This message was deleted.
# generals
sparse-intern-71089
02/09/2024, 3:33 PMThis message was deleted.
a
adventurous-butcher-54166
02/13/2024, 4:40 PMAnd what exactly isn't working in this setup for you? How does your GHA workflow look like?
Assuming that you're not seeing your app service pick up newly built containers:
• Please note that App Service doesn't automatically pull & redeploy the newest manifest for a given container tag, unless you restart the app service, which of course isn't optimal. For that you have two options:
◦ Use the Azure/webapps-deploy action to trigger an update. Recommend going with the az login with a service principal example instead of using a publish-profile.
◦ Container Registry webhooks – which I would advise against (IMO deployments should happen within the CI/CD workflow where you see the deployment failing)
And some feedback on the example you provided:
• Disable registry admin credentials
◦
admin_user_enabled=Falseidentity=web.ManagedServiceIdentityArgs(type=web.ManagedServiceIdentityType.SYSTEM_ASSIGNED),acr_use_managed_identity_creds=Trueghlatestaz webapp deployment slot swap -s slot_name -n app_name -g resource_groupg
gray-fall-86820
02/13/2024, 4:52 PMThank you very much for the suggestions and sharing the best practices, I will consider them. The idea behind sharing this was to start from somewhere as an example rather than just a generic question.
Here is an example of workflow;
Is there anyway that I can execute this workflow after creating the resources via Pulumi but then the problem is I need to pass the right credentials and name of the azure resources before executing it.
Maybe I am doing it all wrong?
Copy code
name: Build and deploy - Test
on:
push:
paths-ignore:
- '**/README.md'
- '**/.github/workflows/**.yml'
branches:
- develop
workflow_dispatch:
jobs:
lint:
runs-on: ubuntu-latest
environment: Testing
steps:
- uses: actions/checkout@v2
- uses: psf/black@stable
deploy:
runs-on: ubuntu-latest
environment: Testing
steps:
- uses: actions/checkout@v2
- uses: azure/docker-login@v1
with:
login-server: ${{ secrets.ACR_DEV_SERVER }}
username: ${{ secrets.ACR_DEV_USERNAME }}
password: ${{ secrets.ACR_DEV_PASSWORD }}
- run: |
docker build -t ${{ secrets.ACR_DEV_SERVER }}/repo-name:${{ github.sha }} .
docker push ${{ secrets.ACR_DEV_SERVER }}/repo-name:${{ github.sha }}
- uses: azure/webapps-deploy@v2
with:
app-name: 'App Name'
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
images: '${{ secrets.ACR_DEV_SERVER}}/repo-name:${{ github.sha }}'gray-fall-86820
02/13/2024, 5:42 PMThink of it as
Using Pulumi for the first time to spin up new resources and then using some github repo and associated workflows to update the data in those resources automatically
Imagine I want to create a storage account and then want to put some data say ‘stable-data’ in that resource
Currently, they way I see it is like this;
• Create a Pulumi script
• Execute it and create the relevant resource in Azure
• Get the credentials information of the resource
• Use those as secrets and variables in a github workflow file [manually]
• Execution the workflow as usual manual or automated in Github e.g when a PR is merged it is executed
Is it possible to automate the whole flow described above even the manual part via Pulumi
a
adventurous-butcher-54166
02/13/2024, 6:00 PMSure, you could automate all of that in a single workflow...
For doing Pulumi deployments from within GHA you can use the pulumi-cli-action
• You'll need to create a Pulumi access token if you want to use Pulumi cloud to store the state
• Set
work-dircommand: up | previewid: pulumiregistry_endpoint${{ steps.pulumi.outputs.registry_endpoint }}"g
gray-fall-86820
02/13/2024, 8:56 PMThanks alot I will try and get back to you when required
6 Views