67 lines
2.2 KiB
YAML
67 lines
2.2 KiB
YAML
name: "Deploy - sqlsecrot (Bicep)"
|
|
|
|
# run manually
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
# Set envs
|
|
env:
|
|
WORKDIR: "support/sqlsecretrotation/iac/bicep"
|
|
RESOURCES_SUFFIX: "sqlsecrot"
|
|
# RESOURCES_PREFIX: "devopsoh44707" # hardcoded or dynamic based on repo name
|
|
# LOCATION: "westus2" # hardcoded or get from secrets
|
|
|
|
# Set defaults for GitHub Actions runner
|
|
defaults:
|
|
run:
|
|
working-directory: "support/sqlsecretrotation/iac/bicep"
|
|
|
|
jobs:
|
|
deploy:
|
|
name: "Deploy"
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
# Checkout the repository to the GitHub Actions runner
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
|
|
# Get RESOURCES_PREFIX based on the repo name
|
|
- name: Get repo name
|
|
uses: actions/github-script@v5
|
|
id: resources_prefix
|
|
with:
|
|
result-encoding: string
|
|
script: return context.repo.repo.toLowerCase()
|
|
|
|
# Concat RG name
|
|
- name: Get resource group name
|
|
uses: actions/github-script@v5
|
|
id: resource_group_name
|
|
with:
|
|
result-encoding: string
|
|
script: |
|
|
const { RESOURCES_SUFFIX } = process.env
|
|
const repo_name = "${{ steps.resources_prefix.outputs.result }}"
|
|
return `${repo_name}${RESOURCES_SUFFIX}rg`
|
|
|
|
# Login to Azure with Service Principal
|
|
- name: "Azure Login"
|
|
uses: Azure/login@v1
|
|
with:
|
|
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
|
|
|
# Deploy
|
|
- name: "Deploy"
|
|
uses: Azure/cli@1.0.4
|
|
with:
|
|
inlineScript: |
|
|
if [ $(az group exists --name ${{ steps.resource_group_name.outputs.result }}) = false ]; then
|
|
az group create --name ${{ steps.resource_group_name.outputs.result }} --location ${{ secrets.LOCATION }}
|
|
fi
|
|
az deployment group create \
|
|
--name ${{ github.run_id }} \
|
|
--resource-group ${{ steps.resource_group_name.outputs.result }} \
|
|
--template-file ${{ env.WORKDIR }}/main.bicep \
|
|
--parameters keyVaultRgName='${{ steps.resources_prefix.outputs.result }}rg' keyVaultName='${{ steps.resources_prefix.outputs.result }}kv' resourcesPrefix='${{ steps.resources_prefix.outputs.result }}' resourcesSuffix='${{ env.RESOURCES_SUFFIX }}'
|