Update CI/CD workflow and parameters for Azure deployment

emmanuelknafo · emmanuelknafo · commit d387fbb16803 · 2026-01-18T09:56:30.000-05:00
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -13,10 +13,11 @@ permissions:
   security-events: write
 
 env:
-  AZURE_WEBAPP_NAME: app-gh-aspnet-webapp-01    # set this to your application's name
-  SRC_PROJECT_PATH: '/webapp01/webapp01.csproj' 
-  AZURE_WEBAPP_PACKAGE_PATH: './src'            # set this to the path to your web app project, defaults to the repository root
-  DOTNET_VERSION: '9.0.x'                       # set this to the dot net version to use
+  AZURE_WEBAPP_NAME: app-gh-aspnet-webapp-01 # set this to your application's name
+  SRC_PROJECT_PATH: "/webapp01/webapp01.csproj"
+  AZURE_WEBAPP_PACKAGE_PATH: "./src" # set this to the path to your web app project, defaults to the repository root
+  DOTNET_VERSION: "9.0.x" # set this to the dot net version to use
+  AZURE_ACR_NAME: crdevsecopscldev01 # set this to your Azure Container Registry name
 
 jobs:
   cicd:
@@ -25,55 +26,55 @@ jobs:
     steps:
       # Checkout the repo
       - uses: actions/checkout@v5
-      
+
       # Setup .NET Core SDK
       - name: Setup .NET Core
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: ${{ env.DOTNET_VERSION }} 
-      
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
       # Run dotnet build and publish
       - name: dotnet build and publish
         run: |
           dotnet restore ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }}
           dotnet build --configuration Release ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }}
           dotnet publish -c Release --property:PublishDir='bin/publish' ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }}
-      
+
       - name: Azure Login
         uses: azure/login@v2
         with:
-            client-id: ${{ secrets.AZURE_CLIENT_ID }}
-            tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-            subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-            
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
       # Deploy to Azure Web apps
-      - name: 'Run Azure webapp deploy action using publish profile credentials'
-        if: false  # This disables the action
+      - name: "Run Azure webapp deploy action using publish profile credentials"
+        if: false # This disables the action
         uses: azure/webapps-deploy@v3
-        with: 
+        with:
           app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
-          package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/webapp01/bin/publish'
-      
+          package: "${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/webapp01/bin/publish"
+
       - uses: azure/docker-login@v2
         with:
-          login-server: crdevsecopscldev.azurecr.io
+          login-server: ${{ env.AZURE_ACR_NAME }}.azurecr.io
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
       - run: |
-          docker build ./src/webapp01 --file ./src/webapp01/Dockerfile -t crdevsecopscldev.azurecr.io/webapp01:${{ github.sha }}
-          docker push crdevsecopscldev.azurecr.io/webapp01:${{ github.sha }}     
-    
+          docker build ./src/webapp01 --file ./src/webapp01/Dockerfile -t ${{ env.AZURE_ACR_NAME }}.azurecr.io/webapp01:${{ github.sha }}
+          docker push ${{ env.AZURE_ACR_NAME }}.azurecr.io/webapp01:${{ github.sha }}
+
       - name: Azure Web Apps Deploy
         uses: azure/webapps-deploy@v3
         with:
           app-name: ${{ env.AZURE_WEBAPP_NAME }}
-          images: 'crdevsecopscldev.azurecr.io/webapp01:${{ github.sha }}'
-          
+          images: "${{ env.AZURE_ACR_NAME }}.azurecr.io/webapp01:${{ github.sha }}"
+
       - name: logout
         run: |
           az logout
- 
-  # https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3          
+
+  # https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3
   container-build-publish:
     name: Build and Publish Container Image
     needs: []
@@ -83,4 +84,4 @@ jobs:
       version: v1.0.0
       container-file: ./src/webapp01/Dockerfile
       container-context: ./src/webapp01
-      container-name: "${{ github.repository }}/webapp01"
+      container-name: "${{ github.repository }}/webapp01"
diff --git a/infra/deploy.ps1 b/infra/deploy.ps1
@@ -0,0 +1,120 @@
+<#
+.SYNOPSIS
