Merge branch 'main' of https://github.com/autocloudarc/0079-bicep-exe…

…rcises
autocloudarc · Jan 9, 2024 · a5b8ebb · a5b8ebb
2 parents 6e73aa0 + 9679d82
commit a5b8ebb
Showing 1 changed file with 49 additions and 57 deletions.
diff --git a/.github/workflows/deploy-az-resources.yml b/.github/workflows/deploy-az-resources.yml
@@ -1,8 +1,9 @@
 # Use OpenID Connect to authenticate to Azure
 # https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Cwindows#use-the-azure-login-action-with-openid-connect
 # *** https://colinsalmcorner.com/using-oidc-with-terraform-in-github-actions/
-# change simulation
-name: '$GITHUB_WORKFLOW-$GITHUB_RUN_NUMBER-$GITHUB_EVENT_NAME'
+# https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-github-actions?tabs=openid%2CCLI
+
+name: deploy-az-resources
 on:
   push:
     branches:
@@ -20,25 +21,21 @@ jobs:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      umiName: umi-bcp-002
-      rootMg: orgid
-      umiResourceGroup: umi-rgp-01
+      spnName: oid-bcp-ghb-003
       rgpLabName: rgp-lab
       rgpIacName: rgp-iac
       location: centralus
-      umiLocation: eastus2
-      stackName: 'stack-$GITHUB_WORKFLOW'
+      stackName: 'stack-${{ github.workflow }}'
       templateFile: "./exercises-dev/main-exercises-dev.bicep"
       templateParamFile: "./exercises-dev/main-exercises-dev.parameters.json"
       templateSpecName: tsp-rgp-iac
-      templateSpecVersion: '1.0.$GITHUB_RUN_NUMBER'
+      templateSpecVersion: '1.0.${{ github.run_number }}'
       templateSpecDescription: 'Template Spec for RGP IaC'
       templateSpecSourceFile: "./exercises-dev/modules/sbx/sta-tsp.bicep"
       templateSpecParamFile: "./exercises-dev/modules/sbx/sta-tsp-params.json"
       deploy: true # Set to true to plan only, false to deploy or rollback
       deployTemplateSpec: true # Set to true to deploy template spec, false to deploy template
       rollback: false # Set to true to rollback, false to deploy
-      skipSelfHostedSetup: true # Set to true if using a GitHub runner, otherwise false to install self-hosted runner pre-requisite apps
 
     runs-on: ubuntu-latest
 
@@ -49,65 +46,60 @@ jobs:
         working-directory: ${{ github.workspace }}
 
     steps:
+    # Clear the GitHub Actions runner's local npm cache
+    - name: Cache dependencies
+      uses: actions/cache@v2
+      with:
+        path: node_modules
+        key: ${{ runner.os }}-${{ github.sha }}-${{ hashFiles('**/package-lock.json') }}-${{ github.run_number }}
+
     # Checkout the repository to the GitHub Actions runner
     - name: Checkout
       uses: actions/checkout@v3
 
-    # Authenticate to Azure tenant using the Azure login action (OIDC)
+
+      # Authenticate to Azure tenant using the Azure login action (OIDC)
     - name: Authenticate to Azure with OIDC
-      uses: Azure/login@v1
+      uses: azure/login@v1
       with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          use-oidc: true
-
-    - name: Install Pre-Requisites for Self-Hosted Runner if required
-      run: |
-        chmod +x $GITHUB_WORKSPACE/az-scripts/setupSelfHostedRunner.sh
-        $GITHUB_WORKSPACE/az-scripts/setupSelfHostedRunner.sh
-      shell: bash
-      if: ${{ env.skipSelfHostedSetup == 'true' }}
-
-    - name: Install PowerShell
-      run: |
-        chmod +x $GITHUB_WORKSPACE/az-scripts/installPowerShell.sh
-        $GITHUB_WORKSPACE/az-scripts/installPowerShell.sh
-      shell: bash
-      if: ${{ env.skipSelfHostedSetup == 'true' }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        enable-AzPSSession: false
 
+    # https://github.com/Azure/login
     - name: deploy
-      run: |
-        az upgrade --yes --verbose
-        az bicep upgrade --verbose
-        az --version
-        az account show
-        az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-        az stack sub create --name ${{ env.stackname }} --location ${{ env.location }} --template-file ${{ env.templateFile }} --parameters ${{ env.templateParamFile }} --deny-settings-mode none --delete-all --yes --verbose
-      shell: bash
+      uses: azure/CLI@v1
+      with:
+        # azcliversion: latest
+        inlineScript: |
+          az --version
+          az account show
+          az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          az stack sub create --name ${{ env.stackname }} --location ${{ env.location }} --template-file ${{ env.templateFile }} --parameters ${{ env.templateParamFile }} --deny-settings-mode none --delete-all --yes --verbose
       if: ${{ env.deploy == 'true' }}
 
     - name: rollback
-      run: |
-        az upgrade --yes --verbose
-        az bicep upgrade --verbose
-        az --version
-        az account show
-        az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-        az stack sub delete --name ${{ env.stackname }} --location ${{ env.location }} --yes --verbose
-      shell: bash
+      uses: azure/CLI@v1
+      with:
+        # azcliversion: latest
+        inlineScript: |
+          az --version
+          az account show
+          az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          az stack sub delete --name ${{ env.stackname }} --location ${{ env.location }} --yes --verbose
       if: ${{ env.rollback == 'true' }}
-
+        
     - name: deployTemplateSpec
-      run: |
-        az upgrade --yes --verbose
-        az bicep upgrade --verbose
-        az --version
-        az account show
-        az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-        az ts create --name ${{ env.templateSpecName }} --version ${{ env.templateSpecVersion }} --location ${{ env.location }} --resource-group ${{ env.rgpIacName }} --description ${{ env.templateSpecDescription }} --template-file ${{ env.templateSpecSourceFile }} --yes --verbose
-        sleep 20
-        id=$(az ts show --name ${{ env.templateSpecName }} --resource-group ${{ env.rgpIacName }} --version ${{ env.templateSpecVersion }} --query 'id')
-        az deployment group create --resource-group ${{ env.rgpIacName }} --template-spec $id --parameters ${{ env.templateSpecParamFile }} --verbose
-      shell: bash
+      uses: azure/CLI@v1
+      with: 
+        # azcliversion: latest
+        inlineScript: |
+          az --version
+          az account show
+          az account set --subscription -s ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          az ts create --name ${{ env.templateSpecName }} --version ${{ env.templateSpecVersion }} --location ${{ env.location }} --resource-group ${{ env.rgpIacName }} --description ${{ env.templateSpecDescription }} --template-file ${{ env.templateSpecSourceFile }} --yes --verbose
+          sleep 20
+          id=$(az ts show --name ${{ env.templateSpecName }} --resource-group ${{ env.rgpIacName }} --version ${{ env.templateSpecVersion }} --query 'id')
+          az deployment group create --resource-group ${{ env.rgpIacName }} --template-spec $id --parameters ${{ env.templateSpecParamFile }} --verbose
       if: ${{ env.deployTemplateSpec == 'true' }}