diff --git a/.github/workflows/build-analyze.yml b/.github/workflows/build-analyze.yml index f7481fa..b01d7d5 100644 --- a/.github/workflows/build-analyze.yml +++ b/.github/workflows/build-analyze.yml @@ -12,7 +12,7 @@ jobs: if: ((github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) || github.event_name == 'push') && github.repository_owner == 'Altinn' && github.actor != 'dependabot[bot]' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set inotify watchers run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p - name: Set inotify instances @@ -41,18 +41,18 @@ jobs: with: distribution: 'microsoft' java-version: 17 - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Cache SonarCloud packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~\sonar\cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache SonarCloud scanner id: cache-sonar-scanner - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: .\.sonar\scanner key: ${{ runner.os }}-sonar-scanner diff --git a/.github/workflows/build-deploy-at.yml b/.github/workflows/build-deploy-at.yml index 0c49de3..b229677 100644 --- a/.github/workflows/build-deploy-at.yml +++ b/.github/workflows/build-deploy-at.yml @@ -37,17 +37,17 @@ jobs: path: ./src/Functions/Altinn.Auth.AuditLog.Functions/output - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Log in to the Container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: push: true tags: ghcr.io/altinn/altinn-auth-audit-log:${{ github.sha }} diff --git a/.github/workflows/manual-build-deploy-to-environment.yml b/.github/workflows/manual-build-deploy-to-environment.yml new file mode 100644 index 0000000..dce26e6 --- /dev/null +++ b/.github/workflows/manual-build-deploy-to-environment.yml @@ -0,0 +1,93 @@ +name: Manually build and publish to a specific environments +on: + workflow_dispatch: + inputs: + environment: + type: environment + description: Select the environment + +env: + DOTNET_VERSION: '8.0.x' + +jobs: + build: + name: Build + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: ${{ env.DOTNET_VERSION }} + + - name: Build function app + shell: bash + working-directory: ./src/Functions/Altinn.Auth.AuditLog.Functions + run: dotnet build --configuration Release --output ./output + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: function-app + path: ./src/Functions/Altinn.Auth.AuditLog.Functions/output + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + push: true + tags: ghcr.io/altinn/altinn-auth-audit-log:${{ github.sha }} + + deploy: + name: Deploy to ${{ inputs.environment }} + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + needs: + - build + + permissions: + id-token: write + contents: read + packages: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Download built function-app + uses: actions/download-artifact@v4 + with: + name: function-app + path: ./artifacts/function-app + + - name: Azure Login + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - uses: ./.github/actions/deploy + name: Deploy + with: + image-tag: ${{ github.sha }} + resource-group: ${{ vars.CONTAINER_APP_RESOURCE_GROUP_NAME }} + container-app: ${{ vars.CONTAINER_APP_NAME }} + function-app: ${{ vars.AZURE_FUNCTIONAPP_NAME }} + function-app-path: ./artifacts/function-app diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index e9db345..a5e0d69 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write # for TimonVS/pr-labeler-action to add labels in PR runs-on: ubuntu-latest steps: - - uses: TimonVS/pr-labeler-action@v4 + - uses: TimonVS/pr-labeler-action@v5 with: repo-token: ${{ secrets.GITHUB_TOKEN }} configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value diff --git a/README.md b/README.md index 0e352fb..864e850 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ The auditlog api maps the events to the database model and stores them in the da The events are stored in the postgres database. ## Technologies - - .NET 7.0 + - .NET 8.0 - Azure Storage Queue - Azure Function App V4 - Azure Container App @@ -112,15 +112,15 @@ Now, this message will be processed by the function app, sent to the auditlog ap pr-labeler action is triggered for each pull request. Based on the branch name, this action adds a label to the pull request. The configuration for the labels can be found here. ## Deploy -### Auditlog Container application -Code is continously integrated and deployed to all testing environments (AT environments). build-publish-deploy-via-ghcr is triggered when a pull request is merged into main branch. On each run, the code is built, packaged and published to Github Container registry as altinn-auth-audit-log. Each image is tagged with the github commit sha. The package is then deployed to an azure container app in testing environment. The environment variables, secrets for the action are setup in the repository settings. +### Auditlog Container application / function application +Code is continously integrated and deployed to all testing environments (AT environments). [build-deploy-at](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/workflows/build-deploy-at.yml) is triggered when a pull request is merged into main branch. On each run, the code is built, packaged and published to Github Container registry as altinn-auth-audit-log. Each image is tagged with the github commit sha. The package is then deployed to an azure container app in testing environment. The environment variables, secrets for the action are setup in the repository settings. ### Auditlog Function Application Code is continously integrated and deployed to all testing environments (AT environments). The code from the main branch is published to the function app in different environments. In the future, the function app will also be containerized. ## Release -### Auditlog Container Application -The application has a release every wednesday. [scheduled-release](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/workflows/scheduled-release.yml) action is triggered every wednesday 00.00. This action drafts a release, tags the latest package with the release version, f.ex package gets a release version v2024.1. The action drafts the release on different categories. The changes are categorized based on the pull request label. F.ex, A PR with a label bugfix is categorized under bug. The detailed release draft configuration can be found [here](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/release-drafter.yml). The deploy in charge for the week, deploys the application to a specific environment(TT02/Prod) using the action [deploy-to-environment](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/workflows/deploy-to-environment.yml). The drafted release is then reviewed manually and published by the deploy in charge. +### Auditlog Container Application / Function application +The application has a release every wednesday. [create-release-draft](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/workflows/create-release-draft.yml) action is triggered every wednesday 00.00. This action drafts release notes, formats a release version f.ex 2024.3.19. The action drafts the release on different categories. The changes are categorized based on the pull request label. F.ex, A PR with a label bugfix is categorized under bug. The detailed release draft configuration can be found [here](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/release-drafter.yml). The deploy in charge for the week, publishes the drafted release notes. The release action then triggers [deploy-after-release](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/workflows/deploy-after-release.yml) of the release version. -### Auditlog Function Application -The application has a release every wednesday. The deploy in charge for the week, deploys the application to a specific environment(TT02/Prod) using the action [deploy-fa-to-environment](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/workflows/deploy-fa-to-environment.yml). \ No newline at end of file +### Manually deploy a specific commit to specific environment +In some scenarios, there will be a necessity to deploy a specific commit/branch to a specific environment. [manual-build-deploy-to-environment](https://github.com/Altinn/altinn-auth-audit-log/blob/main/.github/workflows/manual-build-deploy-to-environment.yml) action can be used to build/ deploy a specific commitid. \ No newline at end of file diff --git a/src/Altinn.Auth.AuditLog/Dockerfile b/src/Altinn.Auth.AuditLog/Dockerfile index 7217cd6..f8178c3 100644 --- a/src/Altinn.Auth.AuditLog/Dockerfile +++ b/src/Altinn.Auth.AuditLog/Dockerfile @@ -1,11 +1,11 @@ #See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging. -FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS base +FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base WORKDIR /app EXPOSE 80 EXPOSE 443 -FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build +FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build WORKDIR /src COPY ["Altinn.Auth.AuditLog/Altinn.Auth.AuditLog.csproj", "Altinn.Auth.AuditLog/"] RUN dotnet restore "Altinn.Auth.AuditLog/Altinn.Auth.AuditLog.csproj"