+    Deploys Azure infrastructure using Bicep templates.
+
+.DESCRIPTION
+    This script deploys the Azure infrastructure defined in main.bicep
+    using the parameters from main.parameters.json.
+
+.PARAMETER ParameterFile
+    Path to the parameters file. Defaults to main.parameters.json.
+
+.PARAMETER Location
+    Azure region for deployment. Defaults to canadacentral.
+
+.PARAMETER DeploymentName
+    Name of the deployment. Defaults to a timestamped name.
+
+.PARAMETER WhatIf
+    Performs a what-if operation without actually deploying.
+
+.EXAMPLE
+    .\deploy.ps1
+
+.EXAMPLE
+    .\deploy.ps1 -Location "eastus" -WhatIf
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $false)]
+    [string]$ParameterFile = "main.parameters.json",
+
+    [Parameter(Mandatory = $false)]
+    [string]$Location = "canadacentral",
+
+    [Parameter(Mandatory = $false)]
+    [string]$DeploymentName = "deploy-$(Get-Date -Format 'yyyyMMdd-HHmmss')",
+
+    [Parameter(Mandatory = $false)]
+    [switch]$WhatIf
+)
+
+$ErrorActionPreference = "Stop"
+
+# Get the script directory
+$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
+
+# Resolve paths
+$BicepFile = Join-Path $ScriptDir "main.bicep"
+$ParameterFilePath = Join-Path $ScriptDir $ParameterFile
+
+# Validate files exist
+if (-not (Test-Path $BicepFile)) {
+    Write-Error "Bicep file not found: $BicepFile"
+    exit 1
+}
+
+if (-not (Test-Path $ParameterFilePath)) {
+    Write-Error "Parameter file not found: $ParameterFilePath"
+    exit 1
+}
+
+# Check if Azure CLI is installed
+if (-not (Get-Command az -ErrorAction SilentlyContinue)) {
+    Write-Error "Azure CLI is not installed. Please install it from https://docs.microsoft.com/cli/azure/install-azure-cli"
+    exit 1
+}
+
+# Check if logged in to Azure
+$account = az account show 2>$null | ConvertFrom-Json
+if (-not $account) {
+    Write-Host "Not logged in to Azure. Please log in..." -ForegroundColor Yellow
+    az login
+    if ($LASTEXITCODE -ne 0) {
+        Write-Error "Failed to log in to Azure"
+        exit 1
+    }
+}
+
+Write-Host "=== Azure Infrastructure Deployment ===" -ForegroundColor Cyan
+Write-Host "Subscription: $($account.name)" -ForegroundColor Green
+Write-Host "Bicep File: $BicepFile" -ForegroundColor Green
+Write-Host "Parameters: $ParameterFilePath" -ForegroundColor Green
+Write-Host "Location: $Location" -ForegroundColor Green
+Write-Host "Deployment: $DeploymentName" -ForegroundColor Green
+Write-Host ""
+
+if ($WhatIf) {
+    Write-Host "Running What-If analysis..." -ForegroundColor Yellow
+    az deployment sub what-if `
+        --name $DeploymentName `
+        --location $Location `
+        --template-file $BicepFile `
+        --parameters @$ParameterFilePath
+}
+else {
+    Write-Host "Starting deployment..." -ForegroundColor Yellow
+    az deployment sub create `
+        --name $DeploymentName `
+        --location $Location `
+        --template-file $BicepFile `
+        --parameters @$ParameterFilePath
+
+    if ($LASTEXITCODE -eq 0) {
+        Write-Host ""
+        Write-Host "Deployment completed successfully!" -ForegroundColor Green
+        
+        # Show deployment outputs
+        Write-Host ""
+        Write-Host "Deployment outputs:" -ForegroundColor Cyan
+        az deployment sub show `
+            --name $DeploymentName `
+            --query "properties.outputs" `
+            --output table
+    }
+    else {
+        Write-Error "Deployment failed with exit code: $LASTEXITCODE"
+        exit $LASTEXITCODE
+    }
+}
diff --git a/infra/main.parameters.json b/infra/main.parameters.json
@@ -3,25 +3,25 @@
   "contentVersion": "1.0.0.0",
   "parameters": {
     "acrName": {
-      "value": "acrwebapp01dev"
+      "value": "crdevsecopscldev01"
     },
     "acrSku": {
       "value": "Basic"
     },
     "appServicePlanName": {
-      "value": "aspwebapp01dev"
+      "value": "asp-gh-aspnet-webapp-01"
     },
     "webAppName": {
-      "value": "webapp01dev"
+      "value": "app-gh-aspnet-webapp-01"
     },
     "location": {
       "value": "canadacentral"
     },
     "containerImage": {
-      "value": "acrwebapp01dev.azurecr.io/webapp01:latest"
+      "value": "crdevsecopscldev01.azurecr.io/webapp01:latest"
     },
     "resourceGroupName": {
-      "value": "rg-webapp01-dev"
+      "value": "rg-gh-aspnet-webapp-01"
     }
   }
 }
