From 69e7fe7c41694ff0d656d43762b57b7308633a43 Mon Sep 17 00:00:00 2001
From: Are Almaas <arealmaas@gmail.com>
Date: Wed, 2 Oct 2024 14:20:03 +0200
Subject: [PATCH] ci: ensure unique revisions for deployments (#1211)

<!--- Provide a general summary of your changes in the Title above -->

## Description

There was an issue where if we re-run the same workflow for deployment,
it would fail because of using the same revision suffix. Changing to
passing in a revision suffix and using workflow run id and workflow
attempt to ensure uniqueness.

<!--- Describe your changes in detail -->

## Related Issue(s)

- #{issue number}

## Verification

- [ ] **Your** code builds clean without any errors or warnings
- [ ] Manual testing done (required)
- [ ] Relevant automated test added (if you find this hard, leave it and
we'll help out)

## Documentation

- [ ] Documentation is updated (either in `docs`-directory, Altinnpedia
or a separate linked PR in
[altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if
applicable)


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Introduced a new environment variable `REVISION_SUFFIX` for improved
tracking of deployment revisions.
- Added a `revisionSuffix` parameter across various Bicep configuration
files to enhance deployment customization and versioning.
- Standardized deployment names to include environment and version for
consistency.

- **Chores**
- Enhanced deployment workflow structure without altering the overall
functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---
 .azure/applications/graphql/main.bicep            | 6 +++++-
 .azure/applications/graphql/prod.bicepparam       | 1 +
 .azure/applications/graphql/staging.bicepparam    | 1 +
 .azure/applications/graphql/test.bicepparam       | 1 +
 .azure/applications/web-api-eu/main.bicep         | 6 +++++-
 .azure/applications/web-api-eu/prod.bicepparam    | 1 +
 .azure/applications/web-api-eu/staging.bicepparam | 1 +
 .azure/applications/web-api-eu/test.bicepparam    | 1 +
 .azure/applications/web-api-so/main.bicep         | 6 +++++-
 .azure/applications/web-api-so/prod.bicepparam    | 1 +
 .azure/applications/web-api-so/staging.bicepparam | 1 +
 .azure/applications/web-api-so/test.bicepparam    | 1 +
 .github/workflows/action-deploy-apps.yml          | 5 ++++-
 13 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/.azure/applications/graphql/main.bicep b/.azure/applications/graphql/main.bicep
index fb4edc2d8..a931e5361 100644
--- a/.azure/applications/graphql/main.bicep
+++ b/.azure/applications/graphql/main.bicep
@@ -16,6 +16,10 @@ param location string
 @minLength(3)
 param apimIp string
 
+@description('The suffix for the revision of the container app')
+@minLength(3)
+param revisionSuffix string
+
 @description('CPU and memory resources for the container app')
 param resources object?
 
@@ -87,7 +91,7 @@ module containerApp '../../modules/containerApp/main.bicep' = {
     apimIp: apimIp
     tags: tags
     resources: resources
-    revisionSuffix: imageTag
+    revisionSuffix: revisionSuffix
   }
 }
 
diff --git a/.azure/applications/graphql/prod.bicepparam b/.azure/applications/graphql/prod.bicepparam
index 84ff5332d..562917c43 100644
--- a/.azure/applications/graphql/prod.bicepparam
+++ b/.azure/applications/graphql/prod.bicepparam
@@ -4,6 +4,7 @@ param environment = 'prod'
 param location = 'norwayeast'
 param apimIp = '51.120.88.54'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/graphql/staging.bicepparam b/.azure/applications/graphql/staging.bicepparam
index 5287dd839..d2d415801 100644
--- a/.azure/applications/graphql/staging.bicepparam
+++ b/.azure/applications/graphql/staging.bicepparam
@@ -4,6 +4,7 @@ param environment = 'staging'
 param location = 'norwayeast'
 param apimIp = '51.13.86.131'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/graphql/test.bicepparam b/.azure/applications/graphql/test.bicepparam
index 8873fcd13..c5f6c464f 100644
--- a/.azure/applications/graphql/test.bicepparam
+++ b/.azure/applications/graphql/test.bicepparam
@@ -4,6 +4,7 @@ param environment = 'test'
 param location = 'norwayeast'
 param apimIp = '51.120.88.69'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/web-api-eu/main.bicep b/.azure/applications/web-api-eu/main.bicep
index 5458a454d..0ed28a2b7 100644
--- a/.azure/applications/web-api-eu/main.bicep
+++ b/.azure/applications/web-api-eu/main.bicep
@@ -16,6 +16,10 @@ param location string
 @minLength(3)
 param apimIp string
 
+@description('The suffix for the revision of the container app')
+@minLength(3)
+param revisionSuffix string
+
 @description('CPU and memory resources for the container app')
 param resources object?
 
