Add prod GitHub Actions for Function App and SWA deploy

MWG-Logan · MWG-Logan · commit e121b445e334 · 2026-06-22T00:21:03.000-04:00
Added workflows for production deployment:
- func-deploy-prod.yml: Builds and deploys .NET Azure Function App using OIDC and managed identity on main branch changes.
- swa-deploy-prod.yml: Builds and deploys .NET Static Web App, including config copy, using deployment token on main branch changes.
diff --git a/.github/workflows/func-deploy-prod.yml b/.github/workflows/func-deploy-prod.yml
@@ -0,0 +1,93 @@
+name: Function App - PROD - Build and Deploy (OIDC)
+
+# CONFIGURATION
+#
+# This workflow can be used to deploy your .NET project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action).
+#
+# For an overview of using GitHub workflows with Azure Functions, see https://learn.microsoft.com/azure/azure-functions/functions-how-to-github-actions
+#
+# 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity.
+#   For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended
+#
+# 2. Add the following values from the managed identity to your repo's variables:
+#   AZURE_CLIENT_ID
+#   AZURE_TENANT_ID
+#   AZURE_SUBSCRIPTION_ID
+#   For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows
+#
+# 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run.
+#   For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - MW-GC.EventManager.API/**
+      - MW-GC.EventManager.Shared/**
+  workflow_dispatch:
+
+env:
+  AZURE_FUNCTIONAPP_NAME: ${{ vars.FUNCTION_APP_NAME }}
+  AZURE_FUNCTIONAPP_PROJECT_PATH: ${{ vars.FUNCTION_PROJECT_NAME }}
+  DOTNET_VERSION: '10.0.x'
+  BUILD_ARTIFACT_NAME: ${{ vars.FUNCTION_PROJECT_NAME }}
+  
+jobs:
+  build:
+    runs-on: ubuntu-latest # Assumes your target function app is Linux-based
+    permissions:
+      id-token: write  # Required for OIDC
+      contents: read   # Required for actions/checkout
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }}
+    steps:
+      - name: 'Checkout repository'
+        uses: actions/checkout@v6
+
+      - name: 'Set up .NET version: ${{ env.DOTNET_VERSION }}'
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      # Perform additional steps such as running tests, if needed
+
+      - name: 'Build and prepare .NET project for deployment'
+        run: dotnet publish --configuration Release --output ./output
+
+      - name: Upload artifact for the deployment job
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.BUILD_ARTIFACT_NAME }}
+          path: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }}/output
+          include-hidden-files: true  # Required for .NET projects
+  
+  deploy:
+    environment:
+      name: func-prod
+      url: https://mwgeventmanager.azurewebsites.net
+    runs-on: ubuntu-latest # Assumes your target function app is Linux-based
+    needs: build
+    permissions:
+      id-token: write  # Required for OIDC
+    steps:
+      - name: 'Download artifact from build job'
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ env.BUILD_ARTIFACT_NAME }}
+          path: ./downloaded-artifact
+     
+      - name: 'Log in to Azure with AZ CLI'
+        uses: azure/login@v2
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+        
+      - name: 'Run the Azure Functions action'
+        uses: Azure/functions-action@v1
+        id: deploy-to-function-app
+        with:
+          app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
+          package: ./downloaded-artifact
diff --git a/.github/workflows/swa-deploy-prod.yml b/.github/workflows/swa-deploy-prod.yml
@@ -0,0 +1,52 @@
+name: Static Web App - PROD - Build and Deploy (Token)
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - MW-GC.EventManager.Web/**
+      - MW-GC.EventManager.Shared/**
+
+jobs:
+  build_and_deploy_job:
+    runs-on: ubuntu-latest
+    environment:
+      name: swa-prod
+      url: https://polite-ocean-0555a8a0f.7.azurestaticapps.net
+    name: Build and Deploy Job
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          submodules: true
+          lfs: false
+
+      - name: Setup .NET 10.0
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 10.0.x
+
+      - name: Install Workloads
+        run: dotnet workload restore
+
+      - name: Restore
+        run: dotnet restore
+
+      - name: .NET Publish
+        run: dotnet publish ${{ vars.SWA_PROJECT_NAME }} -c Release -o ${{ vars.SWA_PROJECT_NAME }}/publish -p:VersionSuffix=prod
+
+      - name: Copy staticwebapp.config.json to Publish Folder
+        run: cp ${{ vars.SWA_PROJECT_NAME }}/staticwebapp.config.json ${{ vars.SWA_PROJECT_NAME }}/publish/wwwroot/staticwebapp.config.json
+
+      - name: Build And Deploy (Prod)
+        id: builddeploy_prod
+        uses: Azure/static-web-apps-deploy@v1
+        with:
+          azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }}
+          repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
+          action: "upload"
+          app_location: "${{ vars.SWA_PROJECT_NAME }}/publish/wwwroot"
+          skip_api_build: true
+          skip_app_build: true
