Add IdentityServer Admin app deployment

Author: workcontrolgit

.github/workflows/deploy-identityserver.yml

@@ -17,13 +17,15 @@ env:
   DOTNET_VERSION: '8.x'
   STS_PROJECT_PATH: 'TokenService/Duende-IdentityServer/src/DuendeIdentityServer.STS.Identity/DuendeIdentityServer.STS.Identity.csproj'
   ADMIN_PROJECT_PATH: 'TokenService/Duende-IdentityServer/src/DuendeIdentityServer.Admin/DuendeIdentityServer.Admin.csproj'
-  PUBLISH_DIR: '${{ github.workspace }}/publish/ids'
+  STS_PUBLISH_DIR: '${{ github.workspace }}/publish/ids'
+  ADMIN_PUBLISH_DIR: '${{ github.workspace }}/publish/admin'
   APP_SERVICE_NAME: 'app-talent-ids-dev'
+  ADMIN_APP_SERVICE_NAME: 'app-talent-admin-dev'
   RESOURCE_GROUP: 'rg-talent-dev'
 
 jobs:
   build-and-deploy:
-    name: Build, Test, and Deploy IdentityServer
+    name: Build and Deploy IdentityServer
     runs-on: ubuntu-latest
 
     steps:
@@ -38,17 +40,28 @@ jobs:
           dotnet-version: ${{ env.DOTNET_VERSION }}
 
       - name: Restore dependencies
-        run: dotnet restore ${{ env.STS_PROJECT_PATH }}
+        run: |
+          dotnet restore ${{ env.STS_PROJECT_PATH }}
+          dotnet restore ${{ env.ADMIN_PROJECT_PATH }}
 
       - name: Build
-        run: dotnet build ${{ env.STS_PROJECT_PATH }} --configuration Release --no-restore
+        run: |
+          dotnet build ${{ env.STS_PROJECT_PATH }} --configuration Release --no-restore
+          dotnet build ${{ env.ADMIN_PROJECT_PATH }} --configuration Release --no-restore
 
-      - name: Publish
+      - name: Publish STS
         run: |
           dotnet publish ${{ env.STS_PROJECT_PATH }} \
             --configuration Release \
             --no-build \
-            --output ${{ env.PUBLISH_DIR }}
+            --output ${{ env.STS_PUBLISH_DIR }}
+
+      - name: Publish Admin
+        run: |
+          dotnet publish ${{ env.ADMIN_PROJECT_PATH }} \
+            --configuration Release \
+            --no-build \
+            --output ${{ env.ADMIN_PUBLISH_DIR }}
 
       - name: Log in to Azure
         uses: azure/login@v2
@@ -57,7 +70,7 @@ jobs:
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - name: Configure App Service settings
+      - name: Configure STS App Service settings
         run: |
           az webapp config appsettings set \
             --resource-group ${{ env.RESOURCE_GROUP }} \
@@ -66,11 +79,36 @@ jobs:
               "ConnectionStrings__ConfigurationDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
               "ConnectionStrings__PersistedGrantDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
               "ConnectionStrings__IdentityDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__DataProtectionDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
               "AdminConfiguration__IdentityServerBaseUrl=${{ secrets.IDENTITY_SERVER_URL }}" \
               "ASPNETCORE_ENVIRONMENT=Production"
 
-      - name: Deploy to Azure App Service
+      - name: Configure Admin App Service settings
+        run: |
+          az webapp config appsettings set \
+            --resource-group ${{ env.RESOURCE_GROUP }} \
+            --name ${{ env.ADMIN_APP_SERVICE_NAME }} \
+            --settings \
+              "ConnectionStrings__ConfigurationDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__PersistedGrantDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__IdentityDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__AdminLogDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__AdminAuditLogDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "ConnectionStrings__DataProtectionDbConnection=${{ secrets.IDS_DB_CONNECTION_STRING }}" \
+              "AdminConfiguration__IdentityServerBaseUrl=${{ secrets.IDENTITY_SERVER_URL }}" \
+              "AdminConfiguration__IdentityAdminRedirectUri=${{ secrets.IDENTITY_ADMIN_URL }}/signin-oidc" \
+              "SeedConfiguration__ApplySeed=false" \
+              "DatabaseMigrationsConfiguration__ApplyDatabaseMigrations=false" \
+              "ASPNETCORE_ENVIRONMENT=Production"
+
+      - name: Deploy STS to Azure App Service
         uses: azure/webapps-deploy@v3
         with:
           app-name: ${{ env.APP_SERVICE_NAME }}
-          package: ${{ env.PUBLISH_DIR }}
+          package: ${{ env.STS_PUBLISH_DIR }}
+
+      - name: Deploy Admin to Azure App Service
+        uses: azure/webapps-deploy@v3
+        with:
+          app-name: ${{ env.ADMIN_APP_SERVICE_NAME }}
+          package: ${{ env.ADMIN_PUBLISH_DIR }}

infra/main.bicep

@@ -30,6 +30,9 @@ param apiAppName string
 @description('Name of the IdentityServer Web App')
 param identityAppName string
 
+@description('Name of the IdentityServer Admin Web App')
+param identityAdminAppName string
+
 @description('Name of the Angular Static Web App')
 param staticWebAppName string
 
@@ -77,6 +80,15 @@ module identityApp 'modules/webApp.bicep' = {
   }
 }
 
+module identityAdminApp 'modules/webApp.bicep' = {
+  name: 'identityAdminApp'
+  params: {
+    webAppName: identityAdminAppName
+    location: location
+    appServicePlanId: appServicePlan.outputs.id
+  }
+}
+
 // ─── Angular Static Web App ───────────────────────────────────────────────────
 // Static Web Apps are not available in eastus — use eastus2
 module angularSwa 'modules/staticWebApp.bicep' = {
@@ -103,5 +115,6 @@ module sqlServer 'modules/sqlServer.bicep' = {
 // ─── Outputs (used by deployment workflows and post-deployment config) ─────────
 output apiAppUrl string = apiApp.outputs.url
 output identityAppUrl string = identityApp.outputs.url
+output identityAdminAppUrl string = identityAdminApp.outputs.url
 output angularAppUrl string = angularSwa.outputs.url
 output sqlServerFqdn string = sqlServer.outputs.sqlServerFqdn

infra/parameters/dev.bicepparam

@@ -10,6 +10,7 @@ using '../main.bicep'
 param appServicePlanName = 'asp-talent-f1-dev'
 param apiAppName         = 'app-talent-api-dev'
 param identityAppName    = 'app-talent-ids-dev'
+param identityAdminAppName = 'app-talent-admin-dev'
 param staticWebAppName   = 'swa-talent-ui-dev'
 param sqlServerName      = 'sql-talent-dev'
 param apiDbName          = 'sqldb-talent-api-dev'