Update deploy.yml

Author: sven-pohl

.github/workflows/deploy.yml

@@ -1,51 +1,35 @@
-# We only want to run this script manually.
-on: workflow_dispatch
+name: Azure Bicep
+
+on:
+  workflow_dispatch
 
-# Environment variables are defined in an "env" section.
-# We set the target environment to dev.
-# Open the deploy-advanced.yml file to see how we can accept user input
-# instead of needing to change this file to switch environments.
 env:
   targetEnv: dev
 
-# The overall workflow name will be Azure Bicep. This will show up in the
-# GitHub Action page.
-name: Azure Bicep
 jobs:
-  # This script has one job: build and deploy the IaC resources
   build-and-deploy:
-    # We run this on an Ubuntu-based GitHub hosted runner. This hosted runner
-    # has certain software already installed, including az cli
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
     steps:
-      # Check out the code. This grabs code from the repository and
-      # makes it available to the GitHub hosted runner. It will usually be the
-      # first task for any workflow
-      - uses: actions/checkout@main
+    # Checkout code
+    - uses: actions/checkout@main
 
-        # Log into Azure using a federated credential. We have already set up the
-        # federation process in a prior step, so we need to pass in the following:
-        # Client ID = Application registration ID
-        # Tenant ID = Application owner organization ID (previously called Tenant ID in Azure)
-        # Subscription ID
-        # https://github.com/azure/login
-      - uses: azure/[email protected]
-        with:
-          client-id: $
-          tenant-id: $
-          subscription-id: $
-          # We also need to ensure that enable-AzPSSession is true. This is important for
-          # using OIDC in Azure. If we were to pass in a client secret instead, we would not need
-          # this setting enabled
-          enable-AzPSSession: true
+      # Log into Azure
+    - uses: azure/[email protected]
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        enable-AzPSSession: true
 
-        # Deploy ARM template
-      - name: Run ARM deploy
-        # https://github.com/azure/arm-deploy
-        uses: azure/arm-deploy@v1
-        with:
-          subscriptionId: $
-          resourceGroupName: $
-          template: ./InfrastructureAsCode/main.bicep
-          # Use the environment variable called targetEnv
-          parameters: environment=$
+      # Deploy ARM template
+    - name: Run ARM deploy
+      uses: azure/arm-deploy@v1
+      with:
+        subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        resourceGroupName: ${{ secrets.AZURE_RG }}
+        template: ./src/InfrastructureAsCode/main.bicep
+        parameters: environment=${{ env.targetEnv }}