Proof/backend push resolve

.github/workflows/backend-cd.yml

@@ -1,101 +1,39 @@
-name: CD - Deploy Backend Services to AKS
+name: Backend CD - Deploy to AKS
 
 on:
-  workflow_dispatch:
-    inputs:
-      aks_cluster_name:
-        description: 'Name of the AKS Cluster to deploy to'
-        required: true
-        default: '<aks_cluster_name>'
-      aks_resource_group:
-        description: 'Resource Group of the AKS Cluster'
-        required: true
-        default: '<resource_group_name>'
-      aks_acr_name:
-        description: 'Name of ACR'
-        required: true
-        default: '<acr_name>'
+  workflow_run:
+    workflows: ["CI Frontend and Backend"]
+    types: [completed]
+    branches: [main]
+
+concurrency:
+  group: cd-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  id-token: write
 
 jobs:
-  deploy_backend:
+  deploy:
+    if: ${{ github.event.workflow_run.conclusion == 'success' && vars.AZURE_CLIENT_ID && vars.AZURE_TENANT_ID && vars.AZURE_SUBSCRIPTION_ID }}
     runs-on: ubuntu-latest
-    environment: Production
-
-    outputs:
-      PRODUCT_API_IP: ${{ steps.get_product_ip.outputs.external_ip }}
-      ORDER_API_IP: ${{ steps.get_order_ip.outputs.external_ip }}
-
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-      - name: Log in to Azure
-        uses: azure/login@v1
+      - name: Azure login (OIDC)
+        uses: azure/login@v2
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-          enable-AzPSSession: true
-
-      - name: Set Kubernetes context (get AKS credentials)
-        run: |
-          az aks get-credentials --resource-group ${{ github.event.inputs.aks_resource_group }} --name ${{ github.event.inputs.aks_cluster_name }} --overwrite-existing
-
-      - name: Attach ACR
-        run: |
-          az aks update --name ${{ github.event.inputs.aks_cluster_name }} --resource-group ${{ github.event.inputs.aks_resource_group }} --attach-acr ${{ github.event.inputs.aks_acr_name }}
-
-      - name: Deploy Backend Infrastructure (Namespace, ConfigMaps, Secrets, Databases)
-        run: |
-          echo "Deploying backend infrastructure..."
-          cd k8s/
-          kubectl apply -f configmaps.yaml
-          kubectl apply -f secrets.yaml
-          kubectl apply -f product-db.yaml
-          kubectl apply -f order-db.yaml
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
 
-      - name: Deploy Backend Microservices (Product, Order)
+      - name: Show ACR images
         run: |
-          echo "Deploying backend microservices..."
-          cd k8s/
-          kubectl apply -f product-service.yaml
-          kubectl apply -f order-service.yaml
-
-      - name: Wait for Backend LoadBalancer IPs
-        run: |
-          echo "Waiting for Product, Order LoadBalancer IPs to be assigned (up to 5 minutes)..."
-          PRODUCT_IP=""
-          ORDER_IP=""
-
-          for i in $(seq 1 60); do
-            echo "Attempt $i/60 to get IPs..."
-            PRODUCT_IP=$(kubectl get service product-service-w08e1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-            ORDER_IP=$(kubectl get service order-service-w08e1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-
-            if [[ -n "$PRODUCT_IP" && -n "$ORDER_IP" ]]; then
-              echo "All backend LoadBalancer IPs assigned!"
-              echo "Product Service IP: $PRODUCT_IP"
-              echo "Order Service IP: $ORDER_IP"
-              break
-            fi
-            sleep 5 # Wait 5 seconds before next attempt
-          done
-
-          if [[ -z "$PRODUCT_IP" || -z "$ORDER_IP" ]]; then
-            echo "Error: One or more LoadBalancer IPs not assigned after timeout."
-            exit 1 # Fail the job if IPs are not obtained
-          fi
-
-          # These are environment variables for subsequent steps in the *same job*
-          # And used to set the job outputs
-          echo "PRODUCT_IP=$PRODUCT_IP" >> $GITHUB_ENV
-          echo "ORDER_IP=$ORDER_IP" >> $GITHUB_ENV
-
-      - name: Capture Product Service IP for Workflow Output
-        id: get_product_ip
-        run: echo "external_ip=${{ env.PRODUCT_IP }}" >> $GITHUB_OUTPUT
-
-      - name: Capture Order Service IP for Workflow Output
-        id: get_order_ip
-        run: echo "external_ip=${{ env.ORDER_IP }}" >> $GITHUB_OUTPUT
+          : "${ACR_LOGIN_SERVER?Need env ACR_LOGIN_SERVER (e.g. wk08acr123.azurecr.io)}"
+          az acr repository list --name "${ACR_LOGIN_SERVER%%.azurecr.io}" -o table
 
