-
Notifications
You must be signed in to change notification settings - Fork 38
91 lines (82 loc) · 3.54 KB
/
Copy pathazure-dev.yml
File metadata and controls
91 lines (82 loc) · 3.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: Deploy to Azure Container App
run-name: 'Deploy to Azure ACA by @${{ github.actor }}'
# Run when commits are pushed to ado-pipeline
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# -- this parm should work, but there are some variable issues when trying to do a deploy without a provision...
# inputs:
# azdMode:
# description: AZD Mode
# default: up
# type: choice
# options:
# - up
# - provision
# - deploy
## Uncomment this to run when commits are pushed to mainline branch (main or master)
# push:
# branches:
# - main
# Set up permissions for deploying with secretless Azure federated credentials
# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
permissions:
id-token: write
contents: read
jobs:
azd-deploy:
runs-on: ubuntu-latest
env:
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
AZURE_USER_PRINCIPAL_ID: ${{ secrets.AZURE_USER_PRINCIPAL_ID }}
GITHUB_ORGANIZATION_SLUGS: ${{ vars.GH_ORGANIZATION_SLUGS }}
AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
ASSIGN_PERMISSIONS_TO_PRINCIPAL: false
AZURE_AUTHENTICATION_ENABLED: ${{ vars.AZURE_AUTHENTICATION_ENABLED }}
AZURE_AUTHENTICATION_CLIENT_ID: ${{ secrets.AZURE_AUTHENTICATION_CLIENT_ID }}
AZURE_AUTHENTICATION_OPEN_ID_ISSUER: ${{ vars.AZURE_AUTHENTICATION_OPEN_ID_ISSUER }}
GRAFANA_USERNAME: ${{ vars.GRAFANA_USERNAME }}
GRAFANA_PASSWORD: ${{ secrets.GRAFANA_PASSWORD }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install azd
uses: Azure/setup-azd@v2
- name: AZD Login with Azure (Federated Credentials)
run: |
azd auth login `
--client-id "$Env:AZURE_CLIENT_ID" `
--federated-credential-provider "github" `
--tenant-id "$Env:AZURE_TENANT_ID"
shell: pwsh
- name: Azure CLI Login (OIDC)
uses: azure/login@v2
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
- name: AZD Provision Infrastructure
# if: $ { { inputs.azdMode == 'up' || inputs.azdMode == 'provision' }}
run: azd provision --no-prompt
env:
GITHUB_PAT: ${{ secrets.GH_PAT }}
# - name: Resolve Container Registry Endpoint (deploy-only mode)
# if: $ { { inputs.azdMode == 'deploy' }}
# run: |
# $endpoint = az acr list --resource-group "$Env:AZURE_RESOURCE_GROUP" --query "[0].loginServer" -o tsv
# if (-not $endpoint) {
# Write-Error "Could not find a container registry in resource group '$Env:AZURE_RESOURCE_GROUP'. Run 'azd provision' first."
# exit 1
# }
# echo "AZURE_CONTAINER_REGISTRY_ENDPOINT=$endpoint" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
# Write-Host "Resolved AZURE_CONTAINER_REGISTRY_ENDPOINT=$endpoint"
# shell: pwsh
- name: AZD Deploy Application
# if: $ { { inputs.azdMode == 'up' || inputs.azdMode == 'deploy' }}
run: azd deploy --no-prompt
env:
GITHUB_PAT: ${{ secrets.GH_PAT }}