1+ on :
2+ workflow_dispatch :
3+ push :
4+ branches :
5+ - main
6+
7+ permissions :
8+ id-token : write
9+ contents : read
10+ actions : read
11+ security-events : write
12+
13+ jobs :
14+ deploy :
15+ runs-on : ubuntu-latest
16+ env :
17+ AZURE_CLIENT_ID : ${{ vars.AZURE_CLIENT_ID }}
18+ AZURE_TENANT_ID : ${{ vars.AZURE_TENANT_ID }}
19+ AZURE_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
20+ AZURE_ENV_NAME : ${{ vars.AZURE_ENV_NAME }}
21+ AZURE_LOCATION : ${{ vars.AZURE_LOCATION }}
22+
23+ steps :
24+ - name : Checkout
25+ uses : actions/checkout@v4
26+
27+ - name : Install azd
28+ uses : Azure/setup-azd@v1.0.0
29+
30+ # - name: Run Microsoft Security DevOps Analysis
31+ # uses: microsoft/security-devops-action@v1
32+ # id: msdo
33+ # with:
34+ # tools: templateanalyzer
35+
36+ # - name: Upload results to Security tab
37+ # uses: github/codeql-action/upload-sarif@v2
38+ # with:
39+ # sarif_file: ${{ steps.msdo.outputs.sarifFile }}
40+
41+ - name : Log in with Azure (Federated Credentials)
42+ if : ${{ env.AZURE_CLIENT_ID != '' }}
43+ run : |
44+ azd auth login `
45+ --client-id "$Env:AZURE_CLIENT_ID" `
46+ --federated-credential-provider "github" `
47+ --tenant-id "$Env:AZURE_TENANT_ID"
48+ shell : pwsh
49+
50+ - name : Provision Infrastructure
51+ run : azd provision --no-prompt
52+ env :
53+ AZURE_ENV_NAME : ${{ vars.AZURE_ENV_NAME }}
54+ AZURE_LOCATION : ${{ vars.AZURE_LOCATION }}
55+ AZURE_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
56+ CREATE_ROLE_FOR_USER : false
57+
58+ - name : Deploy Application
59+ run : azd deploy --no-prompt
60+ env :
61+ AZURE_ENV_NAME : ${{ vars.AZURE_ENV_NAME }}
62+ AZURE_LOCATION : ${{ vars.AZURE_LOCATION }}
63+ AZURE_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
0 commit comments