feat(ci): Automate build and publish

Author: sylus

.github/workflows/build.yml

@@ -0,0 +1,38 @@
+# This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service using a helm chart.
+#
+# https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes
+#
+# To configure this workflow:
+#
+# 1. Set up the following secrets in your workspace:
+#     a. REGISTRY_USERNAME with ACR username
+#     b. REGISTRY_PASSWORD with ACR Password
+#     c. AZURE_CREDENTIALS with the output of `az ad sp create-for-rbac --sdk-auth`
+#
+# 2. Change the values for the REGISTRY_NAME, CLUSTER_NAME, CLUSTER_RESOURCE_GROUP and NAMESPACE environment variables (below).
+name: build
+on: [pull_request]
+
+# Environment variables available to all jobs and steps in this workflow
+env:
+  REGISTRY_NAME: k8scc01covidacr
+  CLUSTER_NAME: k8s-cancentral-02-covid-aks
+  CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks
+  NAMESPACE: web
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+
+    # Container build
+    - run: |
+        docker build -f Dockerfile -t ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }} .
+
+    # Scan image for vulnerabilities
+    - uses: Azure/container-scan@v0
+      with:
+        image-name: ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }}
+        severity-threshold: CRITICAL
+        run-quality-checks: false

.github/workflows/publish.yml

@@ -0,0 +1,60 @@
+# This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service using a helm chart.
+#
+# https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes
+#
+# To configure this workflow:
+#
+# 1. Set up the following secrets in your workspace:
+#     a. REGISTRY_USERNAME with ACR username
+#     b. REGISTRY_PASSWORD with ACR Password
+#     c. AZURE_CREDENTIALS with the output of `az ad sp create-for-rbac --sdk-auth`
+#
+# 2. Change the values for the REGISTRY_NAME, CLUSTER_NAME, CLUSTER_RESOURCE_GROUP and NAMESPACE environment variables (below).
+name: publish
+on:
+  push:
+    branches:
+      - master
+
+# Environment variables available to all jobs and steps in this workflow
+env:
+  REGISTRY_NAME: k8scc01covidacr
+  CLUSTER_NAME: k8s-cancentral-02-covid-aks
+  CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks
+  NAMESPACE: web
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+
+    # Connect to Azure Container registry (ACR)
+    - uses: azure/docker-login@v1
+      with:
+        login-server: ${{ env.REGISTRY_NAME }}.azurecr.io
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+
+    # Container build and push to a Azure Container registry (ACR)
+    - run: |
+        docker build -f Dockerfile -t ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }} .
+        docker push ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }}
+
+    # Scan image for vulnerabilities
+    - uses: Azure/container-scan@v0
+      with:
+        image-name: ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }}
+        severity-threshold: CRITICAL
+        run-quality-checks: false
+
+    # Prepare to deploy the image
+    - run: |
+        sed -i -E 's/[0-9a-f]{40}/${{ github.sha }}/g' deploy/deploy.yaml
+
+    # Deploy to Kubernetes
+    - name: kubectl
+      uses: statcan/actions/kubectl@master
+      with:
+        kubeconfig: ${{ secrets.KUBECONFIG }}
+        args: apply -f deploy/deploy.yaml

deploy/deploy.yaml

@@ -21,7 +21,7 @@ spec:
         app.kubernetes.io/name: jupyter-apis
     spec:
       containers:
-      - image: zachomedia/jupyter-apis:latest
+      - image: k8scc01covidacr.azurecr.io/jupyter-apis:c6280e40c11618c3908449d92f2f67d4e6b17ecc
         imagePullPolicy: Always
         name: jupyter-web-app
         ports: