126 lines (114 loc) · 4.99 KB
/
template-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: Template - Build site
on:
workflow_call:
inputs:
tag:
type: string
required: true
secrets:
AZURE_CLIENT_ID:
required: true
AZURE_TENANT_ID:
required: true
AZURE_SUBSCRIPTION_ID:
required: true
NEXT_PUBLIC_TINA_CLIENT_ID:
required: true
TINA_TOKEN:
required: true
NEXT_PUBLIC_GOOGLE_GTM_ID:
required: true
NEXT_PUBLIC_ZENDESK_CHAT_KEY:
required: true
defaults:
run:
shell: pwsh
permissions:
id-token: write
contents: read
jobs:
build-site:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Load .env file
uses: xom9ikk/dotenv@v2
with:
path: ./.github
load-mode: strict
- name: Get current date
id: date
run: |
echo "date=$(Get-Date -Format yyyy-MM-ddThh:mm:ssZ -AsUtc)" >> $env:GITHUB_OUTPUT
- name: Azure CLI - Login
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: keyVault - Secrets
uses: theotow/keyvault-secret-azure@v1
id: KeyVaultSecrets
with:
key-vault-name: ${{ env.KEY_VAULT }}
config: |
{
"GoogleRecaptchaSiteKey": "Google-Recaptcha-Site-KEY",
"MICROSOFT_OAUTH_TENANT_ID": "MICROSOFT-OAUTH-TENANT-ID",
"MICROSOFT_OAUTH_CLIENT_ID": "MICROSOFT-OAUTH-CLIENT-ID",
"MICROSOFT_OAUTH_CLIENT_SECRET": "MICROSOFT-OAUTH-CLIENT-SECRET",
"SHAREPOINT_SITE_ID": "SHAREPOINT-SITE-ID",
"SHAREPOINT_EVENTS_LIST_ID": "SHAREPOINT-EVENTS-LIST-ID",
"SHAREPOINT_EXTERNAL_PRESENTERS_LIST_ID": "SHAREPOINT-EXTERNAL-PRESENTERS-LIST-ID",
"DYNAMICS_CLIENT_ID": "DYNAMICS-CLIENT-ID",
"DYNAMICS_CLIENT_SECRET": "DYNAMICS-CLIENT-SECRET",
"YOUTUBE_PRIVATE_KEY": "YOUTUBE-PRIVATE-KEY"
}
- name: AppInsight - Connection Strings
shell: pwsh
id: AppInsight
run: |
# AppInsight - Connection String
az config set extension.use_dynamic_install=yes_without_prompt
$AppInsightName = if ("${{ inputs.tag }}" -ieq "production") { "${{ env.APP_INSIGHT_PROD }}" } else { "${{ env.APP_INSIGHT_DEV }}" }
$AppInsightConnectionString = (az monitor app-insights component show --resource-group ${{ env.AZURE_RESOURCE_GROUP }} --app $AppInsightName --query connectionString -o tsv)
echo "AppInsightConnectionString=$AppInsightConnectionString" >> $env:GITHUB_OUTPUT
Write-Host '✅ AppInsight - Connection String retrieved'
- name: ACR - Login
run: |
az acr login --name ${{ env.ACR_LOGIN_SERVER }}
- name: Docker - Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
build-args: |
NODE_OPTIONS=--max_old_space_size=8192
NEXT_PUBLIC_GOOGLE_GTM_ID=${{ secrets.NEXT_PUBLIC_GOOGLE_GTM_ID }}
NEXT_PUBLIC_GOOGLE_ANALYTICS=${{ secrets.NEXT_PUBLIC_GOOGLE_ANALYTICS }}
NEXT_PUBLIC_GITHUB_RUN_DATE=${{ steps.date.outputs.date }}
NEXT_PUBLIC_GITHUB_RUN_ID=${{ github.run_id }}
NEXT_PUBLIC_GITHUB_RUN_NUMBER=${{ github.run_number }}
NEXT_PUBLIC_GITHUB_REPOSITORY=${{ github.repository }}
NEXT_PUBLIC_HOTJAR_ID=${{ secrets.NEXT_PUBLIC_HOTJAR_ID }}
NEXT_PUBLIC_HOTJAR_SV=${{ secrets.NEXT_PUBLIC_HOTJAR_SV }}
NEXT_PUBLIC_TINA_CLIENT_ID=${{ secrets.NEXT_PUBLIC_TINA_CLIENT_ID }}
NEXT_PUBLIC_TINA_BRANCH=${{ github.head_ref || github.ref_name }}
NEXT_PUBLIC_ZENDESK_CHAT_KEY=${{ secrets.NEXT_PUBLIC_ZENDESK_CHAT_KEY }}
GOOGLE_RECAPTCHA_SITE_KEY=${{ env.GoogleRecaptchaSiteKey }}
MICROSOFT_OAUTH_TENANT_ID=${{ env.MICROSOFT_OAUTH_TENANT_ID }}
MICROSOFT_OAUTH_CLIENT_ID=${{ env.MICROSOFT_OAUTH_CLIENT_ID }}
MICROSOFT_OAUTH_CLIENT_SECRET=${{ env.MICROSOFT_OAUTH_CLIENT_SECRET }}
SHAREPOINT_SITE_ID=${{ env.SHAREPOINT_SITE_ID }}
SHAREPOINT_EVENTS_LIST_ID=${{ env.SHAREPOINT_EVENTS_LIST_ID }}
SHAREPOINT_EXTERNAL_PRESENTERS_LIST_ID=${{ env.SHAREPOINT_EXTERNAL_PRESENTERS_LIST_ID }}
DYNAMICS_CLIENT_ID=${{ env.DYNAMICS_CLIENT_ID }}
DYNAMICS_CLIENT_SECRET=${{ env.DYNAMICS_CLIENT_SECRET }}
YOUTUBE_PRIVATE_KEY=${{ env.YOUTUBE_PRIVATE_KEY }}
KEY_VAULT=${{ env.KEY_VAULT }}
NEXT_PUBLIC_APP_INSIGHT_CONNECTION_STRING=${{ steps.AppInsight.outputs.AppInsightConnectionString }}
TINA_TOKEN=${{ secrets.TINA_TOKEN }}
NEXT_PUBLIC_CHATBASE_BOT_ID=${{ env.NEXT_PUBLIC_CHATBASE_BOT_ID }}
SITE_URL=https://www.ssw.com.au
tags: |
${{ env.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ inputs.tag }}