ No newline at end of file
+ # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
+ - name: Get K8s context
+ uses: azure/aks-set-context@v3
+ with:
+ resource-group: ${{ env.RESOURCE_GROUP }}
+ cluster-name: ${{ env.CLUSTER_NAME }}
+
+ # Runs Helm to create manifest files
+ - name: Bake deployment
+ uses: azure/k8s-bake@v2
+ with:
+ renderEngine: "helm"
+ helmChart: ${{ env.CHART_PATH }}
+ overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
+ overrides: |
+ replicas:2
+ helm-version: "latest"
+ id: bake
+
+ # Deploys application based on manifest files from previous step
+ - name: Deploy application
+ uses: Azure/k8s-deploy@v4
+ with:
+ action: deploy
+ manifests: ${{ steps.bake.outputs.manifestsBundle }}
+ images: |
+ ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
diff --git a/deployments/azure-kubernetes-service-kompose.yml b/deployments/azure-kubernetes-service-kompose.yml
index 0e76365..a0e6bdd 100644
--- a/deployments/azure-kubernetes-service-kompose.yml
+++ b/deployments/azure-kubernetes-service-kompose.yml
@@ -1,14 +1,16 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
+# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
+# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
-# 1. Set the following secrets in your repository (instructions for getting these
+# 1. Set the following secrets in your repository (instructions for getting these
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
@@ -33,7 +35,7 @@ name: Build and deploy an app to AKS with Kompose
on:
push:
- branches: [ $default-branch ]
+ branches: [$default-branch]
workflow_dispatch:
env:
@@ -41,7 +43,6 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
- IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
DOCKER_COMPOSE_FILE_PATH: "your-docker-compose-file-path"
jobs:
@@ -51,106 +52,62 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
-
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Builds and pushes an image up to your Azure Container Registry
- - name: Build and push image to ACR
- run: |
- az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
-
- createSecret:
- permissions:
- contents: read
- id-token: write
- runs-on: ubuntu-latest
- steps:
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- # Retrieves the credentials for pulling images from your Azure Container Registry
- - name: Get ACR credentials
- run: |
- az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
- ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
- ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
- echo "::add-mask::${ACR_USERNAME}"
- echo "::set-output name=username::${ACR_USERNAME}"
- echo "::add-mask::${ACR_PASSWORD}"
- echo "::set-output name=password::${ACR_PASSWORD}"
- id: get-acr-creds
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+ # Builds and pushes an image up to your Azure Container Registry
+ - name: Build and push image to ACR
+ run: |
+ az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
- # Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- - name: Create K8s secret for pulling image from ACR
- uses: Azure/k8s-create-secret@v1.1
- with:
- container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
- container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
- container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
- secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
-
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
- needs: [buildImage, createSecret]
+ needs: [buildImage]
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
-
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- # Runs Kompose to create manifest files
- - name: Bake deployment
- uses: azure/k8s-bake@v2.1
- with:
- renderEngine: 'kompose'
- dockerComposeFile: ${{ env.DOCKER_COMPOSE_FILE_PATH }}
- kompose-version: 'latest'
- id: bake
+ # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
+ - name: Get K8s context
+ uses: azure/aks-set-context@v3
+ with:
+ resource-group: ${{ env.RESOURCE_GROUP }}
+ cluster-name: ${{ env.CLUSTER_NAME }}
- # Deploys application based on manifest files from previous step
- - name: Deploy application
- uses: Azure/k8s-deploy@v3.1
- with:
- action: deploy
- manifests: ${{ steps.bake.outputs.manifestsBundle }}
- images: |
- ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
- imagepullsecrets: |
- ${{ env.IMAGE_PULL_SECRET_NAME }}
+ # Runs Kompose to create manifest files
+ - name: Bake deployment
+ uses: azure/k8s-bake@v2
+ with:
+ renderEngine: "kompose"
+ dockerComposeFile: ${{ env.DOCKER_COMPOSE_FILE_PATH }}
+ kompose-version: "latest"
+ id: bake
+
+ # Deploys application based on manifest files from previous step
+ - name: Deploy application
+ uses: Azure/k8s-deploy@v4
+ with:
+ action: deploy
+ manifests: ${{ steps.bake.outputs.manifestsBundle }}
+ images: |
+ ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
diff --git a/deployments/azure-kubernetes-service-kustomize.yml b/deployments/azure-kubernetes-service-kustomize.yml
index 1a89f3c..6c87057 100644
--- a/deployments/azure-kubernetes-service-kustomize.yml
+++ b/deployments/azure-kubernetes-service-kustomize.yml
@@ -1,14 +1,16 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
+# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
+# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
