From 1e68be8758d38b5fd5b69f5bea2fdd4ece51a927 Mon Sep 17 00:00:00 2001 From: Cunknowng <152822221+Cunknowng@users.noreply.github.com> Date: Tue, 11 Jun 2024 19:14:01 -0500 Subject: [PATCH 1/5] Create azure-functions-app-python.yml --- .../workflows/azure-functions-app-python.yml | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/azure-functions-app-python.yml diff --git a/.github/workflows/azure-functions-app-python.yml b/.github/workflows/azure-functions-app-python.yml new file mode 100644 index 0000000..28ae31f --- /dev/null +++ b/.github/workflows/azure-functions-app-python.yml @@ -0,0 +1,65 @@ +# This workflow will build a Python app and deploy it to an Azure Functions App on Linux when a commit is pushed to your default branch. +# +# This workflow assumes you have already created the target Azure Functions app. +# For instructions see https://learn.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-python?pivots=python-mode-configuration +# +# To configure this workflow: +# 1. Set up the following secrets in your repository: +# - AZURE_FUNCTIONAPP_PUBLISH_PROFILE +# 2. Change env variables for your configuration. +# +# For more information on: +# - GitHub Actions for Azure: https://github.com/Azure/Actions +# - Azure Functions Action: https://github.com/Azure/functions-action +# - Publish Profile: https://github.com/Azure/functions-action#using-publish-profile-as-deployment-credential-recommended +# - Azure Service Principal for RBAC: https://github.com/Azure/functions-action#using-azure-service-principal-for-rbac-as-deployment-credential +# +# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp + +name: Deploy Python project to Azure Function App + +on: + push: + branches: ["main"] + +env: + AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root + PYTHON_VERSION: '3.9' # set this to the python version to use (e.g. '3.6', '3.7', '3.8') + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + environment: dev + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v4 + + # If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below + # - name: 'Login via Azure CLI' + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository + + - name: Setup Python ${{ env.PYTHON_VERSION }} Environment + uses: actions/setup-python@v4 + with: + python-version: ${{ env.PYTHON_VERSION }} + + - name: 'Resolve Project Dependencies Using Pip' + shell: bash + run: | + pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' + python -m pip install --upgrade pip + pip install -r requirements.txt --target=".python_packages/lib/site-packages" + popd + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} # Remove publish-profile to use Azure RBAC + scm-do-build-during-deployment: true + enable-oryx-build: true From b4364bed37558e14cb0845c3c3b49541ab607de0 Mon Sep 17 00:00:00 2001 From: Cunknowng <152822221+Cunknowng@users.noreply.github.com> Date: Tue, 11 Jun 2024 19:14:48 -0500 Subject: [PATCH 2/5] Create docker-image.yml --- .github/workflows/docker-image.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/docker-image.yml diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 0000000..3f53646 --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,18 @@ +name: Docker Image CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Build the Docker image + run: docker build . --file Dockerfile --tag my-image-name:$(date +%s) From 365a138b030b801c9c79128c6b543bbfe6d94c9e Mon Sep 17 00:00:00 2001 From: Cunknowng <152822221+Cunknowng@users.noreply.github.com> Date: Sun, 16 Jun 2024 22:29:17 -0500 Subject: [PATCH 3/5] Create google-cloudrun-source.yml --- .github/workflows/google-cloudrun-source.yml | 95 ++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 .github/workflows/google-cloudrun-source.yml diff --git a/.github/workflows/google-cloudrun-source.yml b/.github/workflows/google-cloudrun-source.yml new file mode 100644 index 0000000..96a8385 --- /dev/null +++ b/.github/workflows/google-cloudrun-source.yml @@ -0,0 +1,95 @@ +# This workflow will deploy source code on Cloud Run when a commit is pushed to the "main" branch +# +# Overview: +# +# 1. Authenticate to Google Cloud +# 2. Deploy it to Cloud Run +# +# To configure this workflow: +# +# 1. Ensure the required Google Cloud APIs are enabled: +# +# Cloud Run run.googleapis.com +# Cloud Build cloudbuild.googleapis.com +# Artifact Registry artifactregistry.googleapis.com +# +# 2. Create and configure Workload Identity Federation for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation) +# +# 3. Ensure the required IAM permissions are granted +# +# Cloud Run +# roles/run.admin +# roles/iam.serviceAccountUser (to act as the Cloud Run runtime service account) +# +# Cloud Build +# roles/cloudbuild.builds.editor +# +# Cloud Storage +# roles/storage.objectAdmin +# +# Artifact Registry +# roles/artifactregistry.admin (project or repository level) +# +# NOTE: You should always follow the principle of least privilege when assigning IAM roles +# +# 4. Create GitHub secrets for WIF_PROVIDER