name: Deploy to Humanitec on: # Runs automatically after Build and Push succeeds — prevents deploying before image exists workflow_run: workflows: ["Build and Push to ACR"] types: - completed branches: [ "main" ] workflow_dispatch: inputs: environment: description: 'Target environment' required: true default: 'development' type: choice options: - development - staging - production env: APP_ID: online-boutique AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token DEFAULT_ENV_ID: development jobs: deploy: name: Deploy to Humanitec runs-on: ubuntu-latest # Only deploy when build succeeded (or when manually dispatched) if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' permissions: contents: read id-token: write outputs: sha: NaN steps: - name: Checkout code uses: actions/checkout@v4 - name: Get short SHA id: get-sha run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Install CLI tools run: | echo "Installing required tools..." # Install yq echo "Installing yq..." wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 chmod +x /usr/local/bin/yq yq --version # Install jq echo "Installing jq..." wget -qO /usr/local/bin/jq https://github.com/jqlang/jq/releases/latest/download/jq-linux-amd64 chmod +x /usr/local/bin/jq jq --version # Install humctl echo "Installing humctl..." cd /tmp HUMCTL_VERSION=$(curl -s https://api.github.com/repos/humanitec/cli/releases/latest | jq -r '.tag_name') wget -q https://github.com/humanitec/cli/releases/download/${HUMCTL_VERSION}/cli_${HUMCTL_VERSION#v}_linux_amd64.tar.gz tar -xzf cli_${HUMCTL_VERSION#v}_linux_amd64.tar.gz mv humctl /usr/local/bin/ chmod +x /usr/local/bin/humctl cd - humctl version echo "Tools installed" # ── Install Azure CLI ─────────────────────────────────────────────── # act runners don't include az by default — install via Microsoft's # official script which works on Debian/Ubuntu without sudo. - name: Install Azure CLI run: | if command -v az &>/dev/null; then echo "Azure CLI already installed: $(az version --query '"azure-cli"' -o tsv)" else curl -sL https://aka.ms/InstallAzureCLIDeb | bash fi # ── Authenticate to Azure ────────────────────────────────────────── - name: Azure login (OIDC) run: | az login \ --service-principal \ --username "$AZURE_CLIENT_ID" \ --tenant "$AZURE_TENANT_ID" \ --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" echo "✓ Azure login successful" - name: Get image reference id: image run: | ACR_LOGIN_SERVER=$(az acr list --query "[0].loginServer" -o tsv) COMMIT_SHA=NaN IMAGE_FULL="${ACR_LOGIN_SERVER}/online-boutique:${COMMIT_SHA}" echo "IMAGE_FULL=$IMAGE_FULL" >> $GITHUB_ENV echo "SHA: $COMMIT_SHA" echo "✓ Image: $IMAGE_FULL" - name: Set environment id: set-env run: | if [ "" = "workflow_dispatch" ]; then ENV_ID="" else ENV_ID="$DEFAULT_ENV_ID" fi # Set default if empty ENV_ID="${ENV_ID:-development}" echo "ENV_ID=$ENV_ID" >> $GITHUB_OUTPUT echo "ENV_ID=$ENV_ID" >> $GITHUB_ENV echo "DEPLOYMENT_ID=$(date +%Y%m%d-%H%M%S)-NaN" >> $GITHUB_OUTPUT echo "✓ Using environment: $ENV_ID" - name: Get Humanitec token from Key Vault id: get-secret run: | echo "Retrieving Humanitec token from Key Vault..." HUMANITEC_TOKEN=$(az keyvault secret show \ --vault-name "bstage-cjot-dev-core-kv" \ --name "humanitec-api-token" \ --query "value" \ --output tsv) if [ -z "$HUMANITEC_TOKEN" ]; then echo "❌ Failed to retrieve Humanitec token" exit 1 fi echo "HUMANITEC_TOKEN=$HUMANITEC_TOKEN" >> $GITHUB_ENV echo "✓ Humanitec token retrieved successfully" HUMANITEC_ORG=$(az keyvault secret show \ --vault-name "bstage-cjot-dev-core-kv" \ --name "humanitec-org-id" \ --query "value" \ --output tsv) if [ -z "$HUMANITEC_ORG" ]; then echo "❌ Failed to retrieve Humanitec org" exit 1 fi echo "HUMANITEC_ORG=$HUMANITEC_ORG" >> $GITHUB_ENV echo "✓ Humanitec org retrieved successfully" - name: Deploy via Humanitec Score id: deploy run: | # Capture outputs from previous steps as environment variables echo " Org: $HUMANITEC_ORG" echo " App: $APP_ID" echo " Env: $ENV_ID" echo " Image: $IMAGE_FULL" echo " sha: NaN" # Deploy using Score humctl score deploy \ --org "$HUMANITEC_ORG" \ --app "$APP_ID" \ --env "$ENV_ID" \ --file score.yaml \ --image containers.app=$IMAGE_FULL \ --message "Deployment from commit NaN" \ --token "$HUMANITEC_TOKEN" \ -v 5 echo "✓ Deployment successful!" - name: Deployment Summary run: | DEPLOY_URL="https://app.humanitec.io/orgs/${HUMANITEC_ORG}/apps/${APP_ID}/envs/$ENV_ID" GRAFANA_URL="https://grafana.kyndemo.live/d/spring-boot-dashboard?var-app=${APP_ID}" echo "### 🚀 Deployment Complete" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "- **Application**: ${APP_ID}" >> $GITHUB_STEP_SUMMARY echo "- **Environment**: $ENV_ID" >> $GITHUB_STEP_SUMMARY echo "- **Image**: $IMAGE_FULL" >> $GITHUB_STEP_SUMMARY echo "- **Commit**: NaN" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "📊 **Links:**" >> $GITHUB_STEP_SUMMARY echo "- [Humanitec Console]($DEPLOY_URL)" >> $GITHUB_STEP_SUMMARY echo "- [Grafana Dashboard]($GRAFANA_URL)" >> $GITHUB_STEP_SUMMARY