Creating GitHub Actions to Automate PRISM Mock API server in Azure Container App Deployment

If you have read two of my previous posts, you would have successfully hosted PRISM Mock API server in Azure Container App. This way, your mock API runs on the cloud with very minimal cost.

Prerequisite

• Read part 1 and part 2 of the guide which can be found in the link above.
• Valid Azure subscription. Go ahead and register if you do not have one and Microsoft will give free access to selected services for 12 months. Apart from that, several consumption tier services are free for development use and will be charged quite minimally.
• GitHub Desktop application.
• GitHub account.

Setting Up Azure Service Principal

• Provided that you have a valid Azure subscription, you can create AD application in your AD tenant.
• You can create service principal by either Azure CLI or Azure portal.

Creating Azure Service Principal using Azure CLI

• Below is the Azure CLI command to create service principal.

# Create a service principal with required parameter
az ad sp create-for-rbac --scopes /subscriptions/mySubscriptionID

# Create a service principal for a resource group using a preferred name and role
az ad sp create-for-rbac --name myServicePrincipalName \
                         --role reader \
                         --scopes /subscriptions/mySubscriptionID/resourceGroups/myResourceGroupName        

• If you did this and successfully generated the service principal id and secret you can skip Azure Portal section and go directly to Setting Up Git Repository section.

Creating Azure Service Principal using Azure Portal

• Log in to Azure portal.
• Search for Azure Active Directory and select.

• Select App registrations in the left bar then click Click + New registration.

• Fill in the name and then click Register.

• Select Certificates & secrets and then + New client secret then fill in the Description and finally click Add.

• Once the secret has been created save the value aside as fast as possible as you cannot view it again if you close the page.

• Go back to the overview page and copy the application ID, this will be used in the next section of this article.

• Assign the service principal Contributor access to the resource group that contains Azure Container App created in part 2 of the article.
• Go to the resource group -> Access control (IAM) -> Add role assignment.

• Go to Privileged administrator roles and select Contributor then click Next.

• Click + Select members and then search for the service principal that was created in the steps above and click Select.

• Finally click Review + assign.

Setting Up Git Repository

• Open terminal.
• cd to the folder containing your PRISM mock API that was created in part 1 and 2.
• Initialize Git using this command.

git init

• This will initialize Git, so the next step is to create .gitignore file and add this to exclude node_modules folder from being tracked by git.

node_modules        

• Next is to add files for Git to commit.

git add --all

• Finally commit.

git commit -m "initial commit"

• Once done, the next step is to bring this to GitHub.

GitHub

There are multiple ways to get existing code to GitHub either by creating a new repository and uploading the file manually or by adding GitHub as the origin for an existing repository. But, another easier way is to add the existing repository from GitHub desktop and pushing from there.

• In GitHub Desktop app, click File -> Add local repository.

• Choose the folder where the repository was created.

• After the repository was added to GitHub, the next step is to just do a Git push from the GitHub Desktop application.

GitHub Actions

Now we have come to the interesting part of setting up the GitHub actions that will do the following:

1. Build the mock API application in a docker container.
2. Upload the docker image created in step 1 to Docker Hub container registry.
3. Update Azure Container App to pull the new image from our Docker Hub container registry and run the new revision of the container.

Creating GitHub Actions Secret and Variables

• Create these GitHub repository secret and assign it with appropriate values:DOCKERHUB_USERNAMEDOCKERHUB_TOKEN AZURE_CREDENTIALS

• For AZURE_CREDENTIALS secret value it should look something like this

{
    "clientId": "<This should be the client id of the service principal created above>",
    "clientSecret": "<This should be client secret generated in the step above>",
    "subscriptionId": "<Your Azure subscription ID>",
    "tenantId": "<Your Azure AD tenant ID>"
}          

• Create these GitHub repository variables and assign it with appropriate values:

APP_NAME

AZURE_CONTAINER_APP_ENVIRONMENT

AZURE_CONTAINER_APP_NAME

AZURE_CONTAINER_APP_RESOURCE_GROUP

GitHub Actions Workflow File

• In the main project folder, create .github/workflows folder.
• In that folder create a file called deploy-aca.yaml file and copy this content.

name: CI/CD Prism Mock API

on:
  # Triggers the workflow on push or pull request events but only for the "main" branch
  push:
    branches: ["master"]

  workflow_dispatch:

jobs:
  build_and_containerise:
    name: Build & Containerise & Push to Docker Hub
    runs-on: ubuntu-latest    
      
    steps:
        - name: Checkout
          uses: actions/checkout@v3
    
        - name: Login to Docker Hub
          uses: docker/login-action@v2
          with:
            username: ${{ secrets.DOCKERHUB_USERNAME }}
            password: ${{ secrets.DOCKERHUB_TOKEN }}
        - name: Set up Docker Buildx
          uses: docker/setup-buildx-action@v2