and WIF_SERVICE_ACCOUNT +# +# 5. Change the values for the SERVICE and REGION environment variables (below). +# +# For more support on how to run this workflow, please visit https://github.com/marketplace/actions/deploy-to-cloud-run +# +# Further reading: +# Cloud Run runtime service account - https://cloud.google.com/run/docs/securing/service-identity +# Cloud Run IAM permissions - https://cloud.google.com/run/docs/deploying-source-code#permissions_required_to_deploy +# Cloud Run builds from source - https://cloud.google.com/run/docs/deploying-source-code +# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege + +name: Deploy to Cloud Run from Source + +on: + push: + branches: [ "main" ] + +env: + PROJECT_ID: YOUR_PROJECT_ID # TODO: update Google Cloud project id + SERVICE: YOUR_SERVICE_NAME # TODO: update Cloud Run service name + REGION: YOUR_SERVICE_REGION # TODO: update Cloud Run service region + +jobs: + deploy: + # Add 'id-token' with the intended permissions for workload identity federation + permissions: + contents: 'read' + id-token: 'write' + + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Google Auth + id: auth + uses: 'google-github-actions/auth@v0' + with: + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + + # NOTE: Alternative option - authentication via credentials json + # - name: Google Auth + # id: auth + # uses: 'google-github-actions/auth@v0' + # with: + # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' + + - name: Deploy to Cloud Run + id: deploy + uses: google-github-actions/deploy-cloudrun@v0 + with: + service: ${{ env.SERVICE }} + region: ${{ env.REGION }} + # NOTE: If required, update to the appropriate source folder + source: ./ + + # If required, use the Cloud Run url output in later steps + - name: Show Output + run: echo ${{ steps.deploy.outputs.url }} From 30d98465ca0dc7af71a64a073f98acb7daf27768 Mon Sep 17 00:00:00 2001 From: Cunknowng <152822221+Cunknowng@users.noreply.github.com> Date: Tue, 18 Jun 2024 02:37:21 -0500 Subject: [PATCH 4/5] Create manual.yml --- .github/workflows/manual.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/manual.yml diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml new file mode 100644 index 0000000..11b2e35 --- /dev/null +++ b/.github/workflows/manual.yml @@ -0,0 +1,32 @@ +# This is a basic workflow that is manually triggered + +name: Manual workflow + +# Controls when the action will run. Workflow runs when manually triggered using the UI +# or API. +on: + workflow_dispatch: + # Inputs the workflow accepts. + inputs: + name: + # Friendly description to be shown in the UI instead of 'name' + description: 'Person to greet' + # Default value if no value is explicitly provided + default: 'World' + # Input has to be provided for the workflow to run + required: true + # The data type of the input + type: string + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "greet" + greet: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Runs a single command using the runners shell + - name: Send greeting + run: echo "Hello ${{ inputs.name }}" From a6f81168ff2b2e6cbfe58675f4fa0c328ab6588a Mon Sep 17 00:00:00 2001 From: Cunknowng <152822221+Cunknowng@users.noreply.github.com> Date: Tue, 18 Jun 2024 19:06:28 -0500 Subject: [PATCH 5/5] CircleCI Commit --- .circleci/config.yml | 59 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..2338570 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,59 @@ +# Couldn't automatically generate a config from your source code. +# This is a generic template to serve as a base for your custom config + +# Use the latest 2.1 version of CircleCI pipeline process engine. +# See: https://circleci.com/docs/configuration-reference +version: 2.1 + +# Define a job to be invoked later in a workflow. +# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs +jobs: + test: + # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub. + # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job + docker: + # Specify the version you desire here + # See: https://circleci.com/developer/images/image/cimg/base + - image: cimg/base:current + + # Add steps to the job + # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps + steps: + # Checkout the code as the first step. + - checkout + # Replace this with a real test runner invocation + - run: + name: Run tests + command: echo 'replace me with real tests!' && false + build: + docker: + - image: cimg/base:current + steps: + - checkout + # Replace this with steps to build a package, or executable + - run: + name: Build an artifact + command: touch example.txt + - store_artifacts: + path: example.txt + deploy: + docker: + - image: cimg/base:current + steps: + # Replace this with steps to deploy to users + - run: + name: deploy + command: "#e.g. ./deploy.sh" + +# Orchestrate jobs using workflows +# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows +workflows: + example: + jobs: + - test + - build: + requires: + - test + - deploy: + requires: + - test \ No newline at end of file