name: Build and Push to ACR on: push: branches: [ "main" ] pull_request: branches: [ "main" ] workflow_dispatch: {} concurrency: group: - cancel-in-progress: true env: AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token jobs: build: name: Build and Push runs-on: ubuntu-latest permissions: contents: read id-token: write steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '17' cache: 'maven' - name: Install Maven run: | echo "Installing Maven..." apt-get update -qq apt-get install -y maven mvn --version echo "Maven installed" - name: Build with Maven run: | echo "Building online-boutique..." mvn clean package -DskipTests -B echo "Build completed" - name: Run tests run: | echo "Running tests..." mvn test -B echo "Tests passed" # ── Install Azure CLI ─────────────────────────────────────────────── # act runners don't include az by default — install via Microsoft's # official script which works on Debian/Ubuntu without sudo. - name: Install Azure CLI run: | if command -v az &>/dev/null; then echo "Azure CLI already installed: $(az version --query '"azure-cli"' -o tsv)" else curl -sL https://aka.ms/InstallAzureCLIDeb | bash fi # ── Authenticate to Azure ────────────────────────────────────────── - name: Azure login (OIDC) run: | az login \ --service-principal \ --username "$AZURE_CLIENT_ID" \ --tenant "$AZURE_TENANT_ID" \ --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" echo "✓ Azure login successful" - name: Get ACR details id: acr run: | echo "Getting ACR details..." ACR_NAME=$(az acr list --query "[0].name" -o tsv) ACR_NAME="${ACR_NAME:-bstagecjotdevacr}" ACR_LOGIN_SERVER="${ACR_NAME}.azurecr.io" # Validation if [ -z "$ACR_NAME" ]; then echo "❌ ACR_NAME is empty" exit 1 fi if [ -z "$ACR_LOGIN_SERVER" ]; then echo "❌ ACR_LOGIN_SERVER is empty" exit 1 fi echo "ACR_NAME=$ACR_NAME" >> $GITHUB_ENV echo "ACR_LOGIN_SERVER=$ACR_LOGIN_SERVER" >> $GITHUB_ENV echo "✓ Using ACR: $ACR_LOGIN_SERVER" - name: ACR Login run: | echo "Logging into ACR..." echo "ACR_NAME='$ACR_NAME'" ACR_TOKEN=$(az acr login --name "$ACR_NAME" --expose-token --output tsv --query accessToken) docker login "$ACR_LOGIN_SERVER" --username "$AZURE_CLIENT_ID" --password "$ACR_TOKEN" echo "✓ ACR login successful" - name: Build and Push Docker Image run: | IMAGE_NAME="online-boutique" IMAGE_TAG="" IMAGE_FULL="/$IMAGE_NAME:$IMAGE_TAG" IMAGE_LATEST="/$IMAGE_NAME:latest" echo "Building Docker image..." docker build -t $IMAGE_NAME:$IMAGE_TAG . echo "Tagging images..." docker tag $IMAGE_NAME:$IMAGE_TAG $IMAGE_FULL docker tag $IMAGE_NAME:$IMAGE_TAG $IMAGE_LATEST echo "Pushing to ACR..." docker push $IMAGE_FULL docker push $IMAGE_LATEST echo "Images pushed:" echo " - $IMAGE_FULL" echo " - $IMAGE_LATEST" echo "IMAGE_FULL=$IMAGE_FULL" >> $GITHUB_ENV - name: Build Summary run: | echo "### Build Successful" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "- **Application**: online-boutique" >> $GITHUB_STEP_SUMMARY echo "- **Commit**: " >> $GITHUB_STEP_SUMMARY echo "- **Image**: " >> $GITHUB_STEP_SUMMARY echo "- **ACR**: " >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "Built, tested, and pushed to ACR!" >> $GITHUB_STEP_SUMMARY