Skip to content

Commit ceac600

Browse files
authored
Merge pull request #11 from ifsp-projects/refactor/migrate-deploy-from-aws-to-azure
Refactor/migrate deploy from aws to azure
2 parents 8560bb4 + 187c27c commit ceac600

4 files changed

Lines changed: 204 additions & 187 deletions

File tree

.github/workflows/cd.yml

Lines changed: 43 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -11,31 +11,24 @@ env:
1111
REGION: ${{ vars.REGION }}
1212
IMAGE_TAG: ${{ github.sha }}
1313
NODE_VERSION: ${{ vars.NODE_VERSION }}
14-
IMAGE_LIST: ${{ vars.NODE_IMAGE }}
14+
ACR_LOGIN_SERVER: ${{ vars.ACR_LOGIN_SERVER }}
15+
ECR_REPOSITORY: ifsp-extensao-api-module-prod
1516

1617
jobs:
1718
build-deploy:
1819
name: "Build and Deploy"
1920
runs-on: ubuntu-latest
20-
timeout-minutes: 20
21+
timeout-minutes: 15
2122
steps:
2223
- name: Checkout
2324
uses: actions/checkout@v4
2425
with:
2526
persist-credentials: false
2627

27-
- name: Set credentials
28-
run: |
29-
echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV
30-
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV
31-
echo "ENVIRONMENT_CREDENTIALS=prod" >> $GITHUB_ENV
32-
33-
- name: Configure AWS credentials
34-
uses: aws-actions/configure-aws-credentials@v1
28+
- name: Azure Login
29+
uses: azure/login@v1
3530
with:
36-
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
37-
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
38-
aws-region: ${{ env.REGION }}
31+
creds: ${{ secrets.AZURE_CREDENTIALS }}
3932

4033
- name: Setup Terraform
4134
uses: hashicorp/setup-terraform@v2
@@ -45,87 +38,83 @@ jobs:
4538
- name: Terraform Init
4639
working-directory: ./tf
4740
run: terraform init
41+
env:
42+
ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
43+
ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
44+
ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
45+
ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
4846

4947
- name: Terraform Apply
5048
working-directory: ./tf
5149
run: |
5250
terraform apply -auto-approve
53-
echo "EC2_HOST=$(terraform output -raw server_public_ip)" >> $GITHUB_ENV
51+
echo "VM_HOST=$(terraform output -raw server_public_ip)" >> $GITHUB_ENV
52+
echo "ACR_LOGIN_SERVER=$(terraform output -raw acr_login_server)" >> $GITHUB_ENV
5453
env:
55-
TF_VAR_key_name: ${{ vars.EC2_KEY_NAME }}
54+
ARM_CLIENT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientId }}
55+
ARM_CLIENT_SECRET: ${{ fromJson(secrets.AZURE_CREDENTIALS).clientSecret }}
56+
ARM_SUBSCRIPTION_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).subscriptionId }}
57+
ARM_TENANT_ID: ${{ fromJson(secrets.AZURE_CREDENTIALS).tenantId }}
58+
TF_VAR_ssh_public_key: ${{ secrets.VM_SSH_PUBLIC_KEY }}
5659
TF_VAR_project_name: ${{ env.PROJECT_NAME }}
5760
TF_VAR_region: ${{ env.REGION }}
5861
TF_VAR_env: "prod"
5962

60-
- name: Login to Amazon ECR
61-
id: login-ecr
62-
uses: aws-actions/amazon-ecr-login@v1.5.3
63-
64-
- name: Pull image
65-
id: pull-ecr
66-
run: |
67-
for IMAGE in $IMAGE_LIST; do
68-
echo "Pulling image: $IMAGE"
69-
docker pull "${{ steps.login-ecr.outputs.registry }}/$IMAGE"
70-
docker tag "${{ steps.login-ecr.outputs.registry }}/$IMAGE" "$IMAGE"
71-
done
63+
- name: Load .env from GitHub Secrets
64+
run: echo "${{ secrets.APP_ENV_FILE }}" > .env
7265

