diff --git a/.github/workflows/deploy-az-resources.yml b/.github/workflows/deploy-az-resources.yml index 6e9a618..fe23508 100644 --- a/.github/workflows/deploy-az-resources.yml +++ b/.github/workflows/deploy-az-resources.yml @@ -1,8 +1,9 @@ # Use OpenID Connect to authenticate to Azure # https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Cwindows#use-the-azure-login-action-with-openid-connect # *** https://colinsalmcorner.com/using-oidc-with-terraform-in-github-actions/ -# change simulation -name: '$GITHUB_WORKFLOW-$GITHUB_RUN_NUMBER-$GITHUB_EVENT_NAME' +# https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-github-actions?tabs=openid%2CCLI + +name: deploy-az-resources on: push: branches: @@ -20,25 +21,21 @@ jobs: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - umiName: umi-bcp-002 - rootMg: orgid - umiResourceGroup: umi-rgp-01 + spnName: oid-bcp-ghb-003 rgpLabName: rgp-lab rgpIacName: rgp-iac location: centralus - umiLocation: eastus2 - stackName: 'stack-$GITHUB_WORKFLOW' + stackName: 'stack-${{ github.workflow }}' templateFile: "./exercises-dev/main-exercises-dev.bicep" templateParamFile: "./exercises-dev/main-exercises-dev.parameters.json" templateSpecName: tsp-rgp-iac - templateSpecVersion: '1.0.$GITHUB_RUN_NUMBER' + templateSpecVersion: '1.0.${{ github.run_number }}' templateSpecDescription: 'Template Spec for RGP IaC' templateSpecSourceFile: "./exercises-dev/modules/sbx/sta-tsp.bicep" templateSpecParamFile: "./exercises-dev/modules/sbx/sta-tsp-params.json" deploy: true # Set to true to plan only, false to deploy or rollback deployTemplateSpec: true # Set to true to deploy template spec, false to deploy template rollback: false # Set to true to rollback, false to deploy - skipSelfHostedSetup: true # Set to true if using a GitHub runner, otherwise false to install self-hosted runner pre-requisite apps runs-on: ubuntu-latest @@ -49,65 +46,60 @@ jobs: working-directory: ${{ github.workspace }} steps: + # Clear the GitHub Actions runner's local npm cache + - name: Cache dependencies + uses: actions/cache@v2 + with: + path: node_modules + key: ${{ runner.os }}-${{ github.sha }}-${{ hashFiles('**/package-lock.json') }}-${{ github.run_number }} + # Checkout the repository to the GitHub Actions runner - name: Checkout uses: actions/checkout@v3 - # Authenticate to Azure tenant using the Azure login action (OIDC) + + # Authenticate to Azure tenant using the Azure login action (OIDC) - name: Authenticate to Azure with OIDC - uses: Azure/login@v1 + uses: azure/login@v1 with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - use-oidc: true - - - name: Install Pre-Requisites for Self-Hosted Runner if required - run: | - chmod +x $GITHUB_WORKSPACE/az-scripts/setupSelfHostedRunner.sh - $GITHUB_WORKSPACE/az-scripts/setupSelfHostedRunner.sh - shell: bash - if: ${{ env.skipSelfHostedSetup == 'true' }} - - - name: Install PowerShell - run: | - chmod +x $GITHUB_WORKSPACE/az-scripts/installPowerShell.sh - $GITHUB_WORKSPACE/az-scripts/installPowerShell.sh - shell: bash - if: ${{ env.skipSelfHostedSetup == 'true' }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + enable-AzPSSession: false + # https://github.com/Azure/login - name: deploy - run: | - az upgrade --yes --verbose - az bicep upgrade --verbose - az --version - az account show - az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }} - az stack sub create --name ${{ env.stackname }} --location ${{ env.location }} --template-file ${{ env.templateFile }} --parameters ${{ env.templateParamFile }} --deny-settings-mode none --delete-all --yes --verbose - shell: bash + uses: azure/CLI@v1 + with: + # azcliversion: latest + inlineScript: | + az --version + az account show + az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }} + az stack sub create --name ${{ env.stackname }} --location ${{ env.location }} --template-file ${{ env.templateFile }} --parameters ${{ env.templateParamFile }} --deny-settings-mode none --delete-all --yes --verbose if: ${{ env.deploy == 'true' }} - name: rollback - run: | - az upgrade --yes --verbose - az bicep upgrade --verbose - az --version - az account show - az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }} - az stack sub delete --name ${{ env.stackname }} --location ${{ env.location }} --yes --verbose - shell: bash + uses: azure/CLI@v1 + with: + # azcliversion: latest + inlineScript: | + az --version + az account show + az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }} + az stack sub delete --name ${{ env.stackname }} --location ${{ env.location }} --yes --verbose if: ${{ env.rollback == 'true' }} - + - name: deployTemplateSpec - run: | - az upgrade --yes --verbose - az bicep upgrade --verbose - az --version - az account show - az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }} - az ts create --name ${{ env.templateSpecName }} --version ${{ env.templateSpecVersion }} --location ${{ env.location }} --resource-group ${{ env.rgpIacName }} --description ${{ env.templateSpecDescription }} --template-file ${{ env.templateSpecSourceFile }} --yes --verbose - sleep 20 - id=$(az ts show --name ${{ env.templateSpecName }} --resource-group ${{ env.rgpIacName }} --version ${{ env.templateSpecVersion }} --query 'id') - az deployment group create --resource-group ${{ env.rgpIacName }} --template-spec $id --parameters ${{ env.templateSpecParamFile }} --verbose - shell: bash + uses: azure/CLI@v1 + with: + # azcliversion: latest + inlineScript: | + az --version + az account show + az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }} + az ts create --name ${{ env.templateSpecName }} --version ${{ env.templateSpecVersion }} --location ${{ env.location }} --resource-group ${{ env.rgpIacName }} --description ${{ env.templateSpecDescription }} --template-file ${{ env.templateSpecSourceFile }} --yes --verbose + sleep 20 + id=$(az ts show --name ${{ env.templateSpecName }} --resource-group ${{ env.rgpIacName }} --version ${{ env.templateSpecVersion }} --query 'id') + az deployment group create --resource-group ${{ env.rgpIacName }} --template-spec $id --parameters ${{ env.templateSpecParamFile }} --verbose if: ${{ env.deployTemplateSpec == 'true' }}