Overview ¶
The Benefits app is currently deployed into a Microsoft Azure account provided by California Department of Technology (CDT)’s Office of Enterprise Technology (OET), a.k.a. the “DevSecOps” team. More specifically, it uses custom containers on Azure App Service. More about the infrastructure.
Deployment process ¶
The Django application gets built into a Docker image with NGINX and Gunicorn. SQLite is used within that same container to store configuration data; there is no external database.
The application is deployed to an Azure Web App Container using three separate environments for dev, test,
and prod.
A GitHub Action per environment is responsible for building that branch’s image and pushing to GitHub Container Registry (GHCR).
GitHub POSTs a webhook to the Azure Web App when an image is published to GHCR, telling Azure to restart the app and pull the latest image.
You can view what Git commit is deployed for a given environment by visitng the URL path /static/sha.txt.
Configuration ¶
Sensitive configuration settings are maintained as Application Configuration variables in Azure, referencing Azure Key Vault secrets. Other non-sensitive configuration is maintained directly in the configuration database via the Django Admin.
Docker images ¶
Docker images for each of the deploy branches are available from GitHub Container Registry (GHCR):
- Repository Package page
- Image path:
ghcr.io/cal-itp/benefits - Image tags:
dev,test,prod