deploy-infra #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy-infra | |
| run-name: ${{ github.workflow }} | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - "bicep/**" | |
| - "ps-rule.yaml" | |
| - ".github/workflows/deploy_infra.yaml" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| env: | |
| BICEP_DIR: bicep | |
| jobs: | |
| psrule-scan: | |
| name: psrule-scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| issues: read | |
| checks: write | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Bicep build | |
| run: az bicep build --file ${{ env.BICEP_DIR }}/main.bicep --outfile ${{ env.BICEP_DIR }}/main.json | |
| - name: Run PSRule | |
| uses: microsoft/ps-rule@v2.9.0 | |
| with: | |
| modules: "PSRule.Rules.Azure" | |
| inputPath: ${{ env.BICEP_DIR }}/main*.json | |
| outputFormat: NUnit3 | |
| outputPath: psrule-results-${{ github.run_number }}.xml | |
| summary: true | |
| - name: Publish scan results | |
| uses: EnricoMi/publish-unit-test-result-action@v2.7.0 | |
| if: always() | |
| with: | |
| check_name: PSRule Scan Results | |
| nunit_files: psrule-results-${{ github.run_number }}.xml | |
| comment_mode: always | |
| fail_on: test failures | |
| action_fail: false | |
| ignore_runs: false | |
| job_summary: false | |
| compare_to_earlier_commit: true | |
| check_run_annotations: all tests, skipped tests | |
| deploy-development: | |
| name: deploy-development | |
| needs: psrule-scan | |
| runs-on: ubuntu-latest | |
| environment: development-infrastructure | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ${{ env.BICEP_DIR }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Azure login | |
| uses: Azure/login@v2 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Lint template | |
| run: az bicep build --file main.bicep | |
| - name: Validate template | |
| run: | | |
| az stack sub validate \ | |
| --name "${{ vars.DEPLOYMENT_STACK_NAME }}" \ | |
| --location "${{ vars.LOCATION }}" \ | |
| --template-file main.bicep \ | |
| --parameters environments/development.bicepparam \ | |
| --action-on-unmanage 'deleteAll' \ | |
| --deny-settings-mode 'none' | |
| - name: Deploy template | |
| run: | | |
| az stack sub create \ | |
| --name "${{ vars.DEPLOYMENT_STACK_NAME }}" \ | |
| --location "${{ vars.LOCATION }}" \ | |
| --template-file main.bicep \ | |
| --parameters environments/development.bicepparam \ | |
| --action-on-unmanage 'deleteAll' \ | |
| --deny-settings-mode 'none' \ | |
| --yes | |
| deploy-production: | |
| name: deploy-production | |
| needs: deploy-development | |
| runs-on: ubuntu-latest | |
| environment: production-infrastructure | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ${{ env.BICEP_DIR }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Azure login | |
| uses: Azure/login@v2 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Lint template | |
| run: az bicep build --file main.bicep | |
| - name: Validate template | |
| run: | | |
| az stack sub validate \ | |
| --name "${{ vars.DEPLOYMENT_STACK_NAME }}" \ | |
| --location "${{ vars.LOCATION }}" \ | |
| --template-file main.bicep \ | |
| --parameters environments/production.bicepparam \ | |
| --action-on-unmanage 'deleteAll' \ | |
| --deny-settings-mode 'none' | |
| - name: Deploy template | |
| run: | | |
| az stack sub create \ | |
| --name "${{ vars.DEPLOYMENT_STACK_NAME }}" \ | |
| --location "${{ vars.LOCATION }}" \ | |
| --template-file main.bicep \ | |
| --parameters environments/production.bicepparam \ | |
| --action-on-unmanage 'deleteAll' \ | |
| --deny-settings-mode 'none' \ | |
| --yes |