73-
- name: Load .env From Secrets Manager
66+
- name: Login to ACR
7467
run: |
75-
secret_data=$(aws secretsmanager get-secret-value --secret-id prod/ifsp-extensao-api --output json | jq -r '.SecretString')
76-
echo "$secret_data" | jq -r 'to_entries[] | "\(.key)=\(.value)"' >> .env
68+
az acr login --name ${{ env.ACR_LOGIN_SERVER }}
7769
78-
- name: Build, tag, and push image to Amazon ECR
70+
- name: Build, tag, and push image to ACR
7971
id: build-image
80-
env:
81-
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
82-
ECR_REPOSITORY: ifsp-extensao-api-module-prod
83-
IMAGE_TAG: ${{ github.sha }}
8472
run: |
85-
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
73+
docker build -t $ACR_LOGIN_SERVER/$ECR_REPOSITORY:$IMAGE_TAG \
8674
-f Dockerfile \
8775
--build-arg NODE_VERSION="${{ env.NODE_VERSION }}" \
8876
--no-cache=true .
8977
90-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
91-
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
78+
docker push $ACR_LOGIN_SERVER/$ECR_REPOSITORY:$IMAGE_TAG
79+
echo "image=$ACR_LOGIN_SERVER/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
9280
93-
- name: Copy .env to EC2
81+
- name: Copy .env to VM
9482
uses: appleboy/scp-action@master
9583
with:
96-
host: ${{ env.EC2_HOST }}
97-
username: ec2-user
98-
key: ${{ secrets.EC2_SSH_KEY }}
84+
host: ${{ env.VM_HOST }}
85+
username: azureuser
86+
key: ${{ secrets.VM_SSH_KEY }}
9987
source: ".env"
100-
target: "/home/ec2-user/app"
101-
debug: true
88+
target: "/home/azureuser/app"
10289

103-
- name: Deploy to EC2 via SSH
90+
- name: Deploy to Azure VM via SSH
10491
uses: appleboy/ssh-action@master
10592
env:
106-
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
93+
ACR_LOGIN_SERVER: ${{ env.ACR_LOGIN_SERVER }}
10794
ECR_REPOSITORY: ifsp-extensao-api-module-prod
10895
IMAGE_TAG: ${{ github.sha }}
10996
CONTAINER_NAME: api-ifsp
11097
with:
111-
host: ${{ env.EC2_HOST }}
112-
username: ec2-user
113-
key: ${{ secrets.EC2_SSH_KEY }}
114-
envs: ECR_REGISTRY,ECR_REPOSITORY,IMAGE_TAG,CONTAINER_NAME
98+
host: ${{ env.VM_HOST }}
99+
username: azureuser
100+
key: ${{ secrets.VM_SSH_KEY }}
101+
envs: ACR_LOGIN_SERVER,ECR_REPOSITORY,IMAGE_TAG,CONTAINER_NAME
115102
script_stop: true
116103
script: |
117-
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR_REGISTRY
104+
# VM uses Managed Identity — login to ACR without stored credentials
105+
az login --identity
106+
az acr login --name $ACR_LOGIN_SERVER
118107
119-
docker pull $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
108+
docker pull $ACR_LOGIN_SERVER/$ECR_REPOSITORY:$IMAGE_TAG
120109
121110
docker stop $CONTAINER_NAME || true
122111
docker rm $CONTAINER_NAME || true
123112
124113
docker run -d \
125114
--name $CONTAINER_NAME \
126115
--restart unless-stopped \
127-
--env-file /home/ec2-user/app/.env \
116+
--env-file /home/azureuser/app/.env \
128117
-p 80:8000 \
129-
$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
118+
$ACR_LOGIN_SERVER/$ECR_REPOSITORY:$IMAGE_TAG
130119
131120
docker system prune -f

.github/workflows/ci.yml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,10 @@ jobs:
1818
- name: Checkout
1919
uses: actions/checkout@v4
2020

21-
- name: Configure AWS credentials
22-
uses: aws-actions/configure-aws-credentials@v1.7.0
21+
- name: Azure Login
22+
uses: azure/login@v1
2323
with:
24-
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
25-
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
26-
aws-region: ${{ env.REGION }}
24+
creds: ${{ secrets.AZURE_CREDENTIALS }}
2725

2826
- name: Set up Node.js
2927
uses: actions/setup-node@v4

0 commit comments

Comments
 (0)