Skip to content

Deployment

The Benefits app is currently deployed into a Microsoft Azure account provided by California Department of Technology (CDT)’s Office of Enterprise Technology (OET), a.k.a. the “DevSecOps” team. More specifically, it uses custom containers on Azure App Service. More about the infrastructure.

Deployment process

The Django application gets built into a Docker image with NGINX and Gunicorn. SQLite is used within that same container to store configuration data; there is no external database.

The application is deployed to an Azure Web App Container using three separate environments for dev, test, and prod.

The Deploy workflow is responsible for building that branch’s image and pushing to GitHub Container Registry (GHCR). It also deploys to the Azure Web App, telling Azure to restart the app and pull the latest image.

You can view what Git commit is deployed for a given environment by visiting the URL path /static/sha.txt.

The GitHub Actions deployment workflow configuration lives at .github/workflows/deploy.yml.

Info

The entire process from GitHub commit to full redeploy of the application can take from around 5 minutes to 10 minutes or more depending on the deploy environment. Have patience!

Deployment steps

The workflow is triggered with a push to the main branch or when a release candidate or release tag is created on any branch. It also responds to the workflow_dispatch event to allow manually triggering via the GitHub Actions UI.

When a deployment workflow runs, the following steps are taken:

1. Checkout code

From the tip of the corresponding branch (e.g. main) or the tagged commit

2. Authenticate to GHCR

Using the github.actor and built-in GITHUB_TOKEN secret

3. Build and push image to GitHub Container Registry (GHCR)

Build the root Dockerfile, tagging with the SHA from the HEAD commit or tagged commit.

Push this image:tag into GHCR.

4. App Service deploy

Push the new image:tag to the Azure App Service instance.

Configuration

Sensitive configuration settings are maintained as Application Configuration variables in Azure, referencing Azure Key Vault secrets. Other non-sensitive configuration is maintained directly in the configuration database via the Django Admin.

Docker images

Docker images for each of the deploy branches are available from GitHub Container Registry (GHCR):