satomic
diff --git a/‎.azdo/pipelines/azure-dev.yml‎
Lines changed: 61 additions & 0 deletions b/‎.azdo/pipelines/azure-dev.yml‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎.github/workflows/azure-dev.yml‎
Lines changed: 62 additions & 0 deletions b/‎.github/workflows/azure-dev.yml‎
Lines changed: 62 additions & 0 deletions
@@ -0,0 +1,61 @@
+# Run when commits are pushed to main
+trigger:
+  - main
+
+pool:
+  vmImage: ubuntu-latest
+
+steps:
+  # setup-azd@0 needs to be manually installed in your organization
+  # if you can't install it, you can use the below bash script to install azd
+  # and remove this step
+  - task: setup-azd@1
+    displayName: Install azd
+
+  # If you can't install above task in your organization, you can comment it and uncomment below task to install azd
+  # - task: Bash@3
+  #   displayName: Install azd
+  #   inputs:
+  #     targetType: 'inline'
+  #     script: |
+  #       curl -fsSL https://aka.ms/install-azd.sh | bash
+
+  # azd delegate auth to az to use service connection with AzureCLI@2
+  - pwsh: |
+      azd config set auth.useAzCliAuth "true"
+    displayName: Configure AZD to Use AZ CLI Authentication.
+  - task: AzureCLI@2
+    displayName: Provision Infrastructure
+    inputs:
+      azureSubscription: DevOpsAzureRMConnection
+      scriptType: bash
+      scriptLocation: inlineScript
+      keepAzSessionActive: true
+      inlineScript: |
+        azd provision --no-prompt
+    env:
+      AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
+      AZURE_TENANT_ID: $(AZURE_TENANT_ID)
+      AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
+      AZURE_ENV_NAME: $(AZURE_ENV_NAME)
+      AZURE_LOCATION: $(AZURE_LOCATION)
+      GITHUB_ORGANIZATION_SLUGS: $(GH_ORGANIZATION_SLUGS)
+      AZURE_RESOURCE_GROUP: $(AZURE_RESOURCE_GROUP)
+      GITHUB_PAT: $(GH_PAT)
+      AZURE_AUTHENTICATION_ENABLED: $(AZURE_AUTHENTICATION_ENABLED)
+      AZURE_AUTHENTICATION_CLIENT_ID: $(AZURE_AUTHENTICATION_CLIENT_ID)
+      AZURE_AUTHENTICATION_OPEN_ID_ISSUER: $(AZURE_AUTHENTICATION_OPEN_ID_ISSUER)
+
+  - task: AzureCLI@2
+    displayName: Deploy Application
+    inputs:
+      azureSubscription: DevOpsAzureRMConnection
+      scriptType: bash
+      scriptLocation: inlineScript
+      keepAzSessionActive: true
+      inlineScript: |
+        azd deploy --no-prompt
+    env:
+      AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
+      AZURE_ENV_NAME: $(AZURE_ENV_NAME)
+      AZURE_LOCATION: $(AZURE_LOCATION)
@@ -0,0 +1,62 @@
+# Run when commits are pushed to ado-pipeline
+on:
+  workflow_dispatch:
+  push:
+    # Run when commits are pushed to mainline branch (main or master)
+    # Set this to the mainline branch you are using
+    branches:
+      - main
+
+# Set up permissions for deploying with secretless Azure federated credentials
+# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
+permissions:
+  id-token: write
+  contents: read
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+      AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+      AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+      AZURE_USER_PRINCIPAL_ID: ${{ secrets.AZURE_USER_PRINCIPAL_ID }}
+      GITHUB_ORGANIZATION_SLUGS: ${{ vars.GH_ORGANIZATION_SLUGS }}
+      AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
+      ASSIGN_PERMISSIONS_TO_PRINCIPAL: false
+      AZURE_AUTHENTICATION_ENABLED: ${{ vars.AZURE_AUTHENTICATION_ENABLED }}
+      AZURE_AUTHENTICATION_CLIENT_ID: ${{ secrets.AZURE_AUTHENTICATION_CLIENT_ID }}
+      AZURE_AUTHENTICATION_OPEN_ID_ISSUER: ${{ vars.AZURE_AUTHENTICATION_OPEN_ID_ISSUER }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install azd
+        uses: Azure/setup-azd@v2
+      - name: Log in with Azure (Federated Credentials)
+        run: |
+          azd auth login `
+            --client-id "$Env:AZURE_CLIENT_ID" `
+            --federated-credential-provider "github" `
+            --tenant-id "$Env:AZURE_TENANT_ID"
+        shell: pwsh
+
+      - name: Azure CLI Login (OIDC)
+        uses: azure/login@v2
+        with:
+          client-id: ${{ env.AZURE_CLIENT_ID }}
+          tenant-id: ${{ env.AZURE_TENANT_ID }}
+          subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Provision Infrastructure
+        run: azd provision --no-prompt
+        env:
+          GITHUB_PAT: ${{ secrets.GH_PAT }}
+
+      - name: Deploy Application
+        run: azd deploy --no-prompt
+        env:
+          GITHUB_PAT: ${{ secrets.GH_PAT }}
+