        - name: Build and push
          uses: docker/build-push-action@v4
          with:
            context: .
            file: ./Dockerfile
            push: true
            tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ vars.APP_NAME }}:${{ github.sha }}

  deploy:
    name: Deploy to ACA   
    needs: [ build_and_containerise ]
    runs-on: ubuntu-latest

    steps:
        - name: Log in to Azure
          uses: azure/login@v1
          with:
            creds: ${{ secrets.AZURE_CREDENTIALS }}

        - name: Deploy service
          uses: azure/container-apps-deploy-action@v1
          with:
            registryUrl: ${{ vars.REGISTRY_URL }} 
            registryUsername: ${{ secrets.REGISTRY_USERNAME }}
            registryPassword: ${{ secrets.REGISTRY_PASSWORD }}
            resourceGroup: ${{ vars.AZURE_CONTAINER_APP_RESOURCE_GROUP }}
            containerAppName: ${{ vars.AZURE_CONTAINER_APP_NAME }}
            containerAppEnvironment: ${{ vars.AZURE_CONTAINER_APP_ENVIRONMENT }}
            imageToDeploy: ${{ secrets.REGISTRY_USERNAME }}/${{ vars.APP_NAME }}:${{ github.sha }}        

• Git add the new file, commit and then, push.
• Provided if you have all previous steps correctly, you should be able to see the actions being triggered and the live log from the build and deployment process.

• Go back to to Azure Container Apps and verify that the latest tag is being used.

• Compare it with the latest tag in Docker Hub.

GitHub Actions Workflow Explanation

Build and Containerise

  build_and_containerise:
    name: Build & Containerise & Push to Docker Hub
    runs-on: ubuntu-latest    
      
    steps:
        - name: Checkout
          uses: actions/checkout@v3
    
        - name: Login to Docker Hub
          uses: docker/login-action@v2
          with:
            username: ${{ secrets.DOCKERHUB_USERNAME }}
            password: ${{ secrets.DOCKERHUB_TOKEN }}
        - name: Set up Docker Buildx
          uses: docker/setup-buildx-action@v2

        - name: Build and push
          uses: docker/build-push-action@v4
          with:
            context: .
            file: ./Dockerfile
            push: true
            tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ vars.APP_NAME }}:${{ github.sha }}        

1. First step of this job will check out code from current repository.
2. Second step logs in to Docker Hub with the username and password stored in GitHub repository secret.
3. Third step will then reads the Dockerfile and runs build then push to Docker Hub registry based on tag that will be created via concatenation of username in GitHub repository secret, app name in GitHub repository variable and also the git commit signature so each commit in Master branch will generate a unique tag.

Deploy

  deploy:
    name: Deploy to ACA   
    needs: [ build_and_containerise ]
    runs-on: ubuntu-latest

    steps:
        - name: Log in to Azure
          uses: azure/login@v1
          with:
            creds: ${{ secrets.AZURE_CREDENTIALS }}

        - name: Deploy service
          uses: azure/container-apps-deploy-action@v1
          with:
            registryUrl: ${{ vars.REGISTRY_URL }} 
            registryUsername: ${{ secrets.REGISTRY_USERNAME }}
            registryPassword: ${{ secrets.REGISTRY_PASSWORD }}
            resourceGroup: ${{ vars.AZURE_CONTAINER_APP_RESOURCE_GROUP }}
            containerAppName: ${{ vars.AZURE_CONTAINER_APP_NAME }}
            containerAppEnvironment: ${{ vars.AZURE_CONTAINER_APP_ENVIRONMENT }}
            imageToDeploy: ${{ secrets.REGISTRY_USERNAME }}/${{ vars.APP_NAME }}:${{ github.sha }}        

1. First step of this job will log in to Azure using AZURE_CREDENTIALS secret stored in GitHub repository secret.
2. Second step will then pulls the image created by Build and Containerise job, create new Azure Container App revision and then run the new revision.

Conclusion

If you managed to follow this article, you should be able to automate build and deployment of you Prism Mock API server to Azure Container App. This can also be a guide if you want to deploy another application written in any language or framework be it nodeJS, dotnet, Java, Go or Python.

The best part of using this combination of GitHub actions, Docker Hub container registry and also Azure Container Apps is that it is FREE and we all know that free is good.