@@ -90,7 +94,7 @@ module containerApp '../../modules/containerApp/main.bicep' = {
     apimIp: apimIp
     tags: tags
     resources: resources
-    revisionSuffix: imageTag
+    revisionSuffix: revisionSuffix
   }
 }
 
diff --git a/.azure/applications/web-api-eu/prod.bicepparam b/.azure/applications/web-api-eu/prod.bicepparam
index 84ff5332d..562917c43 100644
--- a/.azure/applications/web-api-eu/prod.bicepparam
+++ b/.azure/applications/web-api-eu/prod.bicepparam
@@ -4,6 +4,7 @@ param environment = 'prod'
 param location = 'norwayeast'
 param apimIp = '51.120.88.54'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/web-api-eu/staging.bicepparam b/.azure/applications/web-api-eu/staging.bicepparam
index 5287dd839..d2d415801 100644
--- a/.azure/applications/web-api-eu/staging.bicepparam
+++ b/.azure/applications/web-api-eu/staging.bicepparam
@@ -4,6 +4,7 @@ param environment = 'staging'
 param location = 'norwayeast'
 param apimIp = '51.13.86.131'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/web-api-eu/test.bicepparam b/.azure/applications/web-api-eu/test.bicepparam
index 8873fcd13..c5f6c464f 100644
--- a/.azure/applications/web-api-eu/test.bicepparam
+++ b/.azure/applications/web-api-eu/test.bicepparam
@@ -4,6 +4,7 @@ param environment = 'test'
 param location = 'norwayeast'
 param apimIp = '51.120.88.69'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/web-api-so/main.bicep b/.azure/applications/web-api-so/main.bicep
index e510fb86a..8a4c63237 100644
--- a/.azure/applications/web-api-so/main.bicep
+++ b/.azure/applications/web-api-so/main.bicep
@@ -16,6 +16,10 @@ param location string
 @minLength(3)
 param apimIp string
 
+@description('The suffix for the revision of the container app')
+@minLength(3)
+param revisionSuffix string
+
 @description('CPU and memory resources for the container app')
 param resources object?
 
@@ -94,7 +98,7 @@ module containerApp '../../modules/containerApp/main.bicep' = {
     apimIp: apimIp
     tags: tags
     resources: resources
-    revisionSuffix: imageTag
+    revisionSuffix: revisionSuffix
   }
 }
 
diff --git a/.azure/applications/web-api-so/prod.bicepparam b/.azure/applications/web-api-so/prod.bicepparam
index 84ff5332d..562917c43 100644
--- a/.azure/applications/web-api-so/prod.bicepparam
+++ b/.azure/applications/web-api-so/prod.bicepparam
@@ -4,6 +4,7 @@ param environment = 'prod'
 param location = 'norwayeast'
 param apimIp = '51.120.88.54'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/web-api-so/staging.bicepparam b/.azure/applications/web-api-so/staging.bicepparam
index 5287dd839..d2d415801 100644
--- a/.azure/applications/web-api-so/staging.bicepparam
+++ b/.azure/applications/web-api-so/staging.bicepparam
@@ -4,6 +4,7 @@ param environment = 'staging'
 param location = 'norwayeast'
 param apimIp = '51.13.86.131'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/web-api-so/test.bicepparam b/.azure/applications/web-api-so/test.bicepparam
index 8873fcd13..c5f6c464f 100644
--- a/.azure/applications/web-api-so/test.bicepparam
+++ b/.azure/applications/web-api-so/test.bicepparam
@@ -4,6 +4,7 @@ param environment = 'test'
 param location = 'norwayeast'
 param apimIp = '51.120.88.69'
 param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
 
 // secrets
 param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.github/workflows/action-deploy-apps.yml b/.github/workflows/action-deploy-apps.yml
index 35325f8d5..79a87e76f 100644
--- a/.github/workflows/action-deploy-apps.yml
+++ b/.github/workflows/action-deploy-apps.yml
@@ -149,6 +149,8 @@ jobs:
     permissions:
       id-token: write
       contents: read
+    env:
+      REVISION_SUFFIX: "${{ github.run_id }}-${{ inputs.version }}-${{ github.run_attempt}}"
     steps:
       - name: "Checkout GitHub Action"
         uses: actions/checkout@v4
@@ -159,7 +161,6 @@ jobs:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
       - name: Dryrun Deploy app ${{ matrix.name }}(${{ inputs.environment }})
         uses: azure/arm-deploy@v2
         if: ${{ inputs.dryRun }}
@@ -167,6 +168,7 @@ jobs:
         env:
           # parameters
           IMAGE_TAG: ${{ inputs.version }}
+          REVISION_SUFFIX: ${{ env.REVISION_SUFFIX }}
           # secrets
           AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
           AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
@@ -190,6 +192,7 @@ jobs:
         env:
           # parameters
           IMAGE_TAG: ${{ inputs.version }}
+          REVISION_SUFFIX: ${{ env.REVISION_SUFFIX }}
           # secrets
           AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
           AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}