Develop

.github/workflows/deploy-angular.yml

@@ -0,0 +1,80 @@
+name: Deploy Angular to Azure Static Web Apps
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'Clients/TalentManagement-Angular-Material/**'
+      - '.github/workflows/deploy-angular.yml'
+  workflow_dispatch:
+
+permissions:
+  id-token: write   # Required for OIDC token request
+  contents: read
+
+env:
+  ANGULAR_APP_DIR: 'Clients/TalentManagement-Angular-Material/talent-management'
+  STATIC_WEB_APP_NAME: 'swa-talent-ui-dev'
+  RESOURCE_GROUP: 'rg-talent-dev'
+
+jobs:
+  build-and-deploy:
+    name: Build and Deploy Angular
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository (with submodules)
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22.x'
+          cache: 'npm'
+          cache-dependency-path: '${{ env.ANGULAR_APP_DIR }}/package-lock.json'
+
+      - name: Install dependencies
+        working-directory: ${{ env.ANGULAR_APP_DIR }}
+        run: npm ci
+
+      - name: Inject production environment variables
+        working-directory: ${{ env.ANGULAR_APP_DIR }}
+        env:
+          API_URL: ${{ secrets.API_APP_URL }}
+          IDENTITY_SERVER_URL: ${{ secrets.IDENTITY_SERVER_URL }}
+        run: |
+          sed -i "s|https://your-production-api.com/api/v1|${API_URL}/api/v1|g" src/environments/environment.prod.ts
+          sed -i "s|https://localhost:44310|${IDENTITY_SERVER_URL}|g" src/environments/environment.prod.ts
+
+      - name: Build Angular (production)
+        working-directory: ${{ env.ANGULAR_APP_DIR }}
+        run: npm run build -- --configuration production
+
+      - name: Log in to Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Get Static Web App deployment token
+        id: swa-token
+        run: |
+          SWA_TOKEN=$(az staticwebapp secrets list \
+            --name ${{ env.STATIC_WEB_APP_NAME }} \
+            --resource-group ${{ env.RESOURCE_GROUP }} \
+            --query properties.apiKey \
+            --output tsv)
+          echo "token=${SWA_TOKEN}" >> $GITHUB_OUTPUT
+
+      - name: Deploy to Azure Static Web Apps
+        uses: Azure/static-web-apps-deploy@v1
+        with:
+          azure_static_web_apps_api_token: ${{ steps.swa-token.outputs.token }}
+          action: upload
+          app_location: 'Clients/TalentManagement-Angular-Material/talent-management'
+          output_location: 'dist/talent-management/browser'
+          skip_app_build: true

