Use latest Azure CLI version in workflows (#57) #116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Infrastructure | |
| "on": | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - .github/workflows/infrastructure.yml | |
| - infrastructure/** | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - .github/workflows/infrastructure.yml | |
| - infrastructure/** | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.2.1 | |
| - name: Lint Bicep Files | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| tdnf install -y icu # Temporary fix for ICU missing in Azure Linux | |
| az bicep lint --file infrastructure/main.bicep | |
| az bicep lint --file infrastructure/main.bicepparam | |
| - name: Build Bicep Files | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| tdnf install -y icu # Temporary fix for ICU missing in Azure Linux | |
| az bicep build --file infrastructure/main.bicep --outfile infrastructure/main.json | |
| az bicep build-params --file infrastructure/main.bicepparam --outfile infrastructure/main.parameters.json | |
| - name: Upload Bicep Files | |
| uses: actions/upload-artifact@v4.4.1 | |
| with: | |
| name: infrastructure | |
| path: infrastructure/ | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' || github.event_name == 'pull_request' | |
| environment: Staging | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download Bicep Files | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| name: infrastructure | |
| path: infrastructure/ | |
| - name: Azure Login | |
| uses: azure/login@v2.2.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Create Resource Group | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| az group create --name ${{ vars.RESOURCE_GROUP }} --location ${{ vars.LOCATION }} | |
| - name: Validate ARM Deployment | |
| uses: azure/arm-deploy@v2 | |
| with: | |
| scope: resourcegroup | |
| resourceGroupName: ${{ vars.RESOURCE_GROUP }} | |
| template: infrastructure/main.bicep | |
| parameters: infrastructure/main.bicepparam | |
| deploymentMode: Validate | |
| - name: What-if ARM Deployment | |
| uses: azure/arm-deploy@v2 | |
| with: | |
| scope: resourcegroup | |
| resourceGroupName: ${{ vars.RESOURCE_GROUP }} | |
| template: infrastructure/main.bicep | |
| parameters: infrastructure/main.bicepparam | |
| deploymentMode: Incremental | |
| additionalArguments: --what-if | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/main' | |
| environment: Production | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Download Bicep Files | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| name: infrastructure | |
| path: infrastructure/ | |
| - name: Azure Login | |
| uses: azure/login@v2.2.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Create Resource Group | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| az group create --name ${{ vars.RESOURCE_GROUP }} --location ${{ vars.LOCATION }} | |
| - name: Deploy Resources | |
| uses: azure/arm-deploy@v2 | |
| with: | |
| scope: resourcegroup | |
| resourceGroupName: ${{ vars.RESOURCE_GROUP }} | |
| template: infrastructure/main.bicep | |
| parameters: infrastructure/main.bicepparam | |
| deploymentMode: Incremental | |
| - name: Assign AcrPull to Deployment Slot | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| WEBAPP_IDENTITY=$(az webapp show --resource-group ${{ vars.RESOURCE_GROUP }} --name ${{ vars.WEBAPP }} --slot ${{ vars.DEPLOYMENT_SLOT }} --query identity.principalId --output tsv) | |
| CONTAINER_REGISTRY=$(az acr show --name ${{ vars.CONTAINER_REGISTRY }} --query id --output tsv) | |
| az role assignment create --assignee $WEBAPP_IDENTITY --scope $CONTAINER_REGISTRY --role "AcrPull" | |
| - name: Assign AcrPull to Web App | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| WEBAPP_IDENTITY=$(az webapp show --resource-group ${{ vars.RESOURCE_GROUP }} --name ${{ vars.WEBAPP }} --query identity.principalId --output tsv) | |
| CONTAINER_REGISTRY=$(az acr show --name ${{ vars.CONTAINER_REGISTRY }} --query id --output tsv) | |
| az role assignment create --assignee $WEBAPP_IDENTITY --scope $CONTAINER_REGISTRY --role "AcrPull" |