DeliveryBotSystem/.github/workflows/AdminWebpage-Deploy-WF.yml at main · IntelliTect-Samples/DeliveryBotSystem · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: AdminWebpage-Deploy-WF

# Builds and deploys the Admin Web App React SPA to Azure App Service.
# Infrastructure provisioning (App Service, etc.) is handled separately by
# .github/workflows/iac.yml — this workflow only builds and deploys the app.

on:
  workflow_dispatch:
  pull_request:
    branches: [main]
    paths:
      - "admin-webapp/**"
      - ".github/workflows/AdminWebpage-Deploy-WF.yml"
  push:
    branches: [main]
    paths:
      - "admin-webapp/**"
      - ".github/workflows/AdminWebpage-Deploy-WF.yml"

permissions:
  id-token: write
  contents: read

env:
  RESOURCE_GROUP: ewu-deliverybotsystem-rg
  APP_SERVICE_NAME: WA-DeliveryBot-Admin-dev
  BOTNET_API_URL: https://ewu-deliverybotsystem-api.mangocoast-332176b0.westus2.azurecontainerapps.io
  SIMULATOR_API_URL: https://deliverybot-robot-simulator.mangocoast-332176b0.westus2.azurecontainerapps.io
  ORDER_SERVICE_URL: https://deliverybot-order-service.mangocoast-332176b0.westus2.azurecontainerapps.io
  # Entra ID staff sign-in (issue #54). Blank → auth disabled (app runs open).
  # Fill these in from the app registration to switch sign-in on, then push.
  # Client/tenant/group IDs are not secrets (a public SPA exposes them anyway).
  ENTRA_CLIENT_ID: "b5a029c3-d046-4005-9497-23ba18df70b2"
  ENTRA_TENANT_ID: "37321907-14a5-4390-987d-ec0c66c655cd"
  ENTRA_ADMIN_GROUP_ID: "14fcd995-e89f-4020-b5ff-4a9b48a5824e"

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      # ── 1. Authenticate to Azure via OIDC ────────────────────────────────
      - name: Azure Login (OIDC)
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      # ── 2. Fetch the App Insights connection string (Azure Monitor) ───────
      # The resource is provisioned by the IaC workflow (iac.yml). This read is
      # tolerant: if it doesn't exist yet, telemetry is simply disabled in the
      # build and the next deploy picks it up. The connection string is a client
      # ingestion key, not a secret — masked here as good practice.
      - name: Get App Insights connection string
        id: appinsights
        run: |
          CS=$(az resource show \
            --resource-group "$RESOURCE_GROUP" \
            --name appi-deliverybot-admin \
            --resource-type microsoft.insights/components \
            --query properties.ConnectionString -o tsv 2>/dev/null || true)
          if [ -n "$CS" ]; then echo "::add-mask::$CS"; fi
          echo "connection_string=$CS" >> "$GITHUB_OUTPUT"

      # ── 3. Build the SPA with upstream URLs baked in ──────────────────────
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "22.x"
          cache: "npm"
          cache-dependency-path: admin-webapp/package-lock.json

      - name: Install dependencies
        working-directory: ./admin-webapp
        run: npm install

      - name: Run unit tests
        working-directory: ./admin-webapp
        run: npm test

      - name: Build React app
        working-directory: ./admin-webapp
        env:
          VITE_BOTNET_API_URL: ${{ env.BOTNET_API_URL }}
          VITE_SIMULATOR_API_URL: ${{ env.SIMULATOR_API_URL }}
          VITE_ORDER_SERVICE_URL: ${{ env.ORDER_SERVICE_URL }}
          VITE_ENTRA_CLIENT_ID: ${{ env.ENTRA_CLIENT_ID }}
          VITE_ENTRA_TENANT_ID: ${{ env.ENTRA_TENANT_ID }}
          VITE_ENTRA_ADMIN_GROUP_ID: ${{ env.ENTRA_ADMIN_GROUP_ID }}
          VITE_APPINSIGHTS_CONNECTION_STRING: ${{ steps.appinsights.outputs.connection_string }}
        run: npm run build

      # ── 3. Deploy the build to the App Service ─────────────────────────────
      - name: Deploy to Azure App Service
        uses: azure/webapps-deploy@v3
        with:
          app-name: ${{ env.APP_SERVICE_NAME }}
          package: ./admin-webapp/dist

      - name: Print deployment URL
        run: |
          FQDN=$(az webapp show \
            --name "$APP_SERVICE_NAME" \
            --resource-group "$RESOURCE_GROUP" \
            --query defaultHostName -o tsv)
          echo "========================================"
          echo "  Admin Web App deployed!"
          echo "  URL: https://${FQDN}"
          echo "========================================"