Update demo scripts and github actions for deployment (#194)

* update payment.yml * update * update * update * update * update * update * update * update * update * update * update * update
Azure-Samples · Mar 7, 2024 · 54473b2 · 54473b2
1 parent 8069f04
commit 54473b2
Show file tree

Hide file tree

Showing 7 changed files with 134 additions and 35 deletions.
diff --git a/.github/workflows/assist.yml b/.github/workflows/assist.yml
@@ -0,0 +1,56 @@
+name: Deploy Assist
+on:
+  workflow_dispatch:
+    inputs: { }
+  push:
+    branches:
+      - Azure
+    paths:
+      - 'apps/acme-assist/**'
+env:
+  SPRING_APPS_SERVICE: ${{ secrets.SPRING_APPS_SERVICE }}
+  RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
+  KEY_VAULT: ${{ secrets.KEY_VAULT }}
+  AZURE_OPENAI_ENDPOINT: ${{ secrets.AZURE_OPENAI_ENDPOINT }}
+  AZURE_OPENAI_APIKEY: ${{ secrets.AZURE_OPENAI_APIKEY }}
+  AI_APP: assist-service
+  AZURE_OPENAI_MODEL: gpt-35-turbo-16k
+  AZURE_OPENAI_EMBEDDINGMODEL: text-embedding-ada-002
+
+permissions:
+      id-token: write
+      contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: apps/acme-assist
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+      - name: Run the Maven local build
+        run: mvn package clean
+      - name: Set up Azure
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION }}
+      - name: Set up Azure Spring Extension
+        run: az extension add --name spring
+      - name: Deploy Identity
+        run: |
+          az spring app deploy --name ${AI_APP} \
+              --source-path ./ \
+              --build-env BP_JVM_VERSION=17 \
+              --env \
+                  SPRING_AI_AZURE_OPENAI_ENDPOINT=${AZURE_OPENAI_ENDPOINT} \
+                  SPRING_AI_AZURE_OPENAI_APIKEY=${AZURE_OPENAI_APIKEY} \
+                  SPRING_AI_AZURE_OPENAI_MODEL=${AZURE_OPENAI_MODEL} \
+                  SPRING_AI_AZURE_OPENAI_EMBEDDINGMODEL=${AZURE_OPENAI_EMBEDDINGMODEL} \
diff --git a/.github/workflows/cart.yml b/.github/workflows/cart.yml
@@ -8,18 +8,22 @@ on:
     paths:
       - 'apps/acme-cart/**'
 env:
-  SPRING_APPS_SERVICE: ${{ secrets.TF_PROJECT_NAME }}-asa
-  RESOURCE_GROUP: ${{ secrets.TF_PROJECT_NAME }}-grp
-  KEY_VAULT: ${{ secrets.TF_PROJECT_NAME }}-keyvault
+  SPRING_APPS_SERVICE: ${{ secrets.SPRING_APPS_SERVICE }}
+  RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
+  KEY_VAULT: ${{ secrets.KEY_VAULT }}
   CUSTOM_BUILDER: no-bindings-builder
   CART_SERVICE_APP: cart-service
 
+permissions:
+      id-token: write
+      contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.7"]
+        python-version: ["3.11"]
     defaults:
       run:
         working-directory: apps/acme-cart
@@ -41,18 +45,22 @@ jobs:
       - name: Set up Azure
         uses: azure/login@v1
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION }}
       - name: Set up Azure Spring Extension
         run: az extension add --name spring
       - name: Deploy Cart
         run: |
           keyvault_uri=$(az keyvault show \
             --resource-group ${RESOURCE_GROUP} \
-            --name ${KEY_VAULT} | jq -r '.properties.vaultUri')
+            --name ${KEY_VAULT} \
+            --query properties.vaultUri -o tsv)
 
           gateway_url=$(az spring gateway show \
             --resource-group ${RESOURCE_GROUP} \
-            --service ${SPRING_APPS_SERVICE} | jq -r '.properties.url')
+            --service ${SPRING_APPS_SERVICE} \
+            --query properties.url -o tsv)
           
