From 1bf75d4fd22615a88e8dccc89ac243e82f516441 Mon Sep 17 00:00:00 2001 From: Shrikesh4506 Date: Fri, 12 Sep 2025 16:00:57 +1000 Subject: [PATCH 1/3] trigger backend CI with ACR admin creds --- .github/workflows/backend_ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/backend_ci.yml b/.github/workflows/backend_ci.yml index 87ee014..d54531c 100644 --- a/.github/workflows/backend_ci.yml +++ b/.github/workflows/backend_ci.yml @@ -144,3 +144,5 @@ jobs: - name: Logout from Azure run: az logout if: always() + +trigger 2025-09-12T16:00:57 From 3294b4426065b58841dfda460a69b32bf69bf738 Mon Sep 17 00:00:00 2001 From: Shrikesh4506 Date: Fri, 12 Sep 2025 16:20:57 +1000 Subject: [PATCH 2/3] fix(ci): use ACR admin creds; build+push both backends --- .github/workflows/backend_ci.yml | 193 +++++++++++-------------------- 1 file changed, 66 insertions(+), 127 deletions(-) diff --git a/.github/workflows/backend_ci.yml b/.github/workflows/backend_ci.yml index d54531c..30ed97c 100644 --- a/.github/workflows/backend_ci.yml +++ b/.github/workflows/backend_ci.yml @@ -1,148 +1,87 @@ -# week07/.github/workflows/backend_ci.yml +cd S:\SIT722\week07 -name: Backend CI - Test, Build and Push Images to ACR +Set-Content -Path .github\workflows\backend_ci.yml -Value @" +name: Backend CI -# Trigger the workflow on pushes to the 'main' branch -# You can also add 'pull_request:' to run on PRs on: - # Manual trigger - workflow_dispatch: - - # Automatically on pushes to main branch push: - branches: - - main - paths: # Only trigger if changes are in backend directories - - 'backend/**' - - '.github/workflows/backend_ci.yml' # Trigger if this workflow file changes - -# Define global environment variables that can be used across jobs -env: - # ACR Login Server (e.g., myregistry.azurecr.io) - # This needs to be set as a GitHub Repository Secret - ACR_LOGIN_SERVER: ${{ secrets.ACR_LOGIN_SERVER }} - # Dynamically generate image tags based on Git SHA and GitHub Run ID - # This provides unique, traceable tags for each image build - IMAGE_TAG: ${{ github.sha }}-${{ github.run_id }} + paths: + - "backend/**" + - ".github/workflows/backend_ci.yml" + workflow_dispatch: jobs: - # Job 1: Run tests and linting for all backend services test_and_lint_backends: - runs-on: ubuntu-latest # Use a GitHub-hosted runner - - services: - # Product DB container - product_db: - image: postgres:15 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - POSTGRES_DB: products - # Make pg_isready available so the service is healthy before tests run - options: >- - --health-cmd "pg_isready -U postgres" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 5432:5432 - - # Order DB - order_db: - image: postgres:15 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - POSTGRES_DB: orders - ports: - - 5433:5432 - options: >- - --health-cmd "pg_isready -U postgres" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - + name: Test & Lint (Python) - Backends + runs-on: ubuntu-latest + strategy: + matrix: + service: + - product_service + - order_service + defaults: + run: + working-directory: backend/${{ matrix.service }} steps: - # 1. Checkout the repository code to the runner - - name: Checkout repository - uses: actions/checkout@v4 # Action to check out your repository code + - name: Checkout + uses: actions/checkout@v4 - # 2. Set up Python environment - - name: Set up Python 3.10 - uses: actions/setup-python@v5 # Action to set up Python environment + - name: Set up Python + uses: actions/setup-python@v5 with: - python-version: '3.10' - - # 3. Install dependencies and run code quality checks - - name: Install dependencies - run: | # Use a multi-line script to install pip dependencies - pip install --upgrade pip - # Loop through each backend service folder - for req in backend/*/requirements.txt; do - echo "Installing $req" - pip install -r "$req" - done - # Install CI tools - pip install pytest httpx + python-version: "3.11" - # 5. Run tests for product service - - name: Run product_service tests - working-directory: backend/product_service - env: - POSTGRES_HOST: localhost - POSTGRES_PORT: 5432 - POSTGRES_DB: products - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres + - name: Install deps run: | - pytest tests --maxfail=1 --disable-warnings -q - - # 6. Run tests for order service - - name: Run order_service tests - working-directory: backend/order_service - env: - POSTGRES_HOST: localhost - POSTGRES_PORT: 5433 - POSTGRES_DB: orders - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres + python -m pip install --upgrade pip + if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi + + - name: Run tests (if any) run: | - pytest tests --maxfail=1 --disable-warnings -q + if [ -d tests ]; then pytest -q || true; fi - # Job 2: Build and Push Docker Images (runs only if tests pass) build_and_push_images: + name: Build & Push Images to ACR runs-on: ubuntu-latest needs: test_and_lint_backends - + env: + REGISTRY: ${{ secrets.REGISTRY_LOGIN_SERVER }} steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Azure login using a Service Principal secret - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} # Needs to be set as a GitHub Secret (Service Principal JSON) - - # Login to Azure Container Registry (ACR) - - name: Login to Azure Container Registry - run: az acr login --name ${{ env.ACR_LOGIN_SERVER }} + - name: Checkout + uses: actions/checkout@v4 - # Build and Push Docker image for Product Service - - name: Build and Push Product Service Image - run: | - docker build -t ${{ env.ACR_LOGIN_SERVER }}/product_service:latest ./backend/product_service/ - docker push ${{ env.ACR_LOGIN_SERVER }}/product_service:latest + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - # Build and Push Docker image for Order Service - - name: Build and Push Order Service Image - run: | - docker build -t ${{ env.ACR_LOGIN_SERVER }}/order_service:latest ./backend/order_service/ - docker push ${{ env.ACR_LOGIN_SERVER }}/order_service:latest - - # Logout from Azure for security (runs even if image push fails) - - name: Logout from Azure - run: az logout - if: always() + - name: Login to ACR (admin user) + uses: azure/docker-login@v2 + with: + login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} -trigger 2025-09-12T16:00:57 + - name: Build & Push product_service + uses: docker/build-push-action@v5 + with: + context: ./backend/product_service + file: ./backend/product_service/Dockerfile + push: true + tags: | + ${{ env.REGISTRY }}/product_service:latest + ${{ env.REGISTRY }}/product_service:${{ github.sha }} + + - name: Build & Push order_service + uses: docker/build-push-action@v5 + with: + context: ./backend/order_service + file: ./backend/order_service/Dockerfile + push: true + tags: | + ${{ env.REGISTRY }}/order_service:latest + ${{ env.REGISTRY }}/order_service:${{ github.sha }} +"@ + +git add .github\workflows\backend_ci.yml +git commit -m "fix(ci): remove azure login; use ACR admin creds; build+push both backends" +git push From 4a3b4a5c25a3c59693a21c82a864800fdf09fa3b Mon Sep 17 00:00:00 2001 From: Shrikesh4506 Date: Fri, 12 Sep 2025 17:23:50 +1000 Subject: [PATCH 3/3] ci: backend workflow using Service Principal (AZURE_CREDENTIALS) --- .github/workflows/backend_ci.yml | 160 ++++++++++++++++++++----------- 1 file changed, 102 insertions(+), 58 deletions(-) diff --git a/.github/workflows/backend_ci.yml b/.github/workflows/backend_ci.yml index 30ed97c..f945712 100644 --- a/.github/workflows/backend_ci.yml +++ b/.github/workflows/backend_ci.yml @@ -1,87 +1,131 @@ -cd S:\SIT722\week07 - -Set-Content -Path .github\workflows\backend_ci.yml -Value @" -name: Backend CI +name: Backend CI - Test, Build and Push Images to ACR on: + workflow_dispatch: push: + branches: + - main paths: - - "backend/**" - - ".github/workflows/backend_ci.yml" - workflow_dispatch: + - 'backend/**' + - '.github/workflows/backend_ci.yml' + +env: + # Keep using the secret you already created + REGISTRY_LOGIN_SERVER: ${{ secrets.REGISTRY_LOGIN_SERVER }} + IMAGE_TAG: ${{ github.sha }}-${{ github.run_id }} jobs: test_and_lint_backends: - name: Test & Lint (Python) - Backends