aamini7 · aamini7 · Jun 28, 2022
diff --git a/.github/workflows/bugbash.yaml b/.github/workflows/bugbash.yaml
@@ -0,0 +1,96 @@
+name: bugbash
+"on":
+    push:
+        branches:
+            - main
+    workflow_dispatch: {}
+env:
+    ACR_RESOURCE_GROUP: aaminiakstestregistry
+    AZURE_CONTAINER_REGISTRY: aaminiakstestregistry
+    CLUSTER_NAME: aamini-aks-test
+    CLUSTER_RESOURCE_GROUP: aamini-rg
+    CONTAINER_NAME: test-image
+    DEPLOYMENT_MANIFEST_PATH: |
+        ./manifests/deployment.yaml
+    IMAGE_PULL_SECRET_NAME: your-image-pull-secret-name
+jobs:
+    buildImage:
+        permissions:
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - uses: azure/login@v1.4.3
+              name: Azure login
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            - name: Build and push image to ACR
+              run: az acr build --image ${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.ACR_RESOURCE_GROUP }} -f ./Dockerfile ./
+    createSecret:
+        permissions:
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        steps:
+            - uses: azure/login@v1.4.3
+              name: Azure login
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            - uses: azure/aks-set-context@v2.0
+              name: Get K8s context
+              with:
+                cluster-name: ${{ env.CLUSTER_NAME }}
+                resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}
+            - name: Get ACR credentials
+              run: |
+                az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.ACR_RESOURCE_GROUP }} --admin-enabled true
+                ACR_USERNAME=$(az acr credential show -g ${{ env.ACR_RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
+                ACR_PASSWORD=$(az acr credential show -g ${{ env.ACR_RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
+                echo "::add-mask::${ACR_USERNAME}"
+                echo "::set-output name=username::${ACR_USERNAME}"
+                echo "::add-mask::${ACR_PASSWORD}"
+                echo "::set-output name=password::${ACR_PASSWORD}"
+              id: get-acr-creds
+            - uses: Azure/k8s-create-secret@v1.1
+              name: Create K8s secret for pulling image from ACR
+              with:
+                container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
+                container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
+                container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
+                secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
+    deploy:
+        permissions:
+            actions: read
+            contents: read
+            id-token: write
+        runs-on: ubuntu-latest
+        needs:
+            - buildImage
+            - createSecret
+        steps:
+            - uses: actions/checkout@v3
+            - uses: azure/login@v1.4.3
+              name: Azure login
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            - uses: azure/aks-set-context@v2.0
+              name: Get K8s context
+              with:
+                cluster-name: ${{ env.CLUSTER_NAME }}
+                resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}
+            - uses: Azure/k8s-deploy@v3.1
+              name: Deploys application
+              with:
+                action: deploy
+                imagepullsecrets: ${{ env.IMAGE_PULL_SECRET_NAME }}
+                images: |
+                    ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
+                manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
+                namespace: namespace-workflow-1656454578660