From d3ad5688512ffe6bebec1120de0e6a356aa0bfb1 Mon Sep 17 00:00:00 2001
From: Bart van der Braak <bartvdbraak@gmail.com>
Date: Fri, 1 Dec 2023 00:26:15 +0100
Subject: [PATCH 1/5] feat: add checks and git tags for azure deployed

---
 .github/workflows/tests.yml | 50 +++++++++++++++++++++++++++----------
 1 file changed, 37 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 2eeba49..430be3f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -21,19 +21,43 @@ jobs:
       LOCATION: eastus
       DEPLOYMENT_NAME: keyweave-${{ github.run_id }}
     steps:
-    - uses: actions/checkout@v3
-    - uses: azure/login@v1
-      with:
-        client-id: ${{ secrets.AZURE_CLIENT_ID }}
-        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-    - name: Deploy Bicep template
-      uses: azure/arm-deploy@v1
-      with:
-        scope: subscription
-        region: ${{ env.LOCATION }}
-        template: bicep/main.bicep
-        deploymentName: ${{ env.DEPLOYMENT_NAME }}
+      - uses: actions/checkout@v3
+
+      - name: Fetch complete history
+        run: git fetch --prune --unshallow
+  
+      - name: Get last deployed commit
+        id: last_deployed
+        run: echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_ENV
+  
+      - name: Check for changes in bicep folder
+        run: |
+          if git diff --quiet $LAST_DEPLOYED_COMMIT HEAD -- bicep/ ; then
+            echo "NO_CHANGES=true" >> $GITHUB_ENV
+          else
+            echo "NO_CHANGES=false" >> $GITHUB_ENV
+  
+      - if: env.NO_CHANGES == 'false'
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+  
+      - if: env.NO_CHANGES == 'false'
+        name: Deploy Bicep template
+        uses: azure/arm-deploy@v1
+        with:
+          scope: subscription
+          region: ${{ env.LOCATION }}
+          template: bicep/main.bicep
+          deploymentName: ${{ env.DEPLOYMENT_NAME }}
+  
+      - if: env.NO_CHANGES == 'false'
+        name: Tag Deployment
+        run: |
+          git tag -fa deployed -m "Deployed to Azure"
+          git push origin --tags --force
 
   tests-no-access:
     name: Tests with No Access

From 9d83d41a36dd0596a9cb4a828295ad28b16ac066 Mon Sep 17 00:00:00 2001
From: Bart van der Braak <bartvdbraak@gmail.com>
Date: Fri, 1 Dec 2023 00:30:28 +0100
Subject: [PATCH 2/5] fix: hanlde if first add git tag

---
 .github/workflows/tests.yml | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 430be3f..3941093 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -22,29 +22,32 @@ jobs:
       DEPLOYMENT_NAME: keyweave-${{ github.run_id }}
     steps:
       - uses: actions/checkout@v3
-
       - name: Fetch complete history
         run: git fetch --prune --unshallow
-  
-      - name: Get last deployed commit
-        id: last_deployed
-        run: echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_ENV
-  
+      - name: Check for deployed tag
+        id: check_tag
+        run: |
+          if git rev-parse --verify deployed >/dev/null 2>&1; then
+            echo "DEPLOYED_TAG_EXISTS=true" >> $GITHUB_ENV
+            echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_ENV
+          else
+            echo "DEPLOYED_TAG_EXISTS=false" >> $GITHUB_ENV
+          fi
       - name: Check for changes in bicep folder
+        if: env.DEPLOYED_TAG_EXISTS == 'true'
         run: |
           if git diff --quiet $LAST_DEPLOYED_COMMIT HEAD -- bicep/ ; then
             echo "NO_CHANGES=true" >> $GITHUB_ENV
           else
             echo "NO_CHANGES=false" >> $GITHUB_ENV
-  
-      - if: env.NO_CHANGES == 'false'
+          fi
+      - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false'
         uses: azure/login@v1
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-  
-      - if: env.NO_CHANGES == 'false'
+      - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false'
         name: Deploy Bicep template
         uses: azure/arm-deploy@v1
         with:
@@ -52,8 +55,7 @@ jobs:
           region: ${{ env.LOCATION }}
           template: bicep/main.bicep
           deploymentName: ${{ env.DEPLOYMENT_NAME }}
-  
-      - if: env.NO_CHANGES == 'false'
+      - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false'
         name: Tag Deployment
         run: |
           git tag -fa deployed -m "Deployed to Azure"

From 4c0ad2ff5f2c39eecc6bb6433d94edd5544afc02 Mon Sep 17 00:00:00 2001
From: Bart van der Braak <bartvdbraak@gmail.com>
Date: Fri, 1 Dec 2023 00:33:58 +0100
Subject: [PATCH 3/5] fix: add git identity for github actions bot

---
 .github/workflows/tests.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 3941093..c79920f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -58,6 +58,8 @@ jobs:
       - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false'
         name: Tag Deployment
         run: |
+          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
+          git config --global user.email "bartvdbraak@users.noreply.github.com"
           git tag -fa deployed -m "Deployed to Azure"
           git push origin --tags --force
 

From 6bb67d26a3c9f4a3c2879dc06ae925ad0349e516 Mon Sep 17 00:00:00 2001
From: Bart van der Braak <bartvdbraak@gmail.com>
Date: Fri, 1 Dec 2023 00:59:38 +0100
Subject: [PATCH 4/5] fix: allow git write operations

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c79920f..5620c30 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,7 +2,7 @@ name: Tests
 
 permissions:
   id-token: write
-  contents: read
+  contents: write
 
 on:
   push:

From 8e1908130069ae7495758f1feccf7c91fa356c26 Mon Sep 17 00:00:00 2001
From: Bart van der Braak <bartvdbraak@gmail.com>
Date: Fri, 1 Dec 2023 01:07:35 +0100
Subject: [PATCH 5/5] fix: use github actions bot as identity

---
 .github/workflows/tests.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 5620c30..a29085f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -58,8 +58,8 @@ jobs:
       - if: env.DEPLOYED_TAG_EXISTS == 'false' || env.NO_CHANGES == 'false'
         name: Tag Deployment
         run: |
-          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
-          git config --global user.email "bartvdbraak@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
           git tag -fa deployed -m "Deployed to Azure"
           git push origin --tags --force