Merge pull request #18 from DFE-Digital/dependabot/terraform/terrafor… #31

Summary
Jobs
- build
- push-files
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/deploy-to-azure.yml at 82bb69d

	---
	name: Deploy security.txt to Azure

	on:
	push:
	branches:
	- main
	paths:
	- '**.txt'
	- 'index.html'
	- 'timestamp.sh'
	- 'terraform/**'
	- '.github/workflows/deploy-to-azure.yml'
	workflow_dispatch:

	jobs:
	build:

	runs-on: ubuntu-latest
	outputs:
	storage_account: ${{ steps.run-tf.outputs.STORAGE_ACCOUNT_NAME }}
	cdn_profile: ${{ steps.run-tf.outputs.CDN_PROFILE_NAME }}
	cdn_endpoint: ${{ steps.run-tf.outputs.CDN_ENDPOINT_NAME }}
	resource_group: ${{ steps.run-tf.outputs.RESOURCE_GROUP_NAME }}

	steps:
	- name: checkout
	uses: actions/checkout@v4

	- name: Timestamp security.txt
	run: ./timestamp.sh

	- name: Deploy terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.7.4
	terraform_wrapper: false

	- name: Terraform version
	run: terraform -version

	- name: Run terraform
	id: run-tf
	env:
	ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
	ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
	run: \|
	cd terraform/
	terraform init
	terraform apply -auto-approve

	echo "STORAGE_ACCOUNT_NAME=$(terraform output -raw storage_account_name)" >> $GITHUB_OUTPUT
	echo "CDN_PROFILE_NAME=$(terraform output -raw cdn_profile_name)" >> $GITHUB_OUTPUT
	echo "CDN_ENDPOINT_NAME=$(terraform output -raw cdn_endpoint_name)" >> $GITHUB_OUTPUT
	echo "RESOURCE_GROUP_NAME=$(terraform output -raw resource_group_name)" >> $GITHUB_OUTPUT


	- name: Availability test
	run: \|
	status_code=$(curl -s -o /dev/null -w "%{http_code}" https://vdp.security.education.gov.uk/.well-known/security.txt)

	if [ $status_code == 200 ]
	then
	echo "Security.txt successfully deployed to https://vdp.security.education.gov.uk"
	else
	echo "Error deploying to https://vdp.security.education.gov.uk, status code returned: $status_code"
	exit 1
	fi

	push-files:
	needs: build

	runs-on: ubuntu-latest

	steps:
	- name: checkout
	uses: actions/checkout@v4

	- name: Timestamp security.txt
	run: ./timestamp.sh

	- name: Azure Login
	uses: azure/login@v2
	with:
	creds: '{"clientId":"${{ secrets.ARM_CLIENT_ID }}","clientSecret":"${{ secrets.ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.ARM_TENANT_ID }}"}'

	- name: Upload to blob storage
	uses: azure/CLI@v2
	with:
	inlineScript: \|
	az storage blob upload --account-name ${{ needs.build.outputs.storage_account }} --file 'security.txt' --name 'security.txt' --auth-mode key --container-name '$web' --overwrite
	az storage blob upload --account-name ${{ needs.build.outputs.storage_account }} --file 'security.txt' --name '.well-known/security.txt' --auth-mode key --container-name '$web' --overwrite
	az storage blob upload --account-name ${{ needs.build.outputs.storage_account }} --file 'thanks.txt' --name 'thanks.txt' --auth-mode key --container-name '$web' --overwrite
	az storage blob upload --account-name ${{ needs.build.outputs.storage_account }} --file 'index.html' --name 'index.html' --auth-mode key --container-name '$web' --overwrite

	- name: Purge CDN endpoint
	uses: azure/CLI@v2
	with:
	inlineScript: \|
	az cdn endpoint purge --content-paths "/" "/.well-known/" --profile-name ${{ needs.build.outputs.cdn_profile }} --name ${{ needs.build.outputs.cdn_profile }} --resource-group ${{ needs.build.outputs.resource_group }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #18 from DFE-Digital/dependabot/terraform/terrafor… #31

Workflow file

Merge pull request #18 from DFE-Digital/dependabot/terraform/terrafor… #31

Jobs

Run details

Workflow file for this run