1+ name : Build and deploy infrastructure as code to Azure
2+
3+ on :
4+ push :
5+ branches :
6+ - main
7+ paths :
8+ - ' bicep/**'
9+ - ' .github/workflows/infra-deploy.yml'
10+ workflow_dispatch :
11+ inputs :
12+ teardown :
13+ description : ' Set this to true if you want to deleted the infrastructure deployed in the subscription'
14+ required : true
15+ type : boolean
16+
17+ concurrency :
18+ group : infra-deploy-demo-env
19+ cancel-in-progress : false
20+
21+ permissions :
22+ id-token : write
23+ contents : read
24+
25+ env :
26+ REGISTRY : ghcr.io
27+ BACKEND_API_IMAGE_NAME : azure/tasksmanager-backend-api
28+ FRONTEND_APP_IMAGE_NAME : azure/tasksmanager-frontend-webapp
29+ BACKEND_PROCESSOR_IMAGE_NAME : azure/tasksmanager-backend-processor
30+
31+ jobs :
32+ # This job is used for linting the bicep files
33+ lint :
34+ runs-on : ubuntu-latest
35+ if : ${{ github.event.inputs.teardown != 'true' }}
36+ name : Lint bicep files
37+ steps :
38+ - uses : actions/checkout@v2
39+ - name : Perform linting
40+ run : az bicep build --f bicep/main.bicep
41+
42+ # This job creates the resource group if it does not exist and validates the bicep template
43+ validate :
44+ runs-on : ubuntu-latest
45+ if : ${{ github.event.inputs.teardown != 'true' }}
46+ name : Create RG and Validate bicep template
47+ needs : [ lint ]
48+ steps :
49+ - uses : actions/checkout@v2
50+ - name : Azure login
51+ uses : azure/login@v1
52+ with :
53+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
54+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
55+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
56+
57+ - name : Create Resource Group if does not exist
58+ uses : azure/CLI@v1
59+ with :
60+ inlineScript : |
61+ if [[ $(az group exists -n ${{ vars.RESOURCE_GROUP }}) == true ]]
62+ then
63+ echo "Resource group already exists in the subscription"
64+ else
65+ az group create --name ${{ vars.RESOURCE_GROUP }} --location ${{ vars.LOCATION }}
66+ echo "Resource group created"
67+ fi
68+
69+ uses : azure/arm-deploy@v1
70+ name : Run validation
71+ with :
72+ deploymentName : ${{ github.run_number }}
73+ resourceGroupName : ${{ vars.RESOURCE_GROUP }}
74+ region : ${{ vars.LOCATION }}
75+ template : ./bicep/main.bicep
76+ parameters : ./bicep/main.parameters.json
77+ deploymentMode : Validate
78+
79+ # This job run what-if on the bicep template
80+ preview :
81+ runs-on : ubuntu-latest
82+ if : ${{ github.event.inputs.teardown != 'true' }}
83+ needs : [ validate ]
84+ name : Run what-if on the bicep template
85+ steps :
86+ - uses : actions/checkout@v3
87+ - uses : azure/login@v1
88+ name : Sign in to Azure
89+ with :
90+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
91+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
92+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
93+ - uses : azure/arm-deploy@v1
94+ name : Run what-if
95+ with :
96+ resourceGroupName : ${{ vars.RESOURCE_GROUP }}
97+ template : ./bicep/main.bicep
98+ parameters : ./bicep/main.parameters.json containerRegistryName=${{ vars.CONTAINER_REGISTRY_NAME }} backendProcessorServiceImage=${{ env.REGISTRY }}/${{ env.BACKEND_PROCESSOR_IMAGE_NAME }} backendApiServiceImage=${{ env.REGISTRY }}/${{ env.BACKEND_API_IMAGE_NAME }} frontendWebAppServiceImage=${{ env.REGISTRY }}/${{ env.FRONTEND_APP_IMAGE_NAME }}
99+ additionalArguments : " --what-if --rollback-on-error --what-if-exclude-change-types Ignore"
100+
101+ # This job creates ACR and imports images from GitHub Container Registry if configured. If ACR already exists but not in same resource group, it will fail the workflow
102+ create-acr :
103+ runs-on : ubuntu-latest
104+ name : Create ACR and import images from GitHub Container Registry if configured
105+ if : ${{ vars.CONTAINER_REGISTRY_NAME != '' }}
106+ needs : [ preview ]
107+ steps :
108+ - uses : actions/checkout@v3
109+ - uses : azure/login@v1
110+ name : Sign in to Azure
111+ with :
112+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
113+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
114+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
115+ - name : Create ACR ${{ vars.CONTAINER_REGISTRY_NAME }} if does not exist
116+ uses : azure/CLI@v1
117+ with :
118+ inlineScript : |
119+ if [[ $(az acr check-name -n ${{ vars.CONTAINER_REGISTRY_NAME }} -o tsv --query "nameAvailable") == false ]]
120+ then
121+ echo "ACR already exists."
122+ if [[ $(az acr list -g ${{ vars.RESOURCE_GROUP }} -o tsv --query "[?name=='${{ vars.CONTAINER_REGISTRY_NAME }}']") == "" ]]
123+ then
124+ echo "ACR exists but not in the resource group ${{ vars.RESOURCE_GROUP }}. Please select a different name for the ACR and update in repository variable."
