1111 REGION : ${{ vars.REGION }}
1212 IMAGE_TAG : ${{ github.sha }}
1313 NODE_VERSION : ${{ vars.NODE_VERSION }}
14- IMAGE_LIST : ${{ vars.NODE_IMAGE }}
14+ ACR_LOGIN_SERVER : ${{ vars.ACR_LOGIN_SERVER }}
15+ ECR_REPOSITORY : ifsp-extensao-api-module-prod
1516
1617jobs :
1718 build-deploy :
1819 name : " Build and Deploy"
1920 runs-on : ubuntu-latest
20- timeout-minutes : 20
21+ timeout-minutes : 15
2122 steps :
2223 - name : Checkout
2324 uses : actions/checkout@v4
2425 with :
2526 persist-credentials : false
2627
27- - name : Set credentials
28- run : |
29- echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV
30- echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV
31- echo "ENVIRONMENT_CREDENTIALS=prod" >> $GITHUB_ENV
32-
33- - name : Configure AWS credentials
34- uses : aws-actions/configure-aws-credentials@v1
28+ - name : Azure Login
29+ uses : azure/login@v1
3530 with :
36- aws-access-key-id : ${{ env.AWS_ACCESS_KEY_ID }}
37- aws-secret-access-key : ${{ env.AWS_SECRET_ACCESS_KEY }}
38- aws-region : ${{ env.REGION }}
31+ creds : ${{ secrets.AZURE_CREDENTIALS }}
3932
4033 - name : Setup Terraform
4134 uses : hashicorp/setup-terraform@v2
@@ -45,87 +38,83 @@ jobs:
4538 - name : Terraform Init
4639 working-directory : ./tf
4740 run : terraform init
41+ env :
42+ ARM_CLIENT_ID : ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
43+ ARM_CLIENT_SECRET : ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
44+ ARM_SUBSCRIPTION_ID : ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
45+ ARM_TENANT_ID : ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
4846
4947 - name : Terraform Apply
5048 working-directory : ./tf
5149 run : |
5250 terraform apply -auto-approve
53- echo "EC2_HOST=$(terraform output -raw server_public_ip)" >> $GITHUB_ENV
51+ echo "VM_HOST=$(terraform output -raw server_public_ip)" >> $GITHUB_ENV
52+ echo "ACR_LOGIN_SERVER=$(terraform output -raw acr_login_server)" >> $GITHUB_ENV
5453 env :
55- TF_VAR_key_name : ${{ vars.EC2_KEY_NAME }}
54+ ARM_CLIENT_ID : ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
55+ ARM_CLIENT_SECRET : ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
56+ ARM_SUBSCRIPTION_ID : ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
57+ ARM_TENANT_ID : ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
58+ TF_VAR_ssh_public_key : ${{ secrets.VM_SSH_PUBLIC_KEY }}
5659 TF_VAR_project_name : ${{ env.PROJECT_NAME }}
5760 TF_VAR_region : ${{ env.REGION }}
5861 TF_VAR_env : " prod"
5962
60- - name : Login to Amazon ECR
61- id : login-ecr
62- uses : aws-actions/amazon-ecr-login@v1.5.3
63-
64- - name : Pull image
65- id : pull-ecr
66- run : |
67- for IMAGE in $IMAGE_LIST; do
68- echo "Pulling image: $IMAGE"
69- docker pull "${{ steps.login-ecr.outputs.registry }}/$IMAGE"
70- docker tag "${{ steps.login-ecr.outputs.registry }}/$IMAGE" "$IMAGE"
71- done
63+ - name : Load .env from GitHub Secrets
64+ run : echo "${{ secrets.APP_ENV_FILE }}" > .env
7265
73- - name : Load .env From Secrets Manager
66+ - name : Login to ACR
7467 run : |
75- secret_data=$(aws secretsmanager get-secret-value --secret-id prod/ifsp-extensao-api --output json | jq -r '.SecretString')
76- echo "$secret_data" | jq -r 'to_entries[] | "\(.key)=\(.value)"' >> .env
68+ az acr login --name ${{ env.ACR_LOGIN_SERVER }}
7769
78- - name : Build, tag, and push image to Amazon ECR
70+ - name : Build, tag, and push image to ACR
7971 id : build-image
80- env :
81- ECR_REGISTRY : ${{ steps.login-ecr.outputs.registry }}
82- ECR_REPOSITORY : ifsp-extensao-api-module-prod
83- IMAGE_TAG : ${{ github.sha }}
8472 run : |
85- docker build -t $ECR_REGISTRY /$ECR_REPOSITORY:$IMAGE_TAG \
73+ docker build -t $ACR_LOGIN_SERVER /$ECR_REPOSITORY:$IMAGE_TAG \
8674 -f Dockerfile \
8775 --build-arg NODE_VERSION="${{ env.NODE_VERSION }}" \
8876 --no-cache=true .
