@@ -52,66 +52,44 @@ jobs:
5252 push : true
5353 tags : ${{ env.ACR_NAME }}.azurecr.io/www:${{ env.APP_NAME }}-${{ github.sha }}
5454 - name : Create/Update Container App (Managed Identity)
55- env :
56- TIMEOUT_SECONDS : 300
57- SLEEP_SECONDS : 5
5855 run : |
5956 set -euo pipefail
60-
61- if ! az containerapp show -n $APP_NAME -g $RESOURCE_GROUP >/dev/null 2>&1; then
62- echo "Creating container app $APP_NAME (temporary image)"
63- az containerapp create \
64- -n $APP_NAME \
65- -g $RESOURCE_GROUP \
66- --environment $CONTAINERAPPS_ENV \
67- --image mcr.microsoft.com/k8se/quickstart:latest \
68- --ingress external --target-port $PORT \
69- --env-vars PORT=$PORT HOST=0.0.0.0 \
70- --system-assigned
71- else
72- echo "Container app $APP_NAME exists"
57+ if ! az containerapp show -n $APP_NAME -g $RESOURCE_GROUP >/dev/null 2>&1; then
58+ echo "Creating container app $APP_NAME (temporary public image)"
59+ az containerapp create \
60+ -n $APP_NAME \
61+ -g $RESOURCE_GROUP \
62+ --environment $CONTAINERAPPS_ENV \
63+ --image mcr.microsoft.com/k8se/quickstart:latest \
64+ --ingress external --target-port $PORT \
65+ --env-vars PORT=$PORT HOST=0.0.0.0 \
66+ --system-assigned
67+ else
68+ echo "Container app $APP_NAME exists"
69+ # Assign identity only if missing
70+ PID=$(az containerapp show -n $APP_NAME -g $RESOURCE_GROUP --query identity.principalId -o tsv 2>/dev/null || true)
71+ if [ -z "$PID" ] || [ "$PID" = "null" ]; then
72+ echo "Adding system identity"
7373 az containerapp identity assign -n $APP_NAME -g $RESOURCE_GROUP --system-assigned >/dev/null || true
7474 fi
75+ fi
7576
7677 PRINCIPAL_ID=$(az containerapp show -n $APP_NAME -g $RESOURCE_GROUP --query identity.principalId -o tsv)
7778 ACR_ID=$(az acr show -n $ACR_NAME --query id -o tsv)
7879 echo "Ensuring AcrPull role (principal: $PRINCIPAL_ID) on $ACR_ID"
7980 az role assignment create --assignee $PRINCIPAL_ID --scope $ACR_ID --role AcrPull >/dev/null 2>&1 || echo "Role already assigned"
8081
81- # Small wait to let RBAC settle
82- sleep 5
82+ # Brief wait for RBAC propagation (kept minimal)
83+ sleep 3
8384
8485 echo "Setting registry (managed identity)"
8586 az containerapp registry set -n $APP_NAME -g $RESOURCE_GROUP --server $ACR_NAME.azurecr.io --identity system >/dev/null || true
8687
8788 NEW_IMAGE="$ACR_NAME.azurecr.io/www:${APP_NAME}-${GITHUB_SHA}"
88- echo "Updating image -> $NEW_IMAGE"
89- az containerapp update -n $APP_NAME -g $RESOURCE_GROUP --image "$NEW_IMAGE" --set-env-vars PORT=$PORT HOST=0.0.0.0 --only-show-errors --no-wait
90-
91- echo "Waiting for revision to become Healthy (timeout ${TIMEOUT_SECONDS}s)"
92- start_time=$(date +%s)
93- while true; do
94- # Break if timeout
95- now=$(date +%s)
96- elapsed=$(( now - start_time ))
97- if [ $elapsed -ge $TIMEOUT_SECONDS ]; then
98- echo "Timed out waiting for Healthy revision" >&2
99- az containerapp show -n $APP_NAME -g $RESOURCE_GROUP -o yaml || true
100- exit 1
101- fi
89+ echo "Updating image -> $NEW_IMAGE (no wait)"
90+ az containerapp update -n $APP_NAME -g $RESOURCE_GROUP --image "$NEW_IMAGE" --set-env-vars PORT=$PORT HOST=0.0.0.0 --only-show-errors --no-wait || true
10291
103- REVISION=$(az containerapp revision list -n $APP_NAME -g $RESOURCE_GROUP --query "[?properties.active].name | [0]" -o tsv 2>/dev/null || true)
104- HEALTH=""
105- if [ -n "$REVISION" ]; then
106- HEALTH=$(az containerapp revision show -g $RESOURCE_GROUP --name $APP_NAME --revision $REVISION --query properties.healthState -o tsv 2>/dev/null || true)
107- fi
108- echo "Revision: ${REVISION:-<none>} Health: ${HEALTH:-<unknown>} (${elapsed}s)"
109- if [ "$HEALTH" = "Healthy" ]; then
110- echo "Revision $REVISION is Healthy"
111- break
112- fi
113- sleep $SLEEP_SECONDS
114- done
92+ echo "Skipping wait for Healthy state; proceeding to comment with FQDN."
11593
11694name : Fetch FQDN
11795 id : fqdn
0 commit comments