tag(scenario): add #116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use OpenID Connect to authenticate to Azure | ||
| # https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Cwindows#use-the-azure-login-action-with-openid-connect | ||
| # *** https://colinsalmcorner.com/using-oidc-with-terraform-in-github-actions/ | ||
| # https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-github-actions?tabs=openid%2CCLI | ||
| name: deploy-az-resources | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| workflow_dispatch: | ||
| # OIDC permissions for the GitHub Actions runner | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| # Global environment variables accessible from any job | ||
| env: | ||
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | ||
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | ||
| spnName: oid-bcp-ghb-003 | ||
| rgpLabName: rgp-lab | ||
| rgpIacName: rgp-iac | ||
| location: centralus | ||
| stackName: 'stack-deploy-az-resources' | ||
| templateFile: "./exercises-dev/main-exercises-dev.bicep" | ||
| templateParamFile: "./exercises-dev/main-exercises-dev.bicepparam" | ||
| operation: rollback # allowed values:[ deploy | rollback ] | ||
| jobs: | ||
| reusable-demo1: | ||
| uses: ./.github/workflows/reusable-workflow.yml | ||
| with: | ||
| operation: deploy | ||
| secrets: | ||
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | ||
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | ||
| reusable-workflow-brn: | ||
| uses: autocloudarc/0079-called-workflows/.github/workflows/called-workflow-brn.yml@main | ||
| with: | ||
| operation: deploy | ||
| reusable-workflow-tag: | ||
| uses: autocloudarc/0079-called-workflows/.github/workflows/[email protected] | ||
|
Check failure on line 54 in .github/workflows/deploy-az-resources.yml
|
||
| with: | ||
| operation: deploy | ||
| stage: | ||
| runs-on: ubuntu-latest | ||
| environment: dev | ||
| steps: | ||
| # Checkout the repository to the GitHub Actions runner | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| if: ${{ env.operation == 'deploy' }} | ||
| # Authenticate to Azure tenant using the Azure login action (OIDC) | ||
| - name: Authenticate to Azure with OIDC | ||
| uses: azure/login@v1 | ||
| with: | ||
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| enable-AzPSSession: false | ||
| if: ${{ env.operation == 'deploy' }} | ||
| - name: execute-pwsh-script | ||
| run: | | ||
| chmod +x ./ps-scripts/demo-powershellScript.ps1 | ||
| ./ps-scripts/demo-powershellScript.ps1 | ||
| shell: pwsh | ||
| - name: execute-pwsh-script-inline | ||
| run: | | ||
| $PSVersionTable | ||
| Write-Host "Executing inline PowerShell Commands" | ||
| Get-ChildItem | ||
| shell: pwsh | ||
| - name: 'Test Deployment' | ||
| uses: azure/CLI@v1 | ||
| with: | ||
| azcliversion: latest | ||
| inlineScript: | | ||
| az --version | ||
| az account show | ||
| az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| az deployment sub what-if --location ${{ env.location }} --template-file ${{ env.templateFile }} --parameters ${{ env.templateParamFile }} --verbose | ||
| if: ${{ env.operation == 'deploy' }} | ||
| # https://docs.microsoft.com/en-us/cli/azure/deployment/sub?view=azure-cli-latest#az_deployment_sub_what_if | ||
| # az deployment sub what-if --location WestUS --template-file ./exercises-dev/main-exercises-dev.bicep --parameters ./exercises-dev/main-exercises-dev.parameters.json | ||
| reusable-demo2: | ||
| needs: reusable-demo1 | ||
| uses: ./.github/workflows/reusable-workflow.yml | ||
| with: | ||
| operation: deploy | ||
| secrets: | ||
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | ||
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | ||
| deliver: | ||
| needs: stage | ||
| runs-on: ubuntu-latest | ||
| environment: prd | ||
| steps: | ||
| # Checkout the repository to the GitHub Actions runner | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| # Authenticate to Azure tenant using the Azure login action (OIDC) | ||
| - name: Authenticate to Azure with OIDC | ||
| uses: azure/login@v1 | ||
| with: | ||
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| enable-AzPSSession: false | ||
| # https://github.com/Azure/login | ||
| - name: deploy | ||
| uses: azure/CLI@v1 | ||
| with: | ||
| azcliversion: latest | ||
| inlineScript: | | ||
| az --version | ||
| az account show | ||
| az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| az stack sub create --name ${{ env.stackName }} --location ${{ env.location }} --template-file ${{ env.templateFile }} --parameters ${{ env.templateParamFile }} --deny-settings-mode none --delete-all --yes --verbose | ||
| if: ${{ env.operation == 'deploy' }} | ||
| - name: rollback | ||
| uses: azure/CLI@v1 | ||
| with: | ||
| azcliversion: latest | ||
| inlineScript: | | ||
| az --version | ||
| az account show | ||
| az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| az stack sub delete --name ${{ env.stackName }} --delete-all --yes --verbose | ||
| if: ${{ env.operation == 'rollback' }} | ||
