Demo CI/CD Pipeline for Azure Infrastructure Deployment

This repository demonstrates a comprehensive CI/CD pipeline for Azure infrastructure deployment using GitHub Actions. The pipeline showcases enterprise-grade DevOps practices including change management, JIRA integration, FinOps tagging, and multi-environment deployment strategies.

🎯 Overview

The pipeline automates the deployment of a multi-tier Azure infrastructure consisting of:

• 1 Bastion Host (with public IP for secure access)
• 3 Web Servers (load balanced)
• 2 Application Servers (high availability)
• 2 Database Servers (Windows SQL Server + Linux MySQL)
• Key Vault for credential management

🚀 Pipeline Features

Core Capabilities

• ✅ JIRA Integration: Automatic ticket validation and updates
• ✅ Change Management: ServiceNow change request automation
• ✅ FinOps Compliance: Automatic resource tagging for cost tracking
• ✅ Multi-Environment: Support for development, staging, and production
• ✅ Failure Simulation: Built-in failure scenarios for testing
• ✅ Comprehensive Reporting: Deployment reports and notifications

Pipeline Stages

1. 🎫 JIRA Validation

   • Extracts JIRA issue from commit message
   • Retrieves FinOps story details and tags
   • Validates project requirements

2. 🔧 Release Variables Setup

   • Generates standardized Azure resource names
   • Creates VM naming conventions
   • Compiles infrastructure inventory

3. 📝 Change Management

   • Creates standard change request in ServiceNow
   • Waits for CAB approval
   • Manages implementation window

4. 🏗️ Infrastructure Build

   • Terraform-based Azure resource deployment
   • Parallel VM and database installation
   • Resource tagging for compliance

5. 📮 Post-Deployment

   • JIRA ticket updates
   • Multi-channel notifications (Email, Slack, Teams)
   • Change request closure

🎮 Usage

Manual Trigger with Options

The pipeline can be manually triggered with these parameters:

environment: 
  - development (default)
  - staging  
  - production

simulate_failure:
  - none (default)
  - jira
  - change_request
  - terraform
  - post_deploy

Automatic Triggers

• Push to main, develop, or demo branches
• Pull Request to main branch

Running the Demo

1. Navigate to Actions tab in GitHub
2. Select "Demo - Azure Infrastructure Deployment Pipeline"
3. Click "Run workflow"
4. Choose environment and optional failure simulation
5. Click "Run workflow" to start

🔄 Pipeline Flow

graph TB
    subgraph "🚀 Trigger"
        A[Push to Branch] --> D[Pipeline Start]
        B[Pull Request] --> D
        C[Manual Dispatch] --> D
    end

    subgraph "🎫 Stage 1: Check Jira"
        D --> E[Extract Jira Issue ID]
        E --> F[Get FinOps Story Details]
        F --> G[Retrieve FinOps Tags]
        G --> H{IIC Project?}
        H -->|Yes| I[Get Additional IIC Tags]
        H -->|No| J[Continue]
        I --> J
    end

    subgraph "🔧 Stage 2: Release Variables Setup"
        J --> K[Generate Resource Names]
        K --> L[Generate VM Names]
        L --> M[Create Naming Convention]
        M --> N[Output JSON Variables]
    end

    subgraph "📝 Stage 3: Standard Change Creation"
        N --> O[Create ServiceNow CR]
        O --> P[Wait for CAB Approval]
        P --> Q{Approved?}
        Q -->|No| R[Pipeline Fails]
        Q -->|Yes| S[Continue to Build]
    end

    subgraph "🏗️ Stage 4: Build Infrastructure"
        S --> T[Terraform Init]
        T --> U[Terraform Validate]
        U --> V[Terraform Plan]
        V --> W[Terraform Apply]
        W --> X[Deploy Azure Resources]
        
        subgraph "☁️ Resources Created"
            X --> Y1[Resource Group]
            X --> Y2[Virtual Network]
            X --> Y3[Subnets & NSGs]
            X --> Y4[VMs: Bastion Host]
            X --> Y5[VMs: Web Tier x3]
            X --> Y6[VMs: App Tier x2]
            X --> Y7[VMs: Database x2]
            X --> Y8[Key Vault]
            X --> Y9[Apply FinOps Tags]
        end
        