           az spring app deploy \
             --name ${CART_SERVICE_APP} \

diff --git a/.github/workflows/catalog.yml b/.github/workflows/catalog.yml
@@ -8,11 +8,15 @@ on:
     paths:
       - 'apps/acme-catalog/**'
 env:
-  SPRING_APPS_SERVICE: ${{ secrets.TF_PROJECT_NAME }}-asa
-  RESOURCE_GROUP: ${{ secrets.TF_PROJECT_NAME }}-grp
-  KEY_VAULT: ${{ secrets.TF_PROJECT_NAME }}-keyvault
+  SPRING_APPS_SERVICE: ${{ secrets.SPRING_APPS_SERVICE }}
+  RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
+  KEY_VAULT: ${{ secrets.KEY_VAULT }}
   CATALOG_SERVICE_APP: catalog-service
 
+permissions:
+      id-token: write
+      contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -31,25 +35,28 @@ jobs:
       - name: Build with Gradle
         uses: gradle/gradle-build-action@v2
         with:
-          arguments: build
+          arguments: build -x test
           build-root-directory: apps/acme-catalog
       - name: Set up Azure
         uses: azure/login@v1
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION }}
       - name: Set up Azure Spring Extension
         run: az extension add --name spring
       - name: Deploy Catalog
         run: |
-          keyvault_uri=$(az keyvault show \
+           keyvault_uri=$(az keyvault show \
            --resource-group ${RESOURCE_GROUP} \
-           --name ${KEY_VAULT} | jq -r '.properties.vaultUri')
+           --name ${KEY_VAULT} \
+           --query properties.vaultUri -o tsv)
 
-          az spring app deploy \
+           az spring app deploy \
             --name ${CATALOG_SERVICE_APP} \
             --resource-group "$RESOURCE_GROUP" \
             --service "$SPRING_APPS_SERVICE" \
-            --env "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_ENDPOINT=${keyvault_uri}" "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_NAME='acme-fitness-store-vault'" "SPRING_PROFILES_ACTIVE=default,key-vault" \
+            --env "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_ENDPOINT=${keyvault_uri}" "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_NAME=${KEY_VAULT}" "SPRING_PROFILES_ACTIVE=default,key-vault" \
             --config-file-pattern catalog/default,catalog/key-vault \
             --build-env BP_JVM_VERSION=17 \
             --source-path ./
diff --git a/.github/workflows/identity.yml b/.github/workflows/identity.yml
@@ -8,11 +8,15 @@ on:
     paths:
       - 'apps/acme-identity/**'
 env:
-  SPRING_APPS_SERVICE: ${{ secrets.TF_PROJECT_NAME }}-asa
-  RESOURCE_GROUP: ${{ secrets.TF_PROJECT_NAME }}-grp
-  KEY_VAULT: ${{ secrets.TF_PROJECT_NAME }}-keyvault
+  SPRING_APPS_SERVICE: ${{ secrets.SPRING_APPS_SERVICE }}
+  RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
+  KEY_VAULT: ${{ secrets.KEY_VAULT }}
   IDENTITY_SERVICE_APP: identity-service
 
+permissions:
+      id-token: write
+      contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -36,20 +40,23 @@ jobs:
       - name: Set up Azure
         uses: azure/login@v1
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION }}
       - name: Set up Azure Spring Extension
         run: az extension add --name spring
       - name: Deploy Identity
         run: |
           keyvault_uri=$(az keyvault show \
            --resource-group ${RESOURCE_GROUP} \
-           --name ${KEY_VAULT} | jq -r '.properties.vaultUri')
+           --name ${KEY_VAULT} \
+            --query properties.vaultUri -o tsv)
 