-      - name: Logout from Azure
-        run: az logout
+      # - name: Get AKS creds
+      #   run: az aks get-credentials -g <resource-group> -n <aks-name> --overwrite-existing
+      # - name: kubectl apply
+      #   run: kubectl apply -f k8s/

.github/workflows/backend-cd.yml.disabled

@@ -0,0 +1,62 @@
+name: Backend CD - Deploy to AKS
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Image tag to deploy (leave blank to use latest CI SHA)"
+        required: false
+  workflow_run:
+    workflows: [ "Backend CI - Test, Build and Push Images to ACR" ]
+    types: [ "completed" ]
+    branches: [ "main" ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
+    env:
+      ACR_LOGIN_SERVER: s722acr84438.azurecr.io
+      SUB_ID: 3ec3f453-a0b9-4c9e-81d1-fc985be293b5
+      NAMESPACE: default
+      ORDER_DEPLOY: order-service-w08e1
+      PRODUCT_DEPLOY: product-service-w08e1
+      ORDER_CONTAINER: order-service-container
+      PRODUCT_CONTAINER: product-service-container
+      TAG: ${{ inputs.tag || github.event.workflow_run.head_sha || github.sha }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Set subscription
+        run: az account set --subscription "$SUB_ID"
+
+      - name: Set AKS context (admin kubeconfig)
+        uses: azure/aks-set-context@v3
+        with:
+          resource-group: ${{ secrets.AKS_RG }}
+          cluster-name:  ${{ secrets.AKS_NAME }}
+          admin: true
+
+      - name: Patch images to new tag
+        run: |
+          set -e
+          echo "Deploying tag: $TAG"
+          kubectl set image -n "$NAMESPACE" deploy/$ORDER_DEPLOY   $ORDER_CONTAINER=$ACR_LOGIN_SERVER/week08/order-service:$TAG
+          kubectl set image -n "$NAMESPACE" deploy/$PRODUCT_DEPLOY $PRODUCT_CONTAINER=$ACR_LOGIN_SERVER/week08/product-service:$TAG
+
+      - name: Wait for rollout
+        run: |
+          set -e
+          kubectl rollout status -n "$NAMESPACE" deploy/$ORDER_DEPLOY
+          kubectl rollout status -n "$NAMESPACE" deploy/$PRODUCT_DEPLOY
+
+      - name: Show deployed images
+        run: |
+          kubectl get deploy -n "$NAMESPACE" \
+            -o custom-columns=NAME:.metadata.name,IMAGE:.spec.template.spec.containers[0].image,READY:.status.readyReplicas

.github/workflows/backend_ci.yml

@@ -1,146 +1,69 @@
-# week08/.github/workflows/backend_ci.yml
-
 name: Backend CI - Test, Build and Push Images to ACR
 
-# Trigger the workflow on pushes to the 'main' branch
-# You can also add 'pull_request:' to run on PRs
 on:
-  # Manual trigger
   workflow_dispatch:
-
-  # Automatically on pushes to main branch
   push:
-    branches:
-      - main
-    paths: # Only trigger if changes are in backend directories
-      - 'backend/**'
-      - '.github/workflows/backend_ci.yml' # Trigger if this workflow file changes
-
-# Define global environment variables that can be used across jobs
-env:
-  # ACR Login Server (e.g., myregistry.azurecr.io)
-  # This needs to be set as a GitHub Repository Secret
-  ACR_LOGIN_SERVER: ${{ secrets.AZURE_CONTAINER_REGISTRY }}
-  # Dynamically generate image tags based on Git SHA and GitHub Run ID
-  # This provides unique, traceable tags for each image build
-  IMAGE_TAG: ${{ github.sha }}-${{ github.run_id }}
+    branches: [ "main" ]
 
 jobs:
-  # Job 1: Run tests and linting for all backend services
-  test_and_lint_backends:
-    runs-on: ubuntu-latest # Use a GitHub-hosted runner
-
-    services:
-      # Product DB container
-      product_db:
-        image: postgres:15
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: products
-        # Make pg_isready available so the service is healthy before tests run
-        options: >-
-          --health-cmd "pg_isready -U postgres"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-
-      # Order DB
-      order_db:
-        image: postgres:15
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: orders
-        ports:
-          - 5433:5432
-        options: >-
-          --health-cmd "pg_isready -U postgres"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
+  test_build_push:
+    runs-on: ubuntu-latest
+    env:
+      ACR_NAME: s722acr84438
+      ACR_SERVER: s722acr84438.azurecr.io
+      SUB_ID: 3ec3f453-a0b9-4c9e-81d1-fc985be293b5
+      TAG: ${{ github.sha }}
 
     steps:
-      # 1. Checkout the repository code to the runner
-      - name: Checkout repository
-        uses: actions/checkout@v4 # Action to check out your repository code
+      - uses: actions/checkout@v4
 
