digdir
diff --git a/‎.github/workflows/azure-deploy-storybook.yml‎
Lines changed: 83 additions & 0 deletions b/‎.github/workflows/azure-deploy-storybook.yml‎
Lines changed: 83 additions & 0 deletions
diff --git a/‎.github/workflows/azure-deploy-themebuilder.yml‎
Lines changed: 45 additions & 17 deletions b/‎.github/workflows/azure-deploy-themebuilder.yml‎
Lines changed: 45 additions & 17 deletions
diff --git a/‎.github/workflows/azure-preview-cleanup.yml‎
Lines changed: 54 additions & 0 deletions b/‎.github/workflows/azure-preview-cleanup.yml‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎.github/workflows/azure-preview-storybook.yml‎
Lines changed: 9 additions & 86 deletions b/‎.github/workflows/azure-preview-storybook.yml‎
Lines changed: 9 additions & 86 deletions
@@ -0,0 +1,83 @@
+name: azure deploy storybook prod
+run-name:  Deploy to storybook to ${{ inputs.environment }} by @${{ github.actor }}
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+        description: 'Deployment environment (production, preview)'
+      pr_number:
+        required: false
+        type: string
+        description: 'PR number for preview deployments'
+      update_comment:
+        required: false
+        type: boolean
+        default: false
+        description: 'Whether to update PR comment with deployment URL'
+    secrets:
+      AZURE_CLIENT_ID:
+        required: true
+      AZURE_TENANT_ID:
+        required: true
+      AZURE_SUBSCRIPTION_ID:
+        required: true
+
+permissions:
+  id-token: write   # needed for OIDC
+  contents: read
+
+concurrency:
+  group: azure-storybook-prod-deploy
+  cancel-in-progress: true
+
+env:
+  RESOURCE_GROUP: ${{ inputs.environment == 'production' && 'rg-designsystemet-prod' || 'rg-designsystemet-test' }}
+  CONTAINERAPPS_ENV: ${{ inputs.environment == 'production' && 'storybook-prod-ca' || 'storybook-test-ca' }}
+  ACR_NAME: designsystemetacr
+  APP_NAME: ${{ inputs.environment == 'production' && 'storybook-prod' || 'storybook-test-pr'-${{ inputs.pr_number }} }}
+  IMAGE: ${{ github.event.number }}-${{ github.sha }}
+  PORT: 8000
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: azure
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: az login (oidc)
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: acr login
+        run: az acr login --name designsystemetacr
+
+      - name: build & push (storybook)
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
+        with:
+          context: .
+          file: ./Dockerfile
+          target: storybook
+          platforms: linux/amd64
+          push: true
+          tags: designsystemetacr.azurecr.io/storybook:latest
+
+      - name: deploy
+        uses: azure/container-apps-deploy-action@29ee19866ec987ededd70b8412d9ee241a9102d1 # v1
+        with:
+          resourceGroup: ${RESOURCE_GROUP}
+          containerAppName: ${APP_NAME}
+          containerAppEnvironment: ${CONTAINERAPPS_ENV}
+          acrName: ${ACR_NAME}
+          imageToDeploy: ${IMAGE}
+          targetPort: ${PORT}
+          ingress: external
+          environmentVariables: |
+            PORT=${PORT}
+            HOST=0.0.0.0
+            ENV=${{ inputs.environment }}
@@ -1,18 +1,45 @@
-name: deploy themebuilder to aca
-
+name: azure deploy themebuilder prod
+run-name:  Deploy to themebuilder to ${{ inputs.environment }} by @${{ github.actor }}
 on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-    paths:
-      - 'apps/themebuilder/**'
-      - 'internal/components/**'
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+        description: 'Deployment environment (production, preview)'
+      pr_number:
+        required: false
+        type: string
+        description: 'PR number for preview deployments'
+      update_comment:
+        required: false
+        type: boolean
+        default: false
+        description: 'Whether to update PR comment with deployment URL'
+    secrets:
+      AZURE_CLIENT_ID:
+        required: true
+      AZURE_TENANT_ID:
+        required: true
+      AZURE_SUBSCRIPTION_ID:
+        required: true
 
