testing the deployment #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Scenario 1: Bicep Multi-Tenant ASEv3 Secure Baseline' | |
| ######################################################### | |
| # Concurrency allows to run 1 cycle at a time | |
| # If worflow is running, 2nd one will automatically go in pending state | |
| # if concurrency is enabled | |
| # If 1st running, 2nd in pending and 3rd is triggered then 2nd which was | |
| # in pending will be cancelled and only 3rd (latest) will run | |
| # | |
| # If this is enabled it will cancel current running and start latest | |
| # cancel-in-progress: true | |
| # | |
| # When a concurrent job or workflow is queued, | |
| # if another job or workflow using the same concurrency group in the repository | |
| # is in progress, the queued job or workflow will be pending. | |
| # | |
| # Any previously pending job or workflow in the concurrency group will be canceled. | |
| # To also cancel any currently running job or workflow in the same concurrency group, | |
| # specify cancel-in-progress: true. | |
| ############################################################ | |
| concurrency: | |
| group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
| cancel-in-progress: false | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - refactor/iac-cicd | |
| paths: | |
| - '.github/workflows/scenario1.bicep.yml' | |
| - 'scenarios/secure-baseline-multitenant/bicep/**' | |
| - '!scenarios/secure-baseline-multitenant/**.md' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - '.github/workflows/scenario1.bicep.yml' | |
| - 'scenarios/secure-baseline-multitenant/bicep/**' | |
| - '!scenarios/secure-baseline-multitenant/**.md' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| modulePath: 'scenarios/secure-baseline-multitenant/bicep' | |
| region: 'westus2' | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Bicep linter | |
| run: az bicep build --file deploy/main.bicep | |
| working-directory: ${{ env.modulePath }} | |
| validate: | |
| name: "Validate Bicep files" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Validate that bicep builds | |
| run: az bicep build -f main.bicep | |
| working-directory: ${{ env.modulePath }} | |
| # Log into Azure via OIDC | |
| - uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # Validate Bicep File | |
| - name: deployment-validation | |
| uses: azure/arm-deploy@v1 | |
| with: | |
| scope: subscription | |
| subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| region: ${{ env.region }} | |
| template: ${{ env.modulePath }}/main.bicep | |
| parameters: ${{ env.modulePath }}/main.parameters.jsonc | |
| failOnStdErr: false | |
| additionalArguments: "--what-if" | |
| deploymentMode: Validate | |
| build-and-deploy: | |
| # if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch' | |
| timeout-minutes: 360 | |
| name: "Deploy Bicep templates" | |
| needs: [lint, validate] | |
| runs-on: ubuntu-latest | |
| environment: Production | |
| steps: | |
| # Checkout code | |
| - name: Checkout the code | |
| uses: actions/checkout@main | |
| # Log into Azure via OIDC | |
| - uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # Validate Bicep File | |
| - name: what-if | |
| uses: azure/arm-deploy@v1 | |
| with: | |
| scope: subscription | |
| subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| region: ${{ env.region }} | |
| template: ${{ env.modulePath }}/main.bicep | |
| parameters: ${{ env.modulePath }}/main.parameters.jsonc | |
| failOnStdErr: false | |
| additionalArguments: "--what-if" | |
| # Deploy Bicep file | |
| - name: deploy | |
| uses: azure/arm-deploy@v1 | |
| with: | |
| scope: subscription | |
| subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| region: ${{ env.region }} | |
| template: ${{ env.modulePath }}/main.bicep | |
| parameters: ${{ env.modulePath }}/main.parameters.jsonc | |
| failOnStdErr: false | |
| # - name: Run Preflight Validation | |
| # working-directory: ${{ env.modulePath }} | |
| # run: | | |
| # az deployment sub validate \ | |
| # --location ${{ fromJson(env.config).AZURE_LOCATION }} \ | |
| # --parameters --template-file main.bicep | |
| # Deploy Bicep file, need to point parameters to the main.parameters.json location | |
| # - name: deploy | |
| # uses: azure/arm-deploy@v1 | |
| # with: | |
| # subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # scope: subscription | |
| # region: ${{ fromJson(env.config).AZURE_LOCATION }} | |
| # deploymentName: "${{ fromJson(env.config).DEPLOYMENT_NAME }}-${{ fromJson(env.config).AZURE_LOCATION }}" | |
| # template: ${{ env.modulePath }}/main.bicep | |
| # parameters: > | |
| # workloadName=${{ fromJson(env.config).RESOURCE_NAME_PREFIX }} environment=${{ fromJson(env.config).ENVIRONMENT_TAG }} | |
| # vmUsername=${{ fromJson(env.config).VM_USERNAME }} vmPassword=${{ secrets.VM_PW }} location=${{ fromJson(env.config).AZURE_LOCATION }} | |
| # accountName=${{ secrets.ACCOUNT_NAME }} personalAccessToken=${{ secrets.PAT }} CICDAgentType=${{ fromJson(env.config).CICD_AGENT_TYPE}} | |
| # createRedisResource=${{ fromJson(env.config).CREATE_REDIS_RESOURCE }} redisTier=${{ fromJson(env.config).REDIS_TIER }} |