-# 1. Set the following secrets in your repository (instructions for getting these
+# 1. Set the following secrets in your repository (instructions for getting these
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
@@ -33,7 +35,7 @@ name: Build and deploy an app to AKS with Kustomize
on:
push:
- branches: [ $default-branch ]
+ branches: [$default-branch]
workflow_dispatch:
env:
@@ -41,7 +43,6 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
- IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
KUSTOMIZE_PATH: "your-kustomize-path"
jobs:
@@ -51,106 +52,62 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Builds and pushes an image up to your Azure Container Registry
- - name: Build and push image to ACR
- run: |
- az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
-
- createSecret:
- permissions:
- contents: read
- id-token: write
- runs-on: ubuntu-latest
- steps:
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
+ # Builds and pushes an image up to your Azure Container Registry
+ - name: Build and push image to ACR
+ run: |
+ az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
- # Retrieves the credentials for pulling images from your Azure Container Registry
- - name: Get ACR credentials
- run: |
- az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
- ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
- ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
- echo "::add-mask::${ACR_USERNAME}"
- echo "::set-output name=username::${ACR_USERNAME}"
- echo "::add-mask::${ACR_PASSWORD}"
- echo "::set-output name=password::${ACR_PASSWORD}"
- id: get-acr-creds
-
- # Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- - name: Create K8s secret for pulling image from ACR
- uses: Azure/k8s-create-secret@v1.1
- with:
- container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
- container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
- container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
- secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
-
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
- needs: [buildImage, createSecret]
+ needs: [buildImage]
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
+ # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
+ - name: Get K8s context
+ uses: azure/aks-set-context@v3
+ with:
+ resource-group: ${{ env.RESOURCE_GROUP }}
+ cluster-name: ${{ env.CLUSTER_NAME }}
- # Runs Kustomize to create manifest files
- - name: Bake deployment
- uses: azure/k8s-bake@v2.1
- with:
- renderEngine: 'kustomize'
- kustomizationPath: ${{ env.KUSTOMIZE_PATH }}
- kubectl-version: latest
- id: bake
+ # Runs Kustomize to create manifest files
+ - name: Bake deployment
+ uses: azure/k8s-bake@v2
+ with:
+ renderEngine: "kustomize"
+ kustomizationPath: ${{ env.KUSTOMIZE_PATH }}
+ kubectl-version: latest
+ id: bake
- # Deploys application based on manifest files from previous step
- - name: Deploy application
- uses: Azure/k8s-deploy@v3.1
- with:
- action: deploy
- manifests: ${{ steps.bake.outputs.manifestsBundle }}
- images: |
- ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
- imagepullsecrets: |
- ${{ env.IMAGE_PULL_SECRET_NAME }}
\ No newline at end of file
+ # Deploys application based on manifest files from previous step
+ - name: Deploy application
+ uses: Azure/k8s-deploy@v4
+ with:
+ action: deploy
+ manifests: ${{ steps.bake.outputs.manifestsBundle }}
+ images: |
+ ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
diff --git a/deployments/azure-kubernetes-service.yml b/deployments/azure-kubernetes-service.yml
index 3e49419..f0b2b38 100644
--- a/deployments/azure-kubernetes-service.yml
+++ b/deployments/azure-kubernetes-service.yml
@@ -1,9 +1,11 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
+# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
+# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
@@ -29,7 +31,7 @@ name: Build and deploy an app to AKS
on:
push:
- branches: [ $default-branch ]
+ branches: [$default-branch]
workflow_dispatch:
env:
@@ -37,8 +39,7 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
- IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
- DEPLOYMENT_MANIFEST_PATH: 'your-deployment-manifest-path'
+ DEPLOYMENT_MANIFEST_PATH: "your-deployment-manifest-path"
jobs:
buildImage:
@@ -47,63 +48,21 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
-
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Builds and pushes an image up to your Azure Container Registry
- - name: Build and push image to ACR
- run: |
- az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- createSecret:
- permissions:
- contents: read
- id-token: write
- runs-on: ubuntu-latest
- steps:
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- # Retrieves the credentials for pulling images from your Azure Container Registry
- - name: Get ACR credentials
- run: |
- az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
- ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
- ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
- echo "::add-mask::${ACR_USERNAME}"
- echo "::set-output name=username::${ACR_USERNAME}"
- echo "::add-mask::${ACR_PASSWORD}"
- echo "::set-output name=password::${ACR_PASSWORD}"
- id: get-acr-creds
-
- # Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- - name: Create K8s secret for pulling image from ACR
