Pamela Fox
commited on
Commit
·
d9e656a
1
Parent(s):
e04d5c2
Update azd pipeline
Browse files- .github/workflows/azure-dev.yaml +21 -15
.github/workflows/azure-dev.yaml
CHANGED
@@ -1,11 +1,16 @@
|
|
1 |
-
name: Azure Developer CLI
|
2 |
-
|
3 |
on:
|
4 |
workflow_dispatch:
|
5 |
push:
|
|
|
|
|
6 |
branches:
|
7 |
- main
|
8 |
|
|
|
|
|
|
|
|
|
|
|
9 |
permissions:
|
10 |
id-token: write
|
11 |
contents: read
|
@@ -14,9 +19,9 @@ jobs:
|
|
14 |
build:
|
15 |
runs-on: ubuntu-latest
|
16 |
env:
|
17 |
-
AZURE_CLIENT_ID: ${{
|
18 |
-
AZURE_TENANT_ID: ${{
|
19 |
-
AZURE_SUBSCRIPTION_ID: ${{
|
20 |
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
|
21 |
steps:
|
22 |
- name: Checkout
|
@@ -28,7 +33,7 @@ jobs:
|
|
28 |
- name: Log in with Azure (Federated Credentials)
|
29 |
if: ${{ env.AZURE_CLIENT_ID != '' }}
|
30 |
run: |
|
31 |
-
azd login `
|
32 |
--client-id "$Env:AZURE_CLIENT_ID" `
|
33 |
--federated-credential-provider "github" `
|
34 |
--tenant-id "$Env:AZURE_TENANT_ID"
|
@@ -39,7 +44,8 @@ jobs:
|
|
39 |
run: |
|
40 |
$info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
|
41 |
Write-Host "::add-mask::$($info.clientSecret)"
|
42 |
-
|
|
|
43 |
--client-id "$($info.clientId)" `
|
44 |
--client-secret "$($info.clientSecret)" `
|
45 |
--tenant-id "$($info.tenantId)"
|
@@ -47,16 +53,16 @@ jobs:
|
|
47 |
env:
|
48 |
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
|
49 |
|
50 |
-
- name:
|
51 |
run: azd provision --no-prompt
|
52 |
env:
|
53 |
-
AZURE_ENV_NAME: ${{
|
54 |
-
AZURE_LOCATION: ${{
|
55 |
-
AZURE_SUBSCRIPTION_ID: ${{
|
56 |
|
57 |
-
- name:
|
58 |
run: azd deploy --no-prompt
|
59 |
env:
|
60 |
-
AZURE_ENV_NAME: ${{
|
61 |
-
AZURE_LOCATION: ${{
|
62 |
-
AZURE_SUBSCRIPTION_ID: ${{
|
|
|
|
|
|
|
1 |
on:
|
2 |
workflow_dispatch:
|
3 |
push:
|
4 |
+
# Run when commits are pushed to mainline branch (main or master)
|
5 |
+
# Set this to the mainline branch you are using
|
6 |
branches:
|
7 |
- main
|
8 |
|
9 |
+
# GitHub Actions workflow to deploy to Azure using azd
|
10 |
+
# To configure required secrets for connecting to Azure, simply run `azd pipeline config`
|
11 |
+
|
12 |
+
# Set up permissions for deploying with secretless Azure federated credentials
|
13 |
+
# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
|
14 |
permissions:
|
15 |
id-token: write
|
16 |
contents: read
|
|
|
19 |
build:
|
20 |
runs-on: ubuntu-latest
|
21 |
env:
|
22 |
+
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
|
23 |
+
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
|
24 |
+
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
25 |
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
|
26 |
steps:
|
27 |
- name: Checkout
|
|
|
33 |
- name: Log in with Azure (Federated Credentials)
|
34 |
if: ${{ env.AZURE_CLIENT_ID != '' }}
|
35 |
run: |
|
36 |
+
azd auth login `
|
37 |
--client-id "$Env:AZURE_CLIENT_ID" `
|
38 |
--federated-credential-provider "github" `
|
39 |
--tenant-id "$Env:AZURE_TENANT_ID"
|
|
|
44 |
run: |
|
45 |
$info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
|
46 |
Write-Host "::add-mask::$($info.clientSecret)"
|
47 |
+
|
48 |
+
azd auth login `
|
49 |
--client-id "$($info.clientId)" `
|
50 |
--client-secret "$($info.clientSecret)" `
|
51 |
--tenant-id "$($info.tenantId)"
|
|
|
53 |
env:
|
54 |
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
|
55 |
|
56 |
+
- name: Provision Infrastructure
|
57 |
run: azd provision --no-prompt
|
58 |
env:
|
59 |
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
|
60 |
+
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
|
61 |
+
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
62 |
|
63 |
+
- name: Deploy Application
|
64 |
run: azd deploy --no-prompt
|
65 |
env:
|
66 |
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
|
67 |
+
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
|
68 |
+
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|