-      # 2. Set up Python environment
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v5 # Action to set up Python environment
+      - name: Azure login (service principal)
+        uses: azure/login@v2
         with:
-          python-version: '3.10'
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
 
-      # 3. Install dependencies and run code quality checks
-      - name: Install dependencies
-        run: | # Use a multi-line script to install pip dependencies
-          pip install --upgrade pip
-          # Loop through each backend service folder
-          for req in backend/*/requirements.txt; do
-            echo "Installing $req"
-            pip install -r "$req"
-          done
-          # Install CI tools
-          pip install pytest httpx
+      - name: Set subscription
+        run: az account set --subscription "$SUB_ID"
 
-      # 5. Run tests for product service
-      - name: Run product_service tests
-        working-directory: backend/product_service
-        env:
-          POSTGRES_HOST: localhost
-          POSTGRES_PORT: 5432
-          POSTGRES_DB: products
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-        run: |
-          pytest tests --maxfail=1 --disable-warnings -q
-
-      # 6. Run tests for order service
-      - name: Run order_service tests
-        working-directory: backend/order_service
-        env:
-          POSTGRES_HOST: localhost
-          POSTGRES_PORT: 5433
-          POSTGRES_DB: orders
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-        run: |
-          pytest tests --maxfail=1 --disable-warnings -q
+      - name: Login docker to ACR (token-based)
+        run: az acr login -n "$ACR_NAME"
 
-  # Job 2: Build and Push Docker Images (runs only if tests pass)
-  build_and_push_images:
-    runs-on: ubuntu-latest
-    needs: test_and_lint_backends
+      - name: Find Dockerfiles (order + product)
+        id: detect
+        shell: bash
+        run: |
+          set -e
+          # Try smart search first
+          ORDER=$(find . -type f -iname Dockerfile -path '*order*'   | head -n1)
+          PROD=$( find . -type f -iname Dockerfile -path '*product*' | head -n1)
 
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+          # Fallback to common paths if needed
+          [[ -z "$ORDER" && -f "order-service/Dockerfile"   ]] && ORDER="order-service/Dockerfile"
+          [[ -z "$PROD"  && -f "product-service/Dockerfile" ]] && PROD="product-service/Dockerfile"
 
-    # Azure login using a Service Principal secret
-    - name: Azure Login
-      uses: azure/login@v1
-      with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }} # Needs to be set as a GitHub Secret (Service Principal JSON)
+          [[ -n "$ORDER" && -f "$ORDER" ]] || { echo "Order Dockerfile not found"; exit 1; }
+          [[ -n "$PROD"  && -f "$PROD"  ]] || { echo "Product Dockerfile not found"; exit 1; }
 
-    # Login to Azure Container Registry (ACR)
-    - name: Login to Azure Container Registry
-      run: az acr login --name ${{ env.ACR_LOGIN_SERVER }}
+          echo "order=$ORDER"  >> "$GITHUB_OUTPUT"
+          echo "product=$PROD" >> "$GITHUB_OUTPUT"
+          echo "Found ORDER=$ORDER"
+          echo "Found PRODUCT=$PROD"
 
-    # Build and Push Docker image for Product Service
-    - name: Build and Push Product Service Image
-      run: |
-        docker build -t ${{ env.ACR_LOGIN_SERVER }}/product_service:latest ./backend/product_service/
-        docker push ${{ env.ACR_LOGIN_SERVER }}/product_service:latest
+      - name: Build & push order-service (Docker)
+        run: |
+          ORDER_DF="${{ steps.detect.outputs.order }}"
+          ORDER_CTX="$(dirname "$ORDER_DF")"
+          docker build -t "$ACR_SERVER/week08/order-service:${TAG}" -f "$ORDER_DF" "$ORDER_CTX"
+          docker push "$ACR_SERVER/week08/order-service:${TAG}"
 
-    # Build and Push Docker image for Order Service
-    - name: Build and Push Order Service Image
-      run: |
-        docker build -t ${{ env.ACR_LOGIN_SERVER }}/order_service:latest ./backend/order_service/
-        docker push ${{ env.ACR_LOGIN_SERVER }}/order_service:latest
+      - name: Build & push product-service (Docker)
+        run: |
+          PROD_DF="${{ steps.detect.outputs.product }}"
+          PROD_CTX="$(dirname "$PROD_DF")"
+          docker build -t "$ACR_SERVER/week08/product-service:${TAG}" -f "$PROD_DF" "$PROD_CTX"
+          docker push "$ACR_SERVER/week08/product-service:${TAG}"
 
-    # Logout from Azure for security (runs even if image push fails)
-    - name: Logout from Azure
-      run: az logout
-      if: always()
+      - name: Show image URIs
+        run: |
+          echo "$ACR_SERVER/week08/order-service:${TAG}"
+          echo "$ACR_SERVER/week08/product-service:${TAG}"