- uses: Azure/k8s-create-secret@v1.1
- with:
- container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
- container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
- container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
- secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
+ # Builds and pushes an image up to your Azure Container Registry
+ - name: Build and push image to ACR
+ run: |
+ az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
deploy:
permissions:
@@ -111,33 +70,31 @@ jobs:
contents: read
id-token: write
runs-on: ubuntu-latest
- needs: [buildImage, createSecret]
+ needs: [buildImage]
steps:
- # Checks out the repository this file is in
- - uses: actions/checkout@v3
-
- # Logs in with your Azure credentials
- - name: Azure login
- uses: azure/login@v1.4.3
- with:
- client-id: ${{ secrets.AZURE_CLIENT_ID }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
- # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- - name: Get K8s context
- uses: azure/aks-set-context@v2.0
- with:
- resource-group: ${{ env.RESOURCE_GROUP }}
- cluster-name: ${{ env.CLUSTER_NAME }}
+ # Checks out the repository this file is in
+ - uses: actions/checkout@v3
- # Deploys application based on given manifest file
- - name: Deploys application
- uses: Azure/k8s-deploy@v3.1
- with:
- action: deploy
- manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
- images: |
- ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
- imagepullsecrets: |
- ${{ env.IMAGE_PULL_SECRET_NAME }}
\ No newline at end of file
+ # Logs in with your Azure credentials
+ - name: Azure login
+ uses: azure/login@v1.4.6
+ with:
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+ # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
+ - name: Get K8s context
+ uses: azure/aks-set-context@v3
+ with:
+ resource-group: ${{ env.RESOURCE_GROUP }}
+ cluster-name: ${{ env.CLUSTER_NAME }}
+
+ # Deploys application based on given manifest file
+ - name: Deploys application
+ uses: Azure/k8s-deploy@v4
+ with:
+ action: deploy
+ manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
+ images: |
+ ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
diff --git a/icons/astro.svg b/icons/astro.svg
new file mode 100644
index 0000000..ff9dd54
--- /dev/null
+++ b/icons/astro.svg
@@ -0,0 +1,20 @@
+
diff --git a/icons/zscaler.svg b/icons/zscaler.svg
new file mode 100644
index 0000000..3897442
--- /dev/null
+++ b/icons/zscaler.svg
@@ -0,0 +1,3 @@
+
diff --git a/pages/astro.yml b/pages/astro.yml
new file mode 100644
index 0000000..1d4ec5f
--- /dev/null
+++ b/pages/astro.yml
@@ -0,0 +1,76 @@
+# Sample workflow for building and deploying an Astro site to GitHub Pages
+#
+# To get started with Astro see: https://docs.astro.build/en/getting-started/
+#
+name: Deploy Astro site to Pages
+
+on:
+ # Runs on pushes targeting the default branch
+ push:
+ branches: [$default-branch]
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+ contents: read
+ pages: write
+ id-token: write
+
+# Allow one concurrent deployment
+concurrency:
+ group: "pages"
+ cancel-in-progress: true
+
+env:
+ BUILD_PATH: "." # default value when not using subfolders
+ # BUILD_PATH: subfolder
+
+jobs:
+ build:
+ name: Build
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Detect package manager
+ id: detect-package-manager
+ run: |
+ if [ -f "${{ github.workspace }}/yarn.lock" ]; then
+ echo "::set-output name=manager::yarn"
+ echo "::set-output name=command::install"
+ echo "::set-output name=runner::yarn"
+ exit 0
+ elif [ -f "${{ github.workspace }}/package.json" ]; then
+ echo "::set-output name=manager::npm"
+ echo "::set-output name=command::ci"
+ echo "::set-output name=runner::npx --no-install"
+ exit 0
+ else
+ echo "Unable to determine packager manager"
+ exit 1
+ fi
+ - name: Setup Node
+ uses: actions/setup-node@v3
+ with:
+ node-version: "16"
+ cache: ${{ steps.detect-package-manager.outputs.manager }}
+ cache-dependency-path: ${{ env.BUILD_PATH }}/package-lock.json
+ - run: npm install && npm run build
+ working-directory: ${{ env.BUILD_PATH }}
+ - uses: actions/upload-pages-artifact@v1
+ with:
+ path: ${{ env.BUILD_PATH }}/dist
+
+ deploy:
+ environment:
+ name: github-pages
+ url: ${{ steps.deployment.outputs.page_url }}
+ needs: build
+ runs-on: ubuntu-latest
+ name: Deploy
+ steps:
+ - name: Deploy to GitHub Pages
+ id: deployment
+ uses: actions/deploy-pages@v1
diff --git a/pages/properties/astro.properties.json b/pages/properties/astro.properties.json
new file mode 100644
index 0000000..bc7db05
--- /dev/null
+++ b/pages/properties/astro.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Astro",
+ "description": "Deploy an Astro site.",
+ "iconName": "astro",
+ "categories": ["Pages", "Astro"]
+}
diff --git a/script/validate-data/settings.json b/script/validate-data/settings.json
index 852f575..23c4790 100644
--- a/script/validate-data/settings.json
+++ b/script/validate-data/settings.json
@@ -3,7 +3,8 @@
"../../ci",
"../../automation",
"../../deployments",
- "../../code-scanning"
+ "../../code-scanning",
+ "../../pages"
],
"allowed_categories": [
{
@@ -21,6 +22,10 @@
{
"path": "../../code-scanning",
"categories": ["Code Scanning", "Dependency review"]
+ },
+ {
+ "path": "../../pages",
+ "categories": ["Pages"]
}
]
}