Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#83) #138
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Infrastructure | |
| "on": | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - .github/workflows/infrastructure.yml | |
| - infrastructure/** | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - .github/workflows/infrastructure.yml | |
| - infrastructure/** | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.2.2 | |
| - name: Lint Bicep Files | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| az bicep lint --file infrastructure/main.bicep | |
| az bicep lint --file infrastructure/main.bicepparam | |
| - name: Build Bicep Files | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| az bicep build --file infrastructure/main.bicep --outfile infrastructure/main.json | |
| az bicep build-params --file infrastructure/main.bicepparam --outfile infrastructure/main.parameters.json | |
| - name: Upload Bicep Files | |
| uses: actions/upload-artifact@v4.5.0 | |
| with: | |
| name: infrastructure | |
| path: infrastructure/ | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' || github.event_name == 'pull_request' | |
| environment: Staging | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Download Bicep Files | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| name: infrastructure | |
| path: infrastructure/ | |
| - name: Azure Login | |
| uses: azure/login@v2.2.0 | |
| with: | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Create Resource Group | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| az group create --name ${{ vars.RESOURCE_GROUP }} --location ${{ vars.LOCATION }} | |
| - name: Validate ARM Deployment | |
| uses: azure/arm-deploy@v2 | |
| with: | |
| scope: resourcegroup | |
| resourceGroupName: ${{ vars.RESOURCE_GROUP }} | |
| template: infrastructure/main.bicep | |
| parameters: infrastructure/main.bicepparam | |
| deploymentMode: Validate | |
| - name: What-if ARM Deployment | |
| uses: azure/arm-deploy@v2 | |
| with: | |
| scope: resourcegroup | |
| resourceGroupName: ${{ vars.RESOURCE_GROUP }} | |
| template: infrastructure/main.bicep | |
| parameters: infrastructure/main.bicepparam | |
| deploymentMode: Incremental | |
| additionalArguments: --what-if | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/main' | |
| environment: Production | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Download Bicep Files | |
| uses: actions/download-artifact@v4.1.8 | |
| with: | |
| name: infrastructure | |
| path: infrastructure/ | |
| - name: Azure Login | |
| uses: azure/login@v2.2.0 | |
| with: | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Create Resource Group | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| az group create --name ${{ vars.RESOURCE_GROUP }} --location ${{ vars.LOCATION }} | |
| - name: Deploy Resources | |
| uses: azure/arm-deploy@v2 | |
| with: | |
| scope: resourcegroup | |
| resourceGroupName: ${{ vars.RESOURCE_GROUP }} | |
| template: infrastructure/main.bicep | |
| parameters: infrastructure/main.bicepparam | |
| deploymentMode: Incremental | |
| - name: Assign AcrPull to Deployment Slot | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| WEBAPP_IDENTITY=$(az webapp show --resource-group ${{ vars.RESOURCE_GROUP }} --name ${{ vars.WEBAPP }} --slot ${{ vars.DEPLOYMENT_SLOT }} --query identity.principalId --output tsv) | |
| CONTAINER_REGISTRY=$(az acr show --name ${{ vars.CONTAINER_REGISTRY }} --query id --output tsv) | |
| az role assignment create --assignee $WEBAPP_IDENTITY --scope $CONTAINER_REGISTRY --role "AcrPull" | |
| - name: Assign AcrPull to Web App | |
| uses: azure/cli@v2.1.0 | |
| with: | |
| inlineScript: | | |
| WEBAPP_IDENTITY=$(az webapp show --resource-group ${{ vars.RESOURCE_GROUP }} --name ${{ vars.WEBAPP }} --query identity.principalId --output tsv) | |
| CONTAINER_REGISTRY=$(az acr show --name ${{ vars.CONTAINER_REGISTRY }} --query id --output tsv) | |
| az role assignment create --assignee $WEBAPP_IDENTITY --scope $CONTAINER_REGISTRY --role "AcrPull" |