Azure-Samples · dantelmomsft · Nov 9, 2023 · Oct 18, 2023 · Oct 18, 2023 · Nov 1, 2023
@@ -1,16 +1,13 @@
-# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
-# More GitHub Actions for Azure: https://github.com/Azure/actions
-# More info on Python, GitHub Actions, and Azure App Service: https://aka.ms/python-webapps-actions
-
-name: App Continuous Integration pipeline
+name: APP CI/CD Pipeline 
 
 on:
   push:
     branches:
-      - app-ci-github-actions
       - main
-  pull_request:
-    branches: [ main ]
+    paths:
+      - "app/**"
+    tags:        
+      - v.*.*.*
   workflow_dispatch:
 
 jobs:
@@ -33,10 +30,10 @@ jobs:
         run: |
           if [[ $GITHUB_REF_NAME == 'refs/heads/main' ]]; then
               echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT"
-          elif [[ $GITHUB_REF_NAME == 'refs/heads/develop' ]]; then
-              echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT"
-          elif [[ $GITHUB_REF_NAME == 'refs/heads/release' ]]; then
-               echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT"
+          elif [[ $GITHUB_REF_NAME == *'refs/heads/release'* ]]; then
+              echo "DEPLOY_ENVIRONMENT=Test" >> "$GITHUB_OUTPUT"
+          elif [[ $GITHUB_REF_NAME == *'refs/tags/v'* ]]; then
+               echo "DEPLOY_ENVIRONMENT=Production" >> "$GITHUB_OUTPUT"
           else
               echo "DEPLOY_ENVIRONMENT=Development" >> "$GITHUB_OUTPUT"
           fi

@@ -0,0 +1,119 @@
+name: Infra CI Pipeline 
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "infra/**"
+
+  workflow_dispatch:
+
+# To configure required secrets for connecting to Azure, simply run `azd pipeline config`
+
+# Set up permissions for deploying with secretless Azure federated credentials
+# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  validate-bicep:
+    name: "Infra Biceps Validation"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build Bicep for linting
+        uses: azure/CLI@v1
+        with:
+          inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout
+
+      - name: Run Microsoft Security DevOps Analysis
+        uses: microsoft/security-devops-action@v1
+        id: msdo
+        continue-on-error: true
+        with:
+          tools: templateanalyzer
+
+      - name: Upload alerts to Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        if: github.repository == 'Azure-Samples/azure-search-openai-demo-java'
+        with:
+          sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+
+
+#   deploy:
+#     name: "Deploy Infra and App using azd"
+#     runs-on: ubuntu-latest
+#     environment:
+#         name: "Development"
+#     env:
+#       AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+#       AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+#       AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+#       AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@v4
+
+#       - name: Install azd
+#         uses: Azure/[email protected]
+
+#       - name: Log in with Azure (Federated Credentials)
+#         if: ${{ env.AZURE_CLIENT_ID != '' }}
+#         run: |
+#           azd auth login `
+#             --client-id "$Env:AZURE_CLIENT_ID" `
+#             --federated-credential-provider "github" `
+#             --tenant-id "$Env:AZURE_TENANT_ID"
+#         shell: pwsh
+
+#       - name: Log in with Azure (Client Credentials)
+#         if: ${{ env.AZURE_CREDENTIALS != '' }}
+#         run: |
+#           $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
+#           Write-Host "::add-mask::$($info.clientSecret)"
+
+#           azd auth login `
+#             --client-id "$($info.clientId)" `
+#             --client-secret "$($info.clientSecret)" `
+#             --tenant-id "$($info.tenantId)"
+#         shell: pwsh
+#         env:
+#           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+
+#       - name: Provision Infrastructure
+#         run: azd provision --no-prompt
+#         env:
+#           AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+#           AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+#           AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+#           AZURE_FORMRECOGNIZER_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }}
+#           AZURE_FORMRECOGNIZER_SERVICE: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }}
+#           AZURE_OPENAI_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_SERVICE }}
+#           AZURE_OPENAI_SERVICE: ${{ vars.AZURE_OPENAI_SERVICE }}
+#           AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
+#           AZURE_SEARCH_SERVICE: ${{ vars.AZURE_SEARCH_SERVICE }}
+#           AZURE_SEARCH_SERVICE_RESOURCE_GROUP: ${{ vars.AZURE_SEARCH_SERVICE_RESOURCE_GROUP }}
+#           AZURE_STORAGE_ACCOUNT: ${{ vars.AZURE_STORAGE_ACCOUNT }}
+#           AZURE_STORAGE_RESOURCE_GROUP: ${{ vars.AZURE_STORAGE_RESOURCE_GROUP }}
+
+#       - name: Deploy Application
+#         run: azd deploy --no-prompt
+#         env:
+#           AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+#           AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+#           AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+#           AZURE_FORMRECOGNIZER_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }}
+#           AZURE_FORMRECOGNIZER_SERVICE: ${{ vars.AZURE_FORMRECOGNIZER_RESOURCE_GROUP }}
+#           AZURE_OPENAI_RESOURCE_GROUP: ${{ vars.AZURE_FORMRECOGNIZER_SERVICE }}
+#           AZURE_OPENAI_SERVICE: ${{ vars.AZURE_OPENAI_SERVICE }}
+#           AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
+#           AZURE_SEARCH_SERVICE: ${{ vars.AZURE_SEARCH_SERVICE }}
+#           AZURE_SEARCH_SERVICE_RESOURCE_GROUP: ${{ vars.AZURE_SEARCH_SERVICE_RESOURCE_GROUP }}
+#           AZURE_STORAGE_ACCOUNT: ${{ vars.AZURE_STORAGE_ACCOUNT }}
+#           AZURE_STORAGE_RESOURCE_GROUP: ${{ vars.AZURE_STORAGE_RESOURCE_GROUP }}
+
+
@@ -0,0 +1,19 @@
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: '30 1 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v8
+        with:
+          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.'
+          stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed.'
+          close-issue-message: 'This issue was closed because it has been stalled for 7 days with no activity.'
+          close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.'
+          days-before-issue-stale: 60
+          days-before-pr-stale: 60
+          days-before-issue-close: -1
+          days-before-pr-close: -1
@@ -0,0 +1,66 @@
+name: Validate AZD template
+on:
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * *' # Run at midnight every day
+
+jobs:
+  infra:
+    name: "Infra Biceps Validation"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build Bicep for linting
+        uses: azure/CLI@v1
+        with:
+          inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout
+
+      - name: Run Microsoft Security DevOps Analysis
+        uses: microsoft/security-devops-action@v1
+        id: msdo
+        continue-on-error: true
+        with:
+          tools: templateanalyzer
+
+      - name: Upload alerts to Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        if: github.repository == 'Azure-Samples/azure-search-openai-demo-java'
+        with:
+          sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+
+  frontend:
+    name: "Front-end validation"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build React Frontend
+        run: |
+          echo "Building front-end and merge into Spring Boot static folder."
+          cd ./app/frontend
+          npm install
+          npm run build
+
+  backend: 
+    name: "Backend validation"
+    runs-on: ubuntu-latest
+    steps: 
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Java version
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'microsoft'
+          java-version: '17'
+          cache: 'maven'
+
+      - name: Build Spring Boot App
+        run: |
+          echo "Building Spring Boot app."
+          cd ./app/backend
+          ./mvnw verify