Order status updates + history (backend) — #41, #42 #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Order Service - Infrastructure | |
| # Provisions the Order Service Container App with Terraform. Runs `plan` on PRs | |
| # (for review) and `apply` only on merge to main. Auth uses the OIDC federated | |
| # identity Phil configured — no client secrets stored. | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - "Iac/order-service/**" | |
| - ".github/workflows/orderservice-iac.yml" | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - "Iac/order-service/**" | |
| - ".github/workflows/orderservice-iac.yml" | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| TFSTATE_STORAGE_ACCOUNT: dbstfstate01 | |
| TFSTATE_CONTAINER: tfstate | |
| jobs: | |
| terraform: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./Iac/order-service | |
| env: | |
| ARM_USE_OIDC: "true" | |
| ARM_USE_AZUREAD: "true" | |
| ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| TF_VAR_sql_connection_string: "Server=tcp:jacob-orderservice-sql2.database.windows.net,1433;Initial Catalog=OrderServiceDb;Authentication=Active Directory Managed Identity;" | |
| TF_VAR_eventhub_connection_string: ${{ secrets.AZURE_EVENTHUB_CONNECTION_STRING }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Azure Login (OIDC) | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Idempotent — safe to run every time. | |
| - name: Ensure TF state container exists | |
| run: | | |
| az storage container create \ | |
| --name "$TFSTATE_CONTAINER" \ | |
| --account-name "$TFSTATE_STORAGE_ACCOUNT" \ | |
| --auth-mode login \ | |
| --only-show-errors | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "1.9.5" | |
| - name: Terraform Init | |
| run: terraform init -input=false | |
| - name: Terraform Plan | |
| run: terraform plan -input=false -out=tfplan | |
| # Apply only on merge to main — PRs stop at plan for review. | |
| - name: Terraform Apply | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| run: terraform apply -input=false tfplan |