           az spring app deploy \
             --name ${IDENTITY_SERVICE_APP} \
             --resource-group "$RESOURCE_GROUP" \
             --service "$SPRING_APPS_SERVICE" \
-            --env "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_ENDPOINT=${keyvault_uri}" "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_NAME='acme-fitness-store-vault'" "SPRING_PROFILES_ACTIVE=default,key-vault" \
+            --env "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_ENDPOINT=${keyvault_uri}" "SPRING_CLOUD_AZURE_KEYVAULT_SECRET_PROPERTY_SOURCES_0_NAME=${KEY_VAULT}" "SPRING_PROFILES_ACTIVE=default,key-vault" \
             --config-file-pattern identity/default,identity/key-vault \
             --build-env BP_JVM_VERSION=17 \
             --source-path ./
diff --git a/.github/workflows/order.yml b/.github/workflows/order.yml
@@ -8,12 +8,16 @@ on:
     paths:
       - 'apps/acme-order/**'
 env:
-  SPRING_APPS_SERVICE: ${{ secrets.TF_PROJECT_NAME }}-asa
-  RESOURCE_GROUP: ${{ secrets.TF_PROJECT_NAME }}-grp
-  KEY_VAULT: ${{ secrets.TF_PROJECT_NAME }}-keyvault
+  SPRING_APPS_SERVICE: ${{ secrets.SPRING_APPS_SERVICE }}
+  RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
+  KEY_VAULT: ${{ secrets.KEY_VAULT }}
   CUSTOM_BUILDER: no-bindings-builder
   ORDER_SERVICE_APP: order-service
 
+permissions:
+      id-token: write
+      contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -33,22 +37,27 @@ jobs:
       - name: Set up Azure
         uses: azure/login@v1
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION }}
       - name: Set up Azure Spring Extension
         run: az extension add --name spring
       - name: Deploy Order
         run: |
           keyvault_uri=$(az keyvault show \
-           --resource-group ${RESOURCE_GROUP} \
-           --name ${KEY_VAULT} | jq -r '.properties.vaultUri')
+            --resource-group ${RESOURCE_GROUP} \
+            --name ${KEY_VAULT} \
+            --query properties.vaultUri -o tsv)
 
           gateway_url=$(az spring gateway show \
             --resource-group ${RESOURCE_GROUP} \
-            --service ${SPRING_APPS_SERVICE} | jq -r '.properties.url')
+            --service ${SPRING_APPS_SERVICE} \
+            --query properties.url -o tsv)
 
           az spring app deploy \
             --name ${ORDER_SERVICE_APP} \
             --resource-group "$RESOURCE_GROUP" \
             --service "$SPRING_APPS_SERVICE" \
+            --env "ConnectionStrings__KeyVaultUri=${keyvault_uri}" "AcmeServiceSettings__AuthUrl=https://${gateway_url}" "DatabaseProvider=Postgres" \
             --builder ${CUSTOM_BUILDER} \
             --source-path ./
diff --git a/.github/workflows/payment.yml b/.github/workflows/payment.yml
@@ -8,10 +8,14 @@ on:
     paths:
       - 'apps/acme-payment/**'
 env:
-  SPRING_APPS_SERVICE: ${{ secrets.TF_PROJECT_NAME }}-asa
-  RESOURCE_GROUP: ${{ secrets.TF_PROJECT_NAME }}-grp
+  SPRING_APPS_SERVICE: ${{ secrets.SPRING_APPS_SERVICE }}
+  RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
   PAYMENT_SERVICE_APP: payment-service
 
+permissions:
+      id-token: write
+      contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -35,7 +39,9 @@ jobs:
       - name: Set up Azure
         uses: azure/login@v1
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION }}
       - name: Set up Azure Spring Extension
         run: az extension add --name spring
       - name: Deploy Payment

diff --git a/.github/workflows/shopping.yml b/.github/workflows/shopping.yml
@@ -8,10 +8,14 @@ on:
     paths:
       - 'apps/acme-shopping/**'
 env:
-  SPRING_APPS_SERVICE: ${{ secrets.TF_PROJECT_NAME }}-asa
-  RESOURCE_GROUP: ${{ secrets.TF_PROJECT_NAME }}-grp
+  SPRING_APPS_SERVICE: ${{ secrets.SPRING_APPS_SERVICE }}
+  RESOURCE_GROUP: ${{ secrets.RESOURCE_GROUP }}
   FRONTEND_APP: frontend
 
+permissions:
+      id-token: write
+      contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -30,7 +34,9 @@ jobs:
       - name: Set up Azure
         uses: azure/login@v1
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION }}
       - name: Set up Azure Spring Extension
         run: az extension add --name spring
       - name: Deploy Shopping