 permissions:
   id-token: write   # needed for OIDC
   contents: read
 
+concurrency:
+  group: azure-themebuilder-prod-deploy
+  cancel-in-progress: true
+
+env:
+  RESOURCE_GROUP: ${{ inputs.environment == 'production' && 'rg-designsystemet-prod' || 'rg-designsystemet-test' }}
+  CONTAINERAPPS_ENV: ${{ inputs.environment == 'production' && 'themebuilder-prod-ca' || 'themebuilder-test-ca' }}
+  ACR_NAME: designsystemetacr
+  APP_NAME: ${{ inputs.environment == 'production' && 'themebuilder-prod' || 'themebuilder-test-pr'-${{ inputs.pr_number }} }}
+  IMAGE: ${{ github.event.number }}-${{ github.sha }}
+  PORT: 8000
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
@@ -38,18 +65,19 @@ jobs:
           target: themebuilder
           platforms: linux/amd64
           push: true
-          tags: designsystemetacr.azurecr.io/themebuilder:${{ github.sha }}
+          tags: designsystemetacr.azurecr.io/themebuilder:latest
 
       - name: deploy
         uses: azure/container-apps-deploy-action@29ee19866ec987ededd70b8412d9ee241a9102d1 # v1
         with:
-          resourceGroup: rg-designsystemet-test
-          containerAppName: themebuilder-test-ca-app
-          containerAppEnvironment: themebuilder-test-ca
-          acrName: designsystemetacr
-          imageToDeploy: designsystemetacr.azurecr.io/themebuilder:${{ github.sha }}
-          targetPort: 8000
+          resourceGroup: ${RESOURCE_GROUP}
+          containerAppName: ${APP_NAME}
+          containerAppEnvironment: ${CONTAINERAPPS_ENV}
+          acrName: ${ACR_NAME}
+          imageToDeploy: ${IMAGE}
+          targetPort: ${PORT}
           ingress: external
           environmentVariables: |
-            PORT=8000
+            PORT=${PORT}
             HOST=0.0.0.0
+            ENV=${{ inputs.environment }}
@@ -0,0 +1,54 @@
+name: Azure Preview Cleanup
+
+on:
+  pull_request:
+    types: [closed]
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  RESOURCE_GROUP: rg-designsystemet-test
+  ACR_NAME: designsystemetacr
+  # Base names of preview apps we want to clean up. Add/remove as needed.
+  PREVIEW_APPS: www themebuilder storybook
+
+jobs:
+  cleanup:
+    if: ${{ github.repository == 'digdir/designsystemet' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: az login (oidc)
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Delete preview Container Apps
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+        run: |
+          set -euo pipefail
+          echo "Starting cleanup for PR #${PR_NUMBER} in resource group ${RESOURCE_GROUP}" | tee -a $GITHUB_STEP_SUMMARY
+          ANY_DELETED=0
+          for base in $PREVIEW_APPS; do
+            APP_NAME="${base}-pr-${PR_NUMBER}"
+            echo "Checking ${APP_NAME}" | tee -a $GITHUB_STEP_SUMMARY
+            if az containerapp show -n "${APP_NAME}" -g "${RESOURCE_GROUP}" >/dev/null 2>&1; then
+              echo "Deleting ${APP_NAME}" | tee -a $GITHUB_STEP_SUMMARY
+              az containerapp delete -n "${APP_NAME}" -g "${RESOURCE_GROUP}" --yes
+              echo "Deleted ${APP_NAME}" | tee -a $GITHUB_STEP_SUMMARY
+              ANY_DELETED=1
+            else
+              echo "Not found: ${APP_NAME} (skipping)" | tee -a $GITHUB_STEP_SUMMARY
+            fi
+          done
+          if [ "$ANY_DELETED" = "0" ]; then
+            echo "No preview container apps found for PR #${PR_NUMBER}" | tee -a $GITHUB_STEP_SUMMARY
+          else
+            echo "Cleanup complete for PR #${PR_NUMBER}" | tee -a $GITHUB_STEP_SUMMARY
+          fi
@@ -3,99 +3,22 @@ name: azure preview storybook
 on:
   workflow_dispatch:
   pull_request:
-    types: [opened, synchronize, reopened]
+    types: [opened, synchronize]
     paths:
       - 'apps/storybook/**'
       - 'internal/components/**'
 