125+ echo "::error title=Not Unique ACR::ACR exists but not in the resource group ${{ vars.RESOURCE_GROUP }}. Please select a different name for the ACR and update in repository variable."
126+ exit 1
127+ fi
128+ else
129+ az acr create --name ${{ vars.CONTAINER_REGISTRY_NAME }} --resource-group ${{ vars.RESOURCE_GROUP }} --sku Basic --location ${{ vars.LOCATION }}
130+ echo "ACR created"
131+ fi
132+ name : Import images from GitHub Container Registry
133+ uses : azure/CLI@v1
134+ with :
135+ inlineScript : |
136+ az acr import --name ${{ vars.CONTAINER_REGISTRY_NAME }} --source ${{ env.REGISTRY }}/${{ env.BACKEND_PROCESSOR_IMAGE_NAME }}:latest --image tasksmanager/tasksmanager-backend-processor --force
137+ az acr import --name ${{ vars.CONTAINER_REGISTRY_NAME }} --source ${{ env.REGISTRY }}/${{ env.BACKEND_API_IMAGE_NAME }}:latest --image tasksmanager/tasksmanager-backend-api --force
138+ az acr import --name ${{ vars.CONTAINER_REGISTRY_NAME }} --source ${{ env.REGISTRY }}/${{ env.FRONTEND_APP_IMAGE_NAME }}:latest --image tasksmanager/tasksmanager-frontend-webapp --force
139+
140+ # This job deploys the bicep template to Azure subscription either using ACR images
141+ deploy-with-acr-images :
142+ runs-on : ubuntu-latest
143+ if : ${{ github.event.inputs.teardown != 'true' }}
144+ needs : [ create-acr]
145+ name : Deploy to Azure subscription with ACR
146+ steps :
147+ - uses : actions/checkout@v3
148+ - uses : azure/login@v1
149+ name : Sign in to Azure
150+ with :
151+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
152+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
153+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
154+ - uses : azure/arm-deploy@v1
155+ id : deployment-with-acr-images
156+ name : Deploy to Azure subscription
157+ with :
158+ deploymentName : " github-${{ github.run_number }}"
159+ resourceGroupName : ${{ vars.RESOURCE_GROUP }}
160+ region : ${{ vars.LOCATION }}
161+ template : ./bicep/main.bicep
162+ parameters : ./bicep/main.parameters.json containerRegistryName=${{ vars.CONTAINER_REGISTRY_NAME }} backendProcessorServiceImage=${{ vars.CONTAINER_REGISTRY_NAME }}.azurecr.io/tasksmanager/tasksmanager-backend-processor:latest backendApiServiceImage=${{ vars.CONTAINER_REGISTRY_NAME }}.azurecr.io/tasksmanager/tasksmanager-backend-api:latest frontendWebAppServiceImage=${{ vars.CONTAINER_REGISTRY_NAME }}.azurecr.io/tasksmanager/tasksmanager-frontend-webapp:latest
163+ failOnStdErr : false
164+
165+ # This job deploys the bicep template to Azure subscription using GitHub Container Registry images
166+ deploy-with-ghcr-images :
167+ runs-on : ubuntu-latest
168+ if : ${{ github.event.inputs.teardown != 'true' && vars.CONTAINER_REGISTRY_NAME == '' }}
169+ needs : [ preview ]
170+ name : Deploy to Azure subscription with GHCR
171+ steps :
172+ - uses : actions/checkout@v3
173+ - uses : azure/login@v1
174+ name : Sign in to Azure
175+ with :
176+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
177+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
178+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
179+ - uses : azure/arm-deploy@v1
180+ id : deployment-with-ghcr-images
181+ name : Deploy to Azure subscription
182+ with :
183+ deploymentName : " github-${{ github.run_number }}"
184+ resourceGroupName : ${{ vars.RESOURCE_GROUP }}
185+ region : ${{ vars.LOCATION }}
186+ template : ./bicep/main.bicep
187+ parameters : ./bicep/main.parameters.json containerRegistryName= backendProcessorServiceImage=${{ env.REGISTRY }}/${{ env.BACKEND_PROCESSOR_IMAGE_NAME }}:latest backendApiServiceImage=${{ env.REGISTRY }}/${{ env.BACKEND_API_IMAGE_NAME }}:latest frontendWebAppServiceImage=${{ env.REGISTRY }}/${{ env.FRONTEND_APP_IMAGE_NAME }}:latest
188+ failOnStdErr : false
189+
190+ # This job deletes the resource group created by the workflow and can only be triggered by the workflow dispatch event.
191+ teardown :
192+ runs-on : ubuntu-latest
193+ if : ${{ github.event.inputs.teardown == 'true' }}
194+ steps :
195+ - uses : actions/checkout@v3
196+ - uses : azure/login@v1
197+ name : Sign in to Azure
198+ with :
199+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
200+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
201+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
202+ - name : Delete Resource Group if exist
203+ uses : azure/CLI@v1
204+ with :
205+ inlineScript : |
206+ if [[ $(az group exists -n ${{ vars.RESOURCE_GROUP }}) == true ]]
207+ then
208+ echo "Resource group exists. Deleting..."
209+ az group delete -n ${{ vars.RESOURCE_GROUP }} --yes
210+ else
211+ echo "Resource group does not exist in the subscription. Nothing to delete."
212+ fi
0 commit comments