azuredeployment

sayedms · sayedms · commit 7094494688b9 · 2024-10-30T11:15:31.000+01:00
diff --git a/.github/workflows/AzureDeployment.yml b/.github/workflows/AzureDeployment.yml
@@ -1,52 +1,35 @@
-  # We only want to run this script manually.
-  on:
-    workflow_dispatch
+name: Azure Bicep
 
-  # Environment variables are defined in an "env" section.
-  # We set the target environment to dev.
-  # Open the deploy-advanced.yml file to see how we can accept user input
-  # instead of needing to change this file to switch environments.
-  env:
-    targetEnv: dev
+on:
+  workflow_dispatch
 
-  # The overall workflow name will be Azure Bicep. This will show up in the
-  # GitHub Action page.
-  name: Azure Bicep
-  jobs:
-    # This script has one job: build and deploy the IaC resources
-    build-and-deploy:
-      # We run this on an Ubuntu-based GitHub hosted runner. This hosted runner
-      # has certain software already installed, including az cli
-      runs-on: ubuntu-latest
-      steps:
-      # Check out the code. This grabs code from the repository and
-      # makes it available to the GitHub hosted runner. It will usually be the
-      # first task for any workflow
-      - uses: actions/checkout@main
+env:
+  targetEnv: dev
 
-        # Log into Azure using a federated credential. We have already set up the
-        # federation process in a prior step, so we need to pass in the following:
-        # Client ID = Application registration ID
-        # Tenant ID = Application owner organization ID (previously called Tenant ID in Azure)
-        # Subscription ID
-        # https://github.com/azure/login
-      - uses: azure/login@v2.1.1
-        with:
-          client-id: $
-          tenant-id: $
-          subscription-id: $
-          # We also need to ensure that enable-AzPSSession is true. This is important for
-          # using OIDC in Azure. If we were to pass in a client secret instead, we would not need
-          # this setting enabled
-          enable-AzPSSession: true
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    steps:
+    # Checkout code
+    - uses: actions/checkout@main
 
-        # Deploy ARM template
-      - name: Run ARM deploy
-        # https://github.com/azure/arm-deploy
-        uses: azure/arm-deploy@v1
-        with:
-          subscriptionId: $
-          resourceGroupName: $
-          template: ./InfrastructureAsCode/main.bicep
-          # Use the environment variable called targetEnv
-          parameters: environment=$
+      # Log into Azure
+    - uses: azure/login@v2.1.1
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        enable-AzPSSession: true
+
+      # Deploy ARM template
+    - name: Run ARM deploy
+      uses: azure/arm-deploy@v1
+      with:
+        subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        resourceGroupName: ${{ secrets.AZURE_RG }}
+        template: ./src/InfrastructureAsCode/main.bicep
+        parameters: environment=${{ env.targetEnv }}