8977
90- docker push $ECR_REGISTRY /$ECR_REPOSITORY:$IMAGE_TAG
91- echo "image=$ECR_REGISTRY /$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
78+ docker push $ACR_LOGIN_SERVER /$ECR_REPOSITORY:$IMAGE_TAG
79+ echo "image=$ACR_LOGIN_SERVER /$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
9280
93- - name : Copy .env to EC2
81+ - name : Copy .env to VM
9482 uses : appleboy/scp-action@master
9583 with :
96- host : ${{ env.EC2_HOST }}
97- username : ec2-user
98- key : ${{ secrets.EC2_SSH_KEY }}
84+ host : ${{ env.VM_HOST }}
85+ username : azureuser
86+ key : ${{ secrets.VM_SSH_KEY }}
9987 source : " .env"
100- target : " /home/ec2-user/app"
101- debug : true
88+ target : " /home/azureuser/app"
10289
103- - name : Deploy to EC2 via SSH
90+ - name : Deploy to Azure VM via SSH
10491 uses : appleboy/ssh-action@master
10592 env :
106- ECR_REGISTRY : ${{ steps.login-ecr.outputs.registry }}
93+ ACR_LOGIN_SERVER : ${{ env.ACR_LOGIN_SERVER }}
10794 ECR_REPOSITORY : ifsp-extensao-api-module-prod
10895 IMAGE_TAG : ${{ github.sha }}
10996 CONTAINER_NAME : api-ifsp
11097 with :
111- host : ${{ env.EC2_HOST }}
112- username : ec2-user
113- key : ${{ secrets.EC2_SSH_KEY }}
114- envs : ECR_REGISTRY ,ECR_REPOSITORY,IMAGE_TAG,CONTAINER_NAME
98+ host : ${{ env.VM_HOST }}
99+ username : azureuser
100+ key : ${{ secrets.VM_SSH_KEY }}
101+ envs : ACR_LOGIN_SERVER ,ECR_REPOSITORY,IMAGE_TAG,CONTAINER_NAME
115102 script_stop : true
116103 script : |
117- aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR_REGISTRY
104+ # VM uses Managed Identity — login to ACR without stored credentials
105+ az login --identity
106+ az acr login --name $ACR_LOGIN_SERVER
118107
119- docker pull $ECR_REGISTRY /$ECR_REPOSITORY:$IMAGE_TAG
108+ docker pull $ACR_LOGIN_SERVER /$ECR_REPOSITORY:$IMAGE_TAG
120109
121110 docker stop $CONTAINER_NAME || true
122111 docker rm $CONTAINER_NAME || true
123112
124113 docker run -d \
125114 --name $CONTAINER_NAME \
126115 --restart unless-stopped \
127- --env-file /home/ec2-user /app/.env \
116+ --env-file /home/azureuser /app/.env \
128117 -p 80:8000 \
129- $ECR_REGISTRY /$ECR_REPOSITORY:$IMAGE_TAG
118+ $ACR_LOGIN_SERVER /$ECR_REPOSITORY:$IMAGE_TAG
130119
131120 docker system prune -f
0 commit comments