OMDSCloud/azure-pipelines-production.yml

# Pipeline側でKeyVaultやDocker、AppService等に対する操作権限を持ったServiceConenctionを作成し、
# 環境変数 AZURE_SERVICE_CONNECTION の値としてServiceConenction名を設定しておくこと
# また、環境変数 STATIC_DICTATION_DEPLOYMENT_TOKEN の値として静的WebAppsのデプロイトークンを設定しておくこと
trigger:
  tags:
    include:
    - release-*

jobs:
- job: initialize
  displayName: Initialize
  pool:
    vmImage: ubuntu-latest
  steps:
  - checkout: self
    clean: true
    fetchDepth: 1
    persistCredentials: true
  - script: |
      git fetch origin main:main
      if git merge-base --is-ancestor $(Build.SourceVersion) main; then
        echo "This commit is in the main branch."
      else
        echo "This commit is not in the main branch."
        exit 1
      fi
    displayName: 'タグが付けられたCommitがmainブランチに存在するか確認'
- job: backend_deploy
  displayName: Backend Deploy
  pool:
    name: odms-deploy-pipeline
  steps:
  - checkout: self
    clean: true
    fetchDepth: 1
  - task: AzureRmWebAppDeployment@4
    inputs:
      ConnectionType: 'AzureRM'
      azureSubscription: $(AZURE_SERVICE_CONNECTION)
      appType: 'webAppContainer'
      WebAppName: 'app-odms-dictation-prod'
      ResourceGroupName: 'prod-application-rg'
      DockerNamespace: 'crodmsregistrymaintenance.azurecr.io'
      DockerRepository: '$(Build.Repository.Name)/staging/dictation'
      DockerImageTag: '$(Build.SourceVersion)'
- job: frontend_deploy
  displayName: Deploy Frontend Files
  variables:
    storageAccountName: saomdspipeline
    containerName: staging
  pool:
    name: odms-deploy-pipeline
  steps:
  - checkout: self
    clean: true
    fetchDepth: 1
  - task: AzureKeyVault@2
    displayName: 'Azure Key Vault: kv-odms-secret-prod'
    inputs:
      ConnectedServiceName: $(AZURE_SERVICE_CONNECTION)
      KeyVaultName: kv-odms-secret-prod
      SecretsFilter: '*'
  - task: AzureCLI@2
    inputs:
      azureSubscription: $(AZURE_SERVICE_CONNECTION)
      scriptType: 'bash'
      scriptLocation: 'inlineScript'
      inlineScript: |
        az storage blob download \
          --auth-mode login \
          --account-name $(storageAccountName) \
          --container-name $(containerName) \
          --name $(Build.SourceVersion).zip \
          --file $(Build.SourcesDirectory)/$(Build.SourceVersion).zip
  - task: Bash@3
    displayName: Bash Script
    inputs:
      targetType: inline
      script: unzip $(Build.SourcesDirectory)/$(Build.SourceVersion).zip -d $(Build.SourcesDirectory)/$(Build.SourceVersion)
  - task: AzureStaticWebApp@0
    displayName: 'Static Web App: '
    inputs:
      workingDirectory: '$(Build.SourcesDirectory)'
      app_location: '/$(Build.SourceVersion)'
      config_file_location: /dictation_client
      skip_app_build: true
      skip_api_build: true
      is_static_export: false
      verbose: false
      azure_static_web_apps_api_token: $(STATIC_DICTATION_DEPLOYMENT_TOKEN)
- job: migration
  condition: succeeded('initialize')
  displayName: DB migration
  dependsOn:
  - initialize
  - backend_deploy
  - frontend_deploy
  pool:
    name: db-migrate-pipelines
  steps:
  - checkout: self
    clean: true
    fetchDepth: 1
  - task: AzureKeyVault@2
    displayName: 'Azure Key Vault: kv-odms-secret-prod'
    inputs:
      ConnectedServiceName: $(AZURE_SERVICE_CONNECTION)
      KeyVaultName: kv-odms-secret-prod
  - task: CmdLine@2
    displayName: migration
    inputs:
      script: >2
         # DB接続情報書き換え
           sed -i -e "s/DB_NAME/$(db-name)/g"  ./dictation_server/db/dbconfig.yml
           sed -i -e "s/DB_PASS/$(db-pass)/g"  ./dictation_server/db/dbconfig.yml
           sed -i -e "s/DB_USERNAME/$(db-user)/g"  ./dictation_server/db/dbconfig.yml
           sed -i -e "s/DB_PORT/$(db-port)/g"  ./dictation_server/db/dbconfig.yml
           sed -i -e "s/DB_HOST/$(db-host)/g"  ./dictation_server/db/dbconfig.yml
           sql-migrate --version
           cat ./dictation_server/db/dbconfig.yml
           # migration実行
           sql-migrate up -config=./dictation_server/db/dbconfig.yml -env=ci