Merge pull request #70 from githubabcs-devops/dependabot/github_actio… #79
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD for Azure Web App | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| attestations: write | |
| id-token: write | |
| contents: write | |
| packages: write | |
| security-events: write | |
| env: | |
| AZURE_WEBAPP_NAME: app-gh-aspnet-webapp-01 # set this to your application's name | |
| SRC_PROJECT_PATH: '/webapp01/webapp01.csproj' | |
| AZURE_WEBAPP_PACKAGE_PATH: './src' # set this to the path to your web app project, defaults to the repository root | |
| DOTNET_VERSION: '9.0.x' # set this to the dot net version to use | |
| jobs: | |
| cicd: | |
| name: Build and Deploy to Azure Web App | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the repo | |
| - uses: actions/checkout@v4 | |
| # Setup .NET Core SDK | |
| - name: Setup .NET Core | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| # Run dotnet build and publish | |
| - name: dotnet build and publish | |
| run: | | |
| dotnet restore ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }} | |
| dotnet build --configuration Release ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }} | |
| dotnet publish -c Release --property:PublishDir='bin/publish' ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }} | |
| - name: Azure Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Deploy to Azure Web apps | |
| - name: 'Run Azure webapp deploy action using publish profile credentials' | |
| if: false # This disables the action | |
| uses: azure/webapps-deploy@v3 | |
| with: | |
| app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name | |
| package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/webapp01/bin/publish' | |
| - uses: azure/docker-login@v2 | |
| with: | |
| login-server: crdevsecopscldev.azurecr.io | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - run: | | |
| docker build ./src/webapp01 --file ./src/webapp01/Dockerfile -t crdevsecopscldev.azurecr.io/webapp01:${{ github.sha }} | |
| docker push crdevsecopscldev.azurecr.io/webapp01:${{ github.sha }} | |
| - name: Azure Web Apps Deploy | |
| uses: azure/webapps-deploy@v3 | |
| with: | |
| app-name: ${{ env.AZURE_WEBAPP_NAME }} | |
| images: 'crdevsecopscldev.azurecr.io/webapp01:${{ github.sha }}' | |
| - name: logout | |
| run: | | |
| az logout | |
| # https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3 | |
| container-build-publish: | |
| name: Build and Publish Container Image | |
| needs: [] | |
| uses: githubabcs-devops/devsecops-reusable-workflows/.github/workflows/container.yml@main | |
| with: | |
| # This is used for tagging the container image | |
| version: v1.0.0 | |
| container-file: ./src/webapp01/Dockerfile | |
| container-context: ./src/webapp01 | |
| container-name: "${{ github.repository }}/webapp01" |