runs-on: ubuntu-latest - strategy: - matrix: - service: - - product_service - - order_service - defaults: - run: - working-directory: backend/${{ matrix.service }} + + services: + product_db: + image: postgres:15 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_DB: products + options: >- + --health-cmd "pg_isready -U postgres" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 5432:5432 + + order_db: + image: postgres:15 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_DB: orders + options: >- + --health-cmd "pg_isready -U postgres" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 5433:5432 + steps: - - name: Checkout + - name: Checkout repository uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.11" + python-version: '3.11' - - name: Install deps + - name: Install dependencies run: | python -m pip install --upgrade pip - if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi + for req in backend/*/requirements.txt; do + echo "Installing $req" + pip install -r "$req" + done + pip install pytest httpx - - name: Run tests (if any) - run: | - if [ -d tests ]; then pytest -q || true; fi + - name: Run product_service tests + working-directory: backend/product_service + env: + POSTGRES_HOST: localhost + POSTGRES_PORT: 5432 + POSTGRES_DB: products + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + run: pytest tests --maxfail=1 --disable-warnings -q + + - name: Run order_service tests + working-directory: backend/order_service + env: + POSTGRES_HOST: localhost + POSTGRES_PORT: 5433 + POSTGRES_DB: orders + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + run: pytest tests --maxfail=1 --disable-warnings -q build_and_push_images: - name: Build & Push Images to ACR runs-on: ubuntu-latest needs: test_and_lint_backends env: REGISTRY: ${{ secrets.REGISTRY_LOGIN_SERVER }} + steps: - - name: Checkout + - name: Checkout repository uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to ACR (admin user) - uses: azure/docker-login@v2 + - name: Azure Login (Service Principal) + uses: azure/login@v1 with: - login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} + creds: ${{ secrets.AZURE_CREDENTIALS }} - - name: Build & Push product_service - uses: docker/build-push-action@v5 - with: - context: ./backend/product_service - file: ./backend/product_service/Dockerfile - push: true - tags: | - ${{ env.REGISTRY }}/product_service:latest - ${{ env.REGISTRY }}/product_service:${{ github.sha }} - - - name: Build & Push order_service - uses: docker/build-push-action@v5 - with: - context: ./backend/order_service - file: ./backend/order_service/Dockerfile - push: true - tags: | - ${{ env.REGISTRY }}/order_service:latest - ${{ env.REGISTRY }}/order_service:${{ github.sha }} -"@ - -git add .github\workflows\backend_ci.yml -git commit -m "fix(ci): remove azure login; use ACR admin creds; build+push both backends" -git push + # Derive the ACR registry name (e.g., shrikesh) from login server (e.g., shrikesh.azurecr.io) + - name: Derive ACR name + id: derive + run: | + REGISTRY="${{ env.REGISTRY }}" + NAME=${REGISTRY%%.azurecr.io} + echo "ACR_NAME=$NAME" >> "$GITHUB_ENV" + echo "Using ACR name: $NAME" + + - name: Login to Azure Container Registry + run: az acr login --name "$ACR_NAME" + + - name: Build and Push Product Service + run: | + docker build -t ${{ env.REGISTRY }}/product_service:latest ./backend/product_service/ + docker tag ${{ env.REGISTRY }}/product_service:latest ${{ env.REGISTRY }}/product_service:${{ env.IMAGE_TAG }} + docker push ${{ env.REGISTRY }}/product_service:latest + docker push ${{ env.REGISTRY }}/product_service:${{ env.IMAGE_TAG }} + + - name: Build and Push Order Service + run: | + docker build -t ${{ env.REGISTRY }}/order_service:latest ./backend/order_service/ + docker tag ${{ env.REGISTRY }}/order_service:latest ${{ env.REGISTRY }}/order_service:${{ env.IMAGE_TAG }} + docker push ${{ env.REGISTRY }}/order_service:latest + docker push ${{ env.REGISTRY }}/order_service:${{ env.IMAGE_TAG }} + + - name: Logout from Azure + if: always() + run: az logout