diff --git a/.azure/containerApp/createExternal.bicep b/.azure/containerApp/createExternal.bicep index a43bee3b3..6f63072c3 100644 --- a/.azure/containerApp/createExternal.bicep +++ b/.azure/containerApp/createExternal.bicep @@ -210,5 +210,6 @@ output identityPrincipalIds array = [ output containerAppEnvName string = containerAppEnv.name output webApiSoName string = webapiSo.name +output webApiSoRevisionName string = webapiSo.properties.latestRevisionName output webApiEuName string = webapiEu.name output migrationJobName string = migrationJob.name diff --git a/.azure/main.bicep b/.azure/main.bicep index d83056de5..423cae462 100644 --- a/.azure/main.bicep +++ b/.azure/main.bicep @@ -333,3 +333,4 @@ module keyVaultReaderAccessPolicy 'keyvault/addReaderRoles.bicep' = { output migrationJobName string = containerAppsExternal.outputs.migrationJobName output resourceGroupName string = resourceGroup.name +output webapiSoRevisionName string = containerAppsExternal.outputs.webApiSoRevisionName diff --git a/.github/tools/revisionVerifier.sh b/.github/tools/revisionVerifier.sh new file mode 100755 index 000000000..632296d9d --- /dev/null +++ b/.github/tools/revisionVerifier.sh @@ -0,0 +1,50 @@ +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +if [ -z "$2" ]; then + echo "Usage: $0 " + exit 1 +fi + +revision_name="$1" +resource_group="$2" +query_filter="{name:name, runningState:properties.runningState, healthState:properties.healthState}" + +verify_revision() { + local json_output + + # Fetch app revision + json_output=$(az containerapp revision show -g "$resource_group" --revision "$revision_name" --query "$query_filter" 2>/dev/null) + + health_state=$(echo $json_output | jq -r '.healthState') + running_state=$(echo $json_output | jq -r '.runningState') + + echo "Revision $revision_name status:" + echo "-----------------------------" + echo "Health state: $health_state" + echo "Running state: $running_state" + echo " " + + # Check health and running status + if [[ $health_state == "Healthy" && ($running_state == "Running" || $running_state == "RunningAtMaxScale") ]]; then + return 0 # OK! + else + return 1 # Not OK! + fi +} + +attempt=1 + +# Loop until verified (GitHub action will do a timeout) +while true; do + if verify_revision; then + echo "Revision $revision_name is healthy and running" + break + else + echo "Attempt $attempt: Waiting for revision $revision_name ..." + sleep 10 # Sleep for 10 seconds + attempt=$((attempt+1)) + fi +done \ No newline at end of file diff --git a/.github/workflows/action-deploy.yml b/.github/workflows/action-deploy.yml index bea79de40..7ffb35a55 100644 --- a/.github/workflows/action-deploy.yml +++ b/.github/workflows/action-deploy.yml @@ -2,6 +2,9 @@ on: workflow_call: + env: + AZ_CLI_VERSION: 2.56.0 + secrets: AZURE_CLIENT_ID: required: true @@ -56,7 +59,7 @@ jobs: uses: azure/CLI@v1 id: keyvault-keys with: - azcliversion: 2.56.0 + azcliversion: ${{ env.AZ_CLI_VERSION }} inlineScript: | KEY_VAULT_KEYS=$(az keyvault secret list --vault-name ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} --subscription ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} --query "[].name" -o json | tr -d '\n') echo "::set-output name=key-vault-keys::$KEY_VAULT_KEYS" @@ -98,10 +101,20 @@ jobs: uses: azure/CLI@v1 if: ${{!inputs.dryRun}} with: - azcliversion: 2.56.0 + azcliversion: ${{ env.AZ_CLI_VERSION }} inlineScript: | az containerapp job start -n ${{ steps.deploy.outputs.migrationJobName }} -g ${{ steps.deploy.outputs.resourceGroupName }} + - name: Verify deployment running + timeout-minutes: 3 + uses: azure/CLI@v1 + id: verify-deployment + with: + azcliversion: ${{ env.AZ_CLI_VERSION }} + inlineScript: | + ./.github/tools/revisionVerifier.sh "${{ steps.deploy.outputs.webApiSoRevisionName }} ${{ steps.deploy.outputs.resourceGroupName }}" + + - name: Logout from azure if: ${{failure() || success()}} continue-on-error: true