.github/workflows/deploy-api.yml

@@ -0,0 +1,84 @@
+name: Deploy .NET API to Azure App Service
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'ApiResources/TalentManagement-API/**'
+      - '.github/workflows/deploy-api.yml'
+  workflow_dispatch:
+
+permissions:
+  id-token: write   # Required for OIDC token request
+  contents: read
+
+env:
+  DOTNET_VERSION: '10.x'
+  PROJECT_PATH: 'ApiResources/TalentManagement-API/TalentManagementAPI.WebApi/TalentManagementAPI.WebApi.csproj'
+  SOLUTION_PATH: 'ApiResources/TalentManagement-API/TalentManagementAPI.slnx'
+  PUBLISH_DIR: '${{ github.workspace }}/publish/api'
+  APP_SERVICE_NAME: 'app-talent-api-dev'
+  RESOURCE_GROUP: 'rg-talent-dev'
+
+jobs:
+  build-and-deploy:
+    name: Build, Test, and Deploy API
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository (with submodules)
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up .NET ${{ env.DOTNET_VERSION }}
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore dependencies
+        run: dotnet restore ${{ env.SOLUTION_PATH }}
+
+      - name: Build
+        run: dotnet build ${{ env.SOLUTION_PATH }} --configuration Release --no-restore
+
+      - name: Run unit tests
+        run: dotnet test ${{ env.SOLUTION_PATH }} --configuration Release --no-build --verbosity normal
+
+      - name: Publish
+        run: |
+          dotnet publish ${{ env.PROJECT_PATH }} \
+            --configuration Release \
+            --no-build \
+            --output ${{ env.PUBLISH_DIR }}
+
+      - name: Log in to Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Configure App Service settings
+        run: |
+          az webapp config appsettings set \
+            --resource-group ${{ env.RESOURCE_GROUP }} \
+            --name ${{ env.APP_SERVICE_NAME }} \
+            --settings \
+              "ConnectionStrings__DefaultConnection=${{ secrets.API_DB_CONNECTION_STRING }}" \
+              "Sts__ServerUrl=${{ secrets.IDENTITY_SERVER_URL }}" \
+              "Sts__ValidIssuer=${{ secrets.IDENTITY_SERVER_URL }}" \
+              "Sts__Audience=app.api.talentmanagement" \
+              "JWTSettings__Key=${{ secrets.JWT_KEY }}" \
+              "JWTSettings__Issuer=CoreIdentity" \
+              "JWTSettings__Audience=CoreIdentityUser" \
+              "JWTSettings__DurationInMinutes=60" \
+              "FeatureManagement__AuthEnabled=true" \
+              "ASPNETCORE_ENVIRONMENT=Production"
+
+      - name: Deploy to Azure App Service
+        uses: azure/webapps-deploy@v3
+        with:
+          app-name: ${{ env.APP_SERVICE_NAME }}
+          package: ${{ env.PUBLISH_DIR }}

.github/workflows/deploy-identityserver.yml

@@ -0,0 +1,76 @@
+name: Deploy IdentityServer to Azure App Service
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'TokenService/Duende-IdentityServer/**'
+      - '.github/workflows/deploy-identityserver.yml'
+  workflow_dispatch:
+
+permissions:
+  id-token: write   # Required for OIDC token request
+  contents: read
+
+env:
+  DOTNET_VERSION: '8.x'
+  STS_PROJECT_PATH: 'TokenService/Duende-IdentityServer/src/DuendeIdentityServer.STS.Identity/DuendeIdentityServer.STS.Identity.csproj'
+  ADMIN_PROJECT_PATH: 'TokenService/Duende-IdentityServer/src/DuendeIdentityServer.Admin/DuendeIdentityServer.Admin.csproj'
+  PUBLISH_DIR: '${{ github.workspace }}/publish/ids'
+  APP_SERVICE_NAME: 'app-talent-ids-dev'
+  RESOURCE_GROUP: 'rg-talent-dev'
+
+jobs:
+  build-and-deploy:
+    name: Build, Test, and Deploy IdentityServer
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository (with submodules)
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up .NET ${{ env.DOTNET_VERSION }}
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore dependencies
+        run: dotnet restore ${{ env.STS_PROJECT_PATH }}
+
+      - name: Build
+        run: dotnet build ${{ env.STS_PROJECT_PATH }} --configuration Release --no-restore
+
+      - name: Publish
+        run: |
+          dotnet publish ${{ env.STS_PROJECT_PATH }} \
+            --configuration Release \
+            --no-build \
+            --output ${{ env.PUBLISH_DIR }}
+
+      - name: Log in to Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Configure App Service settings
+        run: |
+          az webapp config appsettings set \
+            --resource-group ${{ env.RESOURCE_GROUP }} \
+            --name ${{ env.APP_SERVICE_NAME }} \
+            --settings \
+              "ConnectionStrings__ConfigurationDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__PersistedGrantDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__IdentityDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "AdminConfiguration__IdentityServerBaseUrl=${{ secrets.IDENTITY_SERVER_URL }}" \
+              "ASPNETCORE_ENVIRONMENT=Production"
+
+      - name: Deploy to Azure App Service
+        uses: azure/webapps-deploy@v3
+        with:
+          app-name: ${{ env.APP_SERVICE_NAME }}
+          package: ${{ env.PUBLISH_DIR }}