test certificate

Fotogjengen · Nov 10, 2024 · 0b96e2e · 0b96e2e
1 parent 8db0178
commit 0b96e2e
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 71 deletions.
diff --git a/.github/workflows/get-certificate-in-azure.yml b/.github/workflows/get-certificate-in-azure.yml
@@ -0,0 +1,57 @@
+name: Generate and Deploy SSL Certificate from Let's Encrypt
+
+on:
+  schedule:
+    - cron: '0 0 * * 0,14'  # Run every 2 weeks at midnight UTC
+  push:
+    branches:
+      - main
+
+jobs:
+  generate-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install Certbot
+        run: |
+          sudo apt update
+          sudo apt install -y certbot
+
+      - name: Generate SSL Certificate with Certbot
+        run: |
+          # Define domain and email for Let's Encrypt registration
+          DOMAIN_NAME="backend.masus.no"
+          EMAIL="[email protected]"
+          
+          # Generate the certificate using Certbot with the HTTP-01 challenge
+          sudo certbot certonly --non-interactive --agree-tos --email $EMAIL --standalone -d $DOMAIN_NAME
+          
+          # Certbot stores the certificate and key in /etc/letsencrypt
+          CERT_PATH="/etc/letsencrypt/live/$DOMAIN_NAME/fullchain.pem"
+          KEY_PATH="/etc/letsencrypt/live/$DOMAIN_NAME/privkey.pem"
+          
+          # Base64 encode the certificate and key for use in Azure
+          CERT_PEM=$(cat $CERT_PATH | base64 -w 0)
+          KEY_PEM=$(cat $KEY_PATH | base64 -w 0)
+          
+          # Set environment variables to use later in the workflow
+          echo "CERT_PEM=$CERT_PEM" >> $GITHUB_ENV
+          echo "KEY_PEM=$KEY_PEM" >> $GITHUB_ENV
+
+      - name: Log in to Azure
+        uses: azure/login@v2
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Add certificate to Azure Application Gateway
+        run: |
+          # Add the certificate to the Azure Application Gateway
+          az network application-gateway ssl-cert create \
+            --gateway-name "hilfling-gateway" \
+            --resource-group "hilfling-backend_group" \
+            --name "hilfling-gateway-ssl-cert" \
+            --cert-file "/etc/letsencrypt/live/$DOMAIN_NAME/fullchain.pem" \
+            --key-file "/etc/letsencrypt/live/$DOMAIN_NAME/privkey.pem"
diff --git a/.github/workflows/test-workflow.yml b/.github/workflows/test-workflow.yml
@@ -22,82 +22,44 @@ jobs:
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
 
-#      - name: Log in to Azure Container Registry
-#        uses: azure/docker-login@v1
-#        with:
-#          login-server: ${{ secrets.ACR_LOGIN_SERVER }}
-#          username: ${{ secrets.ACR_USERNAME }}
-#          password: ${{ secrets.ACR_PASSWORD }}
-#
-#      - name: Build and push Docker image to ACR
-#        run: |
-#          docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/hilfling-backend:${{ github.sha }} .
-#          docker push ${{ secrets.ACR_LOGIN_SERVER }}/hilfling-backend:${{ github.sha }}
-#
-#      - name: Delete existing container instances
-#        run: |
-#          for i in 1 2 3; do
-#            az container delete \
-#              --name hilfling-backend${i} \
-#              --resource-group hilfling-backend_group \
-#              --yes || true
-#          done
-#
-#      - name: Deploy new container instances
-#        run: |
-#          for i in 1 2 3; do
-#            az container create \
-#              --name hilfling-backend${i} \
-#              --resource-group hilfling-backend_group \
-#              --registry-username ${{ secrets.ACR_USERNAME }} \
-#              --registry-password ${{ secrets.ACR_PASSWORD }} \
-#              --image ${{ secrets.ACR_LOGIN_SERVER }}/hilfling-backend:${{ github.sha }} \
-#              --cpu 1 --memory 2 \
-#              --environment-variables DATABASE_USERNAME=${{ secrets.HILFLINGDB_USERNAME }} \
-#              DATABASE_URL=${{ secrets.HILFLINGDB_URL_DEV }} \
-#              DATABASE_PASSWORD=${{ secrets.HILFLINGDB_PASSWORD }} \
-#              --ports 8000 \
-#              --dns-name-label hilfling-backend${i}-dns \
-#              --location norwayeast
-#          done
-#
-      - name: Check and Create Application Gateway if it does not exist
+      - name: Log in to Azure Container Registry
+        uses: azure/docker-login@v1
+        with:
+          login-server: ${{ secrets.ACR_LOGIN_SERVER }}
+          username: ${{ secrets.ACR_USERNAME }}
+          password: ${{ secrets.ACR_PASSWORD }}
+
+      - name: Build and push Docker image to ACR
         run: |
-          if ! az network application-gateway show --name hilfling-gateway --resource-group hilfling-backend_group &>/dev/null; then
-            az network application-gateway create \
-              --name hilfling-gateway \
-              --resource-group hilfling-backend_group \
-              --location norwayeast \
-              --sku Standard_v2 \
-              --capacity 2 \
-              --frontend-port 80 \
-              --http-settings-port 8000 \
-              --http-settings-protocol Http \
-              --public-ip-address hilfling-backend-ip \
-              --routing-rule-type Basic \
-              --priority 1
-          fi
+          docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/hilfling-backend:${{ github.sha }} .
+          docker push ${{ secrets.ACR_LOGIN_SERVER }}/hilfling-backend:${{ github.sha }}
 
-      - name: Update Application Gateway Backend Pool
+      - name: Delete existing container instances
         run: |
-          az network application-gateway address-pool delete \
-            --gateway-name hilfling-gateway \
-            --resource-group hilfling-backend_group \
-            --name hilfling-backend-pool || true
-          az network application-gateway address-pool create \
-            --gateway-name hilfling-gateway \
-            --resource-group hilfling-backend_group \
-            --name hilfling-backend-pool \
-            --servers hilfling-backend1-dns.norwayeast.azurecontainer.io hilfling-backend2-dns.norwayeast.azurecontainer.io hilfling-backend3-dns.norwayeast.azurecontainer.io
+          for i in 1 2 3; do
+            az container delete \
+              --name hilfling-backend${i} \
+              --resource-group hilfling-backend_group \
+              --yes || true
+          done
 
-      - name: Update Application Gateway Routing Rule
+      - name: Deploy new container instances
         run: |
-          az network application-gateway rule update \
-            --gateway-name hilfling-gateway \
-            --resource-group hilfling-backend_group \
-            --name hilfling-backend-rule \
-            --address-pool hilfling-backend-pool
-            --priority 1  # Ensure the routing rule has a defined priority
+          for i in 1 2 3; do
+            az container create \
+              --name hilfling-backend${i} \
+              --resource-group hilfling-backend_group \
+              --registry-username ${{ secrets.ACR_USERNAME }} \
+              --registry-password ${{ secrets.ACR_PASSWORD }} \
+              --image ${{ secrets.ACR_LOGIN_SERVER }}/hilfling-backend:${{ github.sha }} \
+              --cpu 1 --memory 2 \
+              --environment-variables DATABASE_USERNAME=${{ secrets.HILFLINGDB_USERNAME }} \
+              DATABASE_URL=${{ secrets.HILFLINGDB_URL_DEV }} \
+              DATABASE_PASSWORD=${{ secrets.HILFLINGDB_PASSWORD }} \
+              --ports 8000 \
+              --dns-name-label hilfling-backend${i}-dns \
+              --location norwayeast
+          done
 
       - name: Delete Docker image from ACR
         run: |