diff --git a/.github/workflows/10-dotnet.yml b/.github/workflows/10-dotnet.yml index ed0a5cb..c0da5ff 100644 --- a/.github/workflows/10-dotnet.yml +++ b/.github/workflows/10-dotnet.yml @@ -12,7 +12,11 @@ on: paths: - '!**' - 'dotnet-sample/**' - + +permissions: + id-token: write + contents: read + defaults: run: working-directory: dotnet-sample @@ -72,15 +76,17 @@ jobs: # Log into Azure - uses: azure/login@v1 + name: Sign in to Azure with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} # Deploy Bicep file - name: deploy id: deploy uses: azure/arm-deploy@v1 with: - subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./iac/main.bicep parameters: webAppName=${{ secrets.AZURE_APP_NAME }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..a4d52f1 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,15 @@ +name: lint + +on: + workflow_call: + +jobs: + lint: + name: Lint code + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Lint code + run: | + az bicep build --file bicep/main.bicep \ No newline at end of file diff --git a/.github/workflows/pr-closed.yml b/.github/workflows/pr-closed.yml new file mode 100644 index 0000000..7293475 --- /dev/null +++ b/.github/workflows/pr-closed.yml @@ -0,0 +1,31 @@ +name: pr-closed +concurrency: ${{ github.event.number }} + +on: + pull_request: + types: [closed] + +permissions: + id-token: write + contents: read + +env: + resourceGroupName: pr_${{ github.event.number }} + +jobs: + remove: + runs-on: ubuntu-latest + steps: + - uses: azure/login@v1 + name: Sign in to Azure + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: Azure/cli@v1 + name: Delete resource group + with: + inlineScript: | + az group delete \ + --name ${{ env.resourceGroupName }} \ + --yes \ No newline at end of file diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml new file mode 100644 index 0000000..36f089e --- /dev/null +++ b/.github/workflows/pr-validation.yml @@ -0,0 +1,47 @@ +name: pr-validation +concurrency: ${{ github.event.number }} + +on: pull_request + +permissions: + id-token: write + contents: read + +env: + resourceGroupName: pr_${{ github.event.number }} + resourceGroupLocation: eastus + +jobs: + lint: + uses: ./.github/workflows/lint.yml + + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: azure/login@v1 + name: Sign in to Azure + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: Azure/cli@v1 + name: Create resource group + with: + inlineScript: | + az group create \ + --name ${{ env.resourceGroupName }} \ + --location ${{ env.resourceGroupLocation }} + - uses: azure/arm-deploy@v1 + id: deploy + name: Deploy Bicep file + with: + failOnStdErr: false + deploymentName: ${{ github.run_number }} + resourceGroupName: ${{ env.resourceGroupName }} + template: ./bicep/main.bicep + parameters: > + environmentType=Test + - name: Show website hostname + run: | + echo "Access the website at this address: https://${{ steps.deploy.outputs.appServiceAppHostName }}" \ No newline at end of file diff --git a/bicep/main.bicep b/bicep/main.bicep new file mode 100644 index 0000000..1902fac --- /dev/null +++ b/bicep/main.bicep @@ -0,0 +1,72 @@ +@description('The location into which your Azure resources should be deployed.') +param location string = resourceGroup().location + +@description('Select the type of environment you want to provision. Allowed values are Production and Test.') +@allowed([ + 'Production' + 'Test' +]) +param environmentType string + +@description('A unique suffix to add to resource names that need to be globally unique.') +@maxLength(13) +param resourceNameSuffix string = uniqueString(resourceGroup().id) + +// Define the names for resources. +var appServiceAppName = 'toy-website-${resourceNameSuffix}' +var appServicePlanName = 'toy-website' +var storageAccountName = 'mystorage${resourceNameSuffix}' + +// Define the SKUs for each component based on the environment type. +var environmentConfigurationMap = { + Production: { + appServicePlan: { + sku: { + name: 'S1' + capacity: 1 + } + } + storageAccount: { + sku: { + name: 'Standard_LRS' + } + } + } + Test: { + appServicePlan: { + sku: { + name: 'B1' + } + } + storageAccount: { + sku: { + name: 'Standard_GRS' + } + } + } +} + +resource appServicePlan 'Microsoft.Web/serverfarms@2021-01-15' = { + name: appServicePlanName + location: location + sku: environmentConfigurationMap[environmentType].appServicePlan.sku +} + +resource appServiceApp 'Microsoft.Web/sites@2021-01-15' = { + name: appServiceAppName + location: location + properties: { + serverFarmId: appServicePlan.id + httpsOnly: true + } +} + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = { + name: storageAccountName + location: location + kind: 'StorageV2' + sku: environmentConfigurationMap[environmentType].storageAccount.sku +} + +output appServiceAppName string = appServiceApp.name +output appServiceAppHostName string = appServiceApp.properties.defaultHostName \ No newline at end of file diff --git a/dotnet-sample/Program.cs b/dotnet-sample/Program.cs index dd21ad4..e7f4ce6 100644 --- a/dotnet-sample/Program.cs +++ b/dotnet-sample/Program.cs @@ -1,6 +1,6 @@ var builder = WebApplication.CreateBuilder(args); var app = builder.Build(); -app.MapGet("/", () => "Hello from FTA!"); +app.MapGet("/", () => "Hello from CodeMash!"); app.Run();