        Y9 --> Z[Install SQL on VMs]
        Z --> AA[Generate Deployment Report]
    end

    subgraph "📮 Stage 5: Post-Deployment"
        AA --> AB[Update Jira Ticket]
        AB --> AC[Send Notifications]
        AC --> AD[Close ServiceNow CR]
        AD --> AE[Pipeline Complete ✅]
    end

    subgraph "❌ Failure Path"
        R --> AF[Send Failure Notifications]
        AF --> AG[Update Jira with Failure]
        AG --> AH[Close CR as Failed]
        AH --> AI[Pipeline Failed ❌]
    end

    %% Failure simulation paths
    E -.->|simulate_failure=jira| AF
    P -.->|simulate_failure=change_request| AF
    W -.->|simulate_failure=terraform| AF
    AC -.->|simulate_failure=post_deploy| AF

    %% Styling with better contrast
    classDef trigger fill:#e1f5fe,stroke:#01579b,stroke-width:2px,color:#000000
    classDef process fill:#f3e5f5,stroke:#4a148c,stroke-width:1px,color:#000000
    classDef decision fill:#fff3e0,stroke:#e65100,stroke-width:2px,color:#000000
    classDef success fill:#a5d6a7,stroke:#2e7d32,stroke-width:2px,color:#000000
    classDef failure fill:#ef5350,stroke:#c62828,stroke-width:2px,color:#ffffff
    classDef resource fill:#e8f5e8,stroke:#388e3c,stroke-width:1px,color:#000000

    class A,B,C trigger
    class D,S,X success
    class H,Q decision
    class AE success
    class R,AF,AG,AH,AI failure
    class Y1,Y2,Y3,Y4,Y5,Y6,Y7,Y8,Y9 resource

Loading

🏷️ FinOps Integration

The pipeline automatically applies standardized tags to all Azure resources:

{
  "CostCenter": "IT-001",
  "ProjectCode": "FINOPS-2024", 
  "Department": "Platform-Engineering",
  "Environment": "development|staging|production",
  "Owner": "[email protected]",
  "Purpose": "Demo-Pipeline"
}

📊 Expected Outputs

Successful Run

• Duration: ~5 minutes
• Resources Created: 25 Azure resources
• Estimated Monthly Cost: $2,450
• Notifications: Email, Slack, Teams alerts
• Reports: Deployment summary with infrastructure details

Deployment Report Contents

• Pipeline execution summary
• Change management tracking
• Infrastructure inventory
• Cost estimates
• Next steps checklist

🎪 Demo Scenarios

1. Successful Deployment

• Default run with no failure simulation
• All stages complete successfully
• Full infrastructure deployed

2. JIRA API Failure

• Set simulate_failure: jira
• Pipeline fails at JIRA validation stage
• Demonstrates error handling

3. Change Request Rejection

• Set simulate_failure: change_request
• Simulates CAB rejection
• Shows change management integration

4. Terraform Deployment Failure

• Set simulate_failure: terraform
• Infrastructure deployment fails
• Error handling and cleanup demonstrated

5. Post-Deployment Issues

• Set simulate_failure: post_deploy
• Notification system failures
• Shows monitoring and alerting

📁 Repository Structure

.
├── .github/
│   └── workflows/
│       └── demo-az-pipeline.yml    # Main pipeline definition
└── README.md                       # This documentation

🔧 Technical Details

Prerequisites (Simulated)

• Azure Service Principal with appropriate permissions
• Terraform 1.5.0+
• JIRA API access
• ServiceNow integration
• Notification channels (Email, Slack, Teams)

Resource Naming Convention

• Format: {resource-type}-{purpose}-{env}-{timestamp}-{instance}
• Example: vm-web-dev-20240715-1
• Resource Group: rg-demo-dev-20240715

Security Features

• Key Vault for credential management
• Network security groups for each tier
• Bastion host for secure access
• Private subnets for application tiers

🚨 Important Notes

⚠️ This is a demonstration pipeline - it simulates Azure deployments without actually creating real resources or incurring costs.

⚠️ No real integrations - JIRA, ServiceNow, and notification systems are simulated for demo purposes.

⚠️ Educational purpose - Designed to showcase enterprise DevOps patterns and best practices.

📚 Learning Outcomes

This demo demonstrates:

• Enterprise CI/CD pipeline design
• Infrastructure as Code (IaC) practices
• Change management integration
• FinOps and cost management
• Security and compliance automation
• Error handling and monitoring
• Multi-environment deployment strategies