44 push :
55 branches :
66 - main
7+ workflow_dispatch :
8+ inputs :
9+ azure_location :
10+ description : ' Azure region for deployment'
11+ required : true
12+ type : choice
13+ default : ' canadacentral'
14+ options :
15+ - canadacentral
16+ - canadaeast
17+ - eastus
18+ - eastus2
19+ - westus
20+ - westus2
21+ - westeurope
22+ - northeurope
23+ instance_number :
24+ description : ' Instance number for resource naming'
25+ required : true
26+ type : string
27+ default : ' 002'
728
829permissions :
930 attestations : write
@@ -13,15 +34,107 @@ permissions:
1334 security-events : write
1435
1536env :
16- AZURE_WEBAPP_NAME : app-gh-aspnet-webapp-001 # set this to your application's name
37+ INSTANCE_NUMBER : ${{ github.event.inputs.instance_number || '002' }}
38+ AZURE_LOCATION : ${{ github.event.inputs.azure_location || 'canadacentral' }}
39+ AZURE_WEBAPP_NAME : app-gh-aspnet-webapp-${{ github.event.inputs.instance_number || '002' }}
1740 SRC_PROJECT_PATH : " /webapp01/webapp01.csproj"
18- AZURE_WEBAPP_PACKAGE_PATH : " ./src" # set this to the path to your web app project, defaults to the repository root
19- DOTNET_VERSION : " 9.0.x" # set this to the dot net version to use
20- AZURE_ACR_NAME : crdevsecopscldev001 # set this to your Azure Container Registry name
41+ AZURE_WEBAPP_PACKAGE_PATH : " ./src"
42+ DOTNET_VERSION : " 9.0.x"
43+ AZURE_ACR_NAME : crdevsecopscldev${{ github.event.inputs.instance_number || '002' }}
2144
2245jobs :
46+ deploy-infrastructure :
47+ name : Deploy Azure Infrastructure
48+ runs-on : ubuntu-latest
49+ outputs :
50+ acr_name : ${{ steps.deploy.outputs.acr_name }}
51+ webapp_name : ${{ steps.deploy.outputs.webapp_name }}
52+ webapp_url : ${{ steps.deploy.outputs.webapp_url }}
53+ steps :
54+ - uses : actions/checkout@v5
55+
56+ - name : Azure Login
57+ uses : azure/login@v2
58+ with :
59+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
60+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
61+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
62+
63+ - name : Deploy Bicep Infrastructure
64+ id : deploy
65+ shell : pwsh
66+ run : |
67+ $instanceNumber = "${{ env.INSTANCE_NUMBER }}"
68+ $location = "${{ env.AZURE_LOCATION }}"
69+
70+ # Calculate resource names based on instance number
71+ $acrName = "crdevsecopscldev$instanceNumber"
72+ $appServicePlanName = "asp-gh-aspnet-webapp-$instanceNumber"
73+ $webAppName = "app-gh-aspnet-webapp-$instanceNumber"
74+ $resourceGroupName = "rg-gh-aspnet-webapp-$instanceNumber"
75+ $containerImage = "$acrName.azurecr.io/webapp01:latest"
76+
77+ # Deployment name based only on instance number for idempotence
78+ $deploymentName = "deploy-infra-$instanceNumber"
79+
80+ Write-Host "=== Azure Infrastructure Deployment ===" -ForegroundColor Cyan
81+ Write-Host "Instance Number: $instanceNumber" -ForegroundColor Green
82+ Write-Host "Location: $location" -ForegroundColor Green
83+ Write-Host "ACR Name: $acrName" -ForegroundColor Green
84+ Write-Host "App Service Plan: $appServicePlanName" -ForegroundColor Green
85+ Write-Host "Web App Name: $webAppName" -ForegroundColor Green
86+ Write-Host "Resource Group: $resourceGroupName" -ForegroundColor Green
87+ Write-Host "Deployment Name: $deploymentName" -ForegroundColor Green
88+
89+ # Deploy using inline parameters instead of parameters file
90+ az deployment sub create `
91+ --name $deploymentName `
92+ --location $location `
93+ --template-file ./infra/main.bicep `
94+ --parameters acrName=$acrName `
95+ --parameters acrSku=Basic `
96+ --parameters appServicePlanName=$appServicePlanName `
97+ --parameters webAppName=$webAppName `
98+ --parameters location=$location `
99+ --parameters containerImage=$containerImage `
100+ --parameters resourceGroupName=$resourceGroupName
101+
102+ if ($LASTEXITCODE -ne 0) {
103+ Write-Error "Deployment failed with exit code: $LASTEXITCODE"
104+ exit $LASTEXITCODE
105+ }
106+
107+ Write-Host "Deployment completed successfully!" -ForegroundColor Green
108+
109+ # Set outputs for subsequent jobs
110+ echo "acr_name=$acrName" >> $env:GITHUB_OUTPUT
111+ echo "webapp_name=$webAppName" >> $env:GITHUB_OUTPUT
112+ echo "webapp_url=https://$webAppName.azurewebsites.net" >> $env:GITHUB_OUTPUT
113+
114+ name : Configure ACR Managed Identity
115+ shell : pwsh
116+ run : |
117+ $webAppName = "${{ steps.deploy.outputs.webapp_name }}"
118+ $resourceGroupName = "rg-gh-aspnet-webapp-${{ env.INSTANCE_NUMBER }}"
119+
120+ Write-Host "Configuring ACR managed identity authentication..." -ForegroundColor Yellow
121+
122+ # Verify ACR managed identity configuration
123+ $config = az webapp config show --name $webAppName --resource-group $resourceGroupName --query "acrUseManagedIdentityCreds" -o tsv
124+
125+ if ($config -ne "true") {
126+ Write-Host "Setting acrUseManagedIdentityCreds=true..." -ForegroundColor Cyan
127+ az webapp config set --name $webAppName --resource-group $resourceGroupName --generic-configurations '{"acrUseManagedIdentityCreds": true}'
128+ } else {
129+ Write-Host "ACR managed identity already configured" -ForegroundColor Green
130+ }
131+
132+ name : logout
133+ run : az logout
134+
23135 cicd :
24136 name : Build and Deploy to Azure Web App
137+ needs : deploy-infrastructure
25138 runs-on : ubuntu-latest
26139 steps :
27140 # Checkout the repo
0 commit comments