DevOps Workflows
For your convenience, we have provided some sample GitHub workflows that you can use to build and deploy code changes to each module. These workflows are the same ones that we use to package and release the code to our test environment. They were created as a baseline reference with the intent to be extensible when needed.
How does it work?
There are 2 reusable workflows we have created which the process is based on.
Each module has 2 workflow files that implement these re-usable workflows ensuring each build and deploy step taken is consistent across the entire solution. Each module workflow file is responsible for defining when the workflow is triggered, setting up variables, and calling the correct reusable workflow.
Process Outline
Build & Deploy to Staging
Workflow File: template-pr-deploy.yml
pr-deploy-saas-admin.ymlpr-deploy-saas-application.ymlpr-deploy-saas-permissions.ymlpr-deploy-saas-signupadministration.yml
Triggered On: Pull Request targeting main branch
Input Variables
| Input Name | Description | Default |
|---|---|---|
| dotnet_version | The version of the .NET project to build | |
| artifact_name | The name of the artifact file produced | |
| app_service_name | The name of the app service to deploy the artifact to | |
| app_service_resource_group_name | The name of the resource group the app service resides in | |
| project_build_path | The path of the folder that the .csproj for the module is in | |
| slot_name | The name of the deployment slot to create and deploy to on the app service (Used for override, recommended to keep the default) | pr-${{github.event.pull_request.number}} |
Secrets
AZURE_CREDENTIALS- The CI/CD pipeline must contain Azure credentials for a service principal that has an appropriate access level to create a new Azure App Service slot and deploy to it. See this document for setting up these credentials in your own repo.
Job Breakdown
There are 3 jobs within this workflow: build, create-deployment-slot, and deploy-to-slot. Here is a high level overview of what each job does.
-
build- Run the .NET restore, build, and publish commands on the project. Project is determined by the
project_build_pathinput variable. - Publishes built .NET artifact to GitHub artifacts. Artifact is named with the string provided in the
artifact_nameinput variable.
- Run the .NET restore, build, and publish commands on the project. Project is determined by the
-
create-deployment-slot- Logs into the Azure CLI with credentials provided in the
AZURE_CREDENTIALSsecret. - Runs Azure CLI command to create a new deployment slot in the Azure App Service provided in the
app_service_nameinput variable. Slot name is provided via theslot_nameinput variable.
- Logs into the Azure CLI with credentials provided in the
-
deploy-to-slotDepends on thebuildandcreate-deployment-slotjobs to succeed in order to run.- Downloads the build artifact from the
buildjob. Downloaded artifact name is provided via theartifact_nameinput variable. - Logs into the Azure CLI with credentials provided in the
AZURE_CREDENTIALSsecret. - Initiates deployment of the downloaded artifact to the app service and slot specified in
app_service_nameandslot_namerespectively using the azure/webapps-deploy GitHub Action.
- Downloads the build artifact from the
Swap Staging Slot into Production
Workflow File: template-pr-merge.yml
Used By:
pr-merge-saas-admin.ymlpr-merge-saas-application.ymlpr-merge-saas-permissions.ymlpr-merge-saas-signupadministration.yml
Triggered On: Pull request close
Input Variables
| Input Name | Description | Default |
|---|---|---|
| app_service_name | The name of the app service the slot is deployed to | |
| app_service_resource_group_name | The name of the resource group the app service resides in | |
| slot_name | The name of the deployment slot the staged code is deployed to (Used for override, recommended to keep the default) | pr-${{github.event.pull_request.number}} |
Secrets
AZURE_CREDENTIALS- The CI/CD pipeline must contain Azure credentials for a service principal that has an appropriate access level to perform the swap operation on the Azure App Service in question. See this document for setting up these credentials in your own repo.
Job Breakdown
There are 2 main jobs within this workflow: swap-slot and delete-slot
-
swap-slot- This job only runs if the PR is closed AND merged. This job does not run if the PR is closed without merging.- Logs into the Azure CLI with credentials provided in the
AZURE_CREDENTIALSsecret. - Runs the Azure CLI command to swap the deployment slot named in the
slot_nameinput variable with the production slot on the Azure App Service named in theapp_service_nameinput variable.
- Logs into the Azure CLI with credentials provided in the
-
delete-slot- This job will only run if the preceding step runs and succeeds. If the PR is closed without merging, the previous step will be skipped but this will still run.- Logs into the Azure CLI with credentials provided in the
AZURE_CREDENTIALSsecret. - Runs the Azure CLI command to delete the deployment slot named in the
slot_nameinput variable with the production slot on the Azure App Service named in theapp_service_nameinput variable.
- Logs into the Azure CLI with credentials provided in the
Important: You may choose to not delete the deployment slot directly following a deployment to retain the ability to swap the slot back if there are any issues and you’d like to undo the deployment. Deleting the slot immediately after a deployment is most recommended in a development/test environment where you may be deploying multiple times per day.