 permissions:
-  id-token: write
   contents: read
-  pull-requests: write
-
-env:
-  RESOURCE_GROUP: rg-designsystemet-test
-  CONTAINERAPPS_ENV: storybook-test-ca
-  ACR_NAME: designsystemetacr
-  APP_NAME: storybook-pr-${{ github.event.number }}
-  IMAGE: ${{ github.event.number }}-${{ github.sha }}
-  PORT: 6006
-
-concurrency:
-  group: azure-storybook-preview-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
 
 jobs:
-  deploy:
-    if: ${{ github.repository == 'digdir/designsystemet' }}
-    runs-on: ubuntu-latest
-    outputs:
-      fqdn: ${{ steps.fqdn.outputs.fqdn }}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: az login (oidc)
-        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
-      - name: acr login (for docker push)
-        run: az acr login --name ${{ env.ACR_NAME }}
-
-      - name: build & push image (storybook)
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
-        with:
-          context: .
-          file: ./Dockerfile
-          target: storybook
-          platforms: linux/amd64
-          push: true
-          tags: ${{ env.ACR_NAME }}.azurecr.io/storybook:${{ env.IMAGE }}
-
-      - name: get acr creds (masked)
-        id: acr
-        shell: bash
-        run: |
-          set -euo pipefail
-          az acr update -n "${ACR_NAME}" --admin-enabled true >/dev/null
-          USER=$(az acr credential show -n "${ACR_NAME}" --query username -o tsv)
-          PASS=$(az acr credential show -n "${ACR_NAME}" --query 'passwords[0].value' -o tsv)
-          echo "::add-mask::${USER}"
-          echo "::add-mask::${PASS}"
-          echo "user=${USER}" >> "$GITHUB_OUTPUT"
-          echo "pass=${PASS}" >> "$GITHUB_OUTPUT"
-
-      - name: deploy (no mi; use registry creds)
-        uses: azure/container-apps-deploy-action@29ee19866ec987ededd70b8412d9ee241a9102d1 # v1
-        with:
-          resourceGroup: ${{ env.RESOURCE_GROUP }}
-          containerAppEnvironment: ${{ env.CONTAINERAPPS_ENV }}
-          containerAppName: ${{ env.APP_NAME }}
-          imageToDeploy: ${{ env.ACR_NAME }}.azurecr.io/storybook:${{ env.IMAGE }}
-          registryUrl: ${{ env.ACR_NAME }}.azurecr.io
-          registryUsername: ${{ steps.acr.outputs.user }}
-          registryPassword: ${{ steps.acr.outputs.pass }}
-          targetPort: ${{ env.PORT }}
-          ingress: external
-          environmentVariables: |
-            PORT=${{ env.PORT }}
-            HOST=0.0.0.0
-
-      - name: fetch fqdn
-        id: fqdn
-        run: |
-          FQDN=$(az containerapp show -n "${APP_NAME}" -g "${RESOURCE_GROUP}" --query properties.configuration.ingress.fqdn -o tsv)
-          echo "fqdn=${FQDN}" >> "$GITHUB_OUTPUT"
-          echo "Resolved FQDN: ${FQDN}"  # log for visibility
-
-  update-comment:
-    if: ${{ github.event_name == 'pull_request' }}
-    needs: deploy
-    uses: ./.github/workflows/preview-comment.yml
+  deploy-preview:
+    uses: ./.github/workflows/azure-deploy-storybook.yml
     with:
+      environment: preview
       pr_number: ${{ github.event.number }}
-      deployment_type: storybook
-      deployment_url: https://${{ needs.deploy.outputs.fqdn }}
+      update_comment: true
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}