|
|
on: |
|
|
workflow_dispatch: |
|
|
push: |
|
|
|
|
|
|
|
|
branches: |
|
|
- main |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
permissions: |
|
|
id-token: write |
|
|
contents: read |
|
|
|
|
|
jobs: |
|
|
build: |
|
|
runs-on: ubuntu-latest |
|
|
env: |
|
|
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} |
|
|
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} |
|
|
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} |
|
|
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} |
|
|
steps: |
|
|
- name: Checkout |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Install azd |
|
|
uses: Azure/[email protected] |
|
|
|
|
|
- name: Log in with Azure (Federated Credentials) |
|
|
if: ${{ env.AZURE_CLIENT_ID != '' }} |
|
|
run: | |
|
|
azd auth login ` |
|
|
--client-id "$Env:AZURE_CLIENT_ID" ` |
|
|
--federated-credential-provider "github" ` |
|
|
--tenant-id "$Env:AZURE_TENANT_ID" |
|
|
shell: pwsh |
|
|
|
|
|
- name: Log in with Azure (Client Credentials) |
|
|
if: ${{ env.AZURE_CREDENTIALS != '' }} |
|
|
run: | |
|
|
$info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable; |
|
|
Write-Host "::add-mask::$($info.clientSecret)" |
|
|
|
|
|
azd auth login ` |
|
|
--client-id "$($info.clientId)" ` |
|
|
--client-secret "$($info.clientSecret)" ` |
|
|
--tenant-id "$($info.tenantId)" |
|
|
shell: pwsh |
|
|
env: |
|
|
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} |
|
|
|
|
|
- name: Provision Infrastructure |
|
|
run: azd provision --no-prompt |
|
|
env: |
|
|
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} |
|
|
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} |
|
|
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} |
|
|
|
|
|
- name: Deploy Application |
|
|
run: azd deploy --no-prompt |
|
|
env: |
|
|
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} |
|
|
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} |
|
|
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} |
|
|
|
