Deploy to Azure #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Azure | |
| # Run when commits are pushed to feature/gitHubActions | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| AZURE_ENV_NAME: | |
| description: 'Azure environment name' | |
| required: true | |
| default: 'demo' | |
| AZURE_LOCATION: | |
| description: 'Azure region (e.g., eastus, westus)' | |
| required: true | |
| default: 'eastus2' | |
| # Set up permissions for deploying with secretless Azure federated credentials | |
| # https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-and-deploy-to-azure: | |
| runs-on: ubuntu-latest | |
| env: | |
| AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_ENV_NAME: ${{ github.event_name == 'workflow_dispatch' && inputs.AZURE_ENV_NAME || 'devexp2' }} | |
| AZURE_LOCATION: ${{ github.event_name == 'workflow_dispatch' && inputs.AZURE_LOCATION || vars.AZURE_LOCATION }} | |
| steps: | |
| - name: Update all Packages | |
| run: | | |
| sudo apt-get update | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install azd | |
| uses: Azure/setup-azd@v2 | |
| - name: Build Accelerator Bicep | |
| run: | | |
| echo "✅ Building Bicep templates..." | |
| mkdir -p ./artifacts | |
| # Check if Azure CLI is available | |
| if command -v az &> /dev/null; then | |
| az bicep build --file ./infra/main.bicep --outdir ./artifacts | |
| echo "✅ Bicep build completed" | |
| else | |
| echo "⚠️ Azure CLI not available, creating placeholder artifacts" | |
| echo "Bicep build would be executed here" > ./artifacts/placeholder.txt | |
| fi | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: artifacts | |
| path: ./artifacts | |
| compression-level: 6 | |
| overwrite: true | |
| if-no-files-found: warn | |
| - name: Artifact Summary | |
| run: | | |
| branch_name="${{ github.ref_name }}" | |
| echo "📦 Artifacts Summary:" | |
| echo " - Environment: ${{ env.AZURE_ENV_NAME }}" | |
| echo " - Branch: $branch_name" | |
| echo " - Artifacts uploaded: ✅" | |
| - name: Log in with Azure (Federated Credentials) | |
| run: | | |
| azd auth login ` | |
| --client-id "$Env:AZURE_CLIENT_ID" ` | |
| --federated-credential-provider "github" ` | |
| --tenant-id "$Env:AZURE_TENANT_ID" | |
| shell: pwsh | |
| - name: Deploy to Azure | |
| run: | | |
| echo "AZURE_ENV_NAME: ${{ env.AZURE_ENV_NAME }}" | |
| azd provision --no-prompt | |
| env: | |
| KEY_VAULT_SECRET: ${{ secrets.KEY_VAULT_SECRET }} | |
| SOURCE_CONTROL_PLATFORM: 'github' |