deploy infra

Author: Karacs Péter

.github/workflows/deploy.yml

@@ -1,30 +1,56 @@
-name: Deploy Infrastructure
+name: Build and Deploy Bicep Template
 
 on:
   push:
     branches:
-      - main
-  workflow_dispatch:
+      - main  
 
 jobs:
-  deploy:
+  build:
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
+
+      - name: Set up Azure CLI
+        uses: azure/cli@v1.0.7
+        with:
+          inlineScript: |
+            az version
 
-      - name: Azure Login
+      - name: Login to Azure
         uses: azure/login@v1
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
 
-      - name: Deploy Bicep
-        uses: azure/arm-deploy@v1
+      - name: Build Bicep Template
+        run: |
+          # Validate the Bicep template
+          az bicep build --file main.bicep
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build  # Ensure this job runs after the build job
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Azure CLI
+        uses: azure/cli@v1.0.7
         with:
-          subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          resourceGroupName: BCSAI2024-DEVOPS-STUDENTS-A-DEV
-          template: ./main.bicep
-          parameters: ./main.parameters.json
-          failOnStdErr: false
-          deploymentName: "github-action-deployment-${{ github.run_number }}"
+          inlineScript: |
+            az version
+
+      - name: Login to Azure
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Deploy Bicep Template
+        run: |
+          az deployment group create \
+            --resource-group BCSAI2024-DEVOPS-STUDENTS-A-DEV \
+            --template-file main.bicep \
+            --parameters main.parameters.json

main.bicep

@@ -19,69 +19,31 @@ param containerRegistryImageName string
 @description('The version/tag of the container image')
 param containerRegistryImageVersion string
 
-var acrUsernameSecretName = 'acr-admin-username'
-var acrPasswordSecretName = 'acr-admin-password1'
-var keyVaultName = '${name}-kv'
-
-module keyVault 'modules/key-vault.bicep' = {
-  name: 'keyVaultDeployment'
-  params: {
-    name: keyVaultName
-    location: location
-    enableVaultForDeployment: true
-    roleAssignments: [
-      {
-        principalId: '7200f83e-ec45-4915-8c52-fb94147cfe5a'
-        roleDefinitionIdOrName: 'Key Vault Secrets User'
-        principalType: 'ServicePrincipal'
-      }
-      {
-        principalId: 'f248a218-1ef9-47bf-9928-ae47093fd442'  // ARM Service Principal
-        roleDefinitionIdOrName: 'Key Vault Secrets User'
-        principalType: 'ServicePrincipal'
-      }
-      {
-        principalId: '25d8d697-c4a2-479f-96e0-15593a830ae5'  // GitHub Actions Service Principal
-        roleDefinitionIdOrName: 'Key Vault Secrets User'
-        principalType: 'ServicePrincipal'
-      }
-    ]
-  }
-}
-
-resource keyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
-  name: keyVaultName
-}
-
-module containerRegistry 'modules/acr.bicep' = {
-  name: 'registry-deployment'
+module containerRegistry 'modules/container-registry.bicep' = {
+  name: 'containerRegistryDeployment'
   params: {
     name: name
     location: location
     acrAdminUserEnabled: acrAdminUserEnabled
-    adminCredentialsKeyVaultResourceId: keyVault.outputs.id
-    adminCredentialsKeyVaultSecretUserName: acrUsernameSecretName
-    adminCredentialsKeyVaultSecretUserPassword1: acrPasswordSecretName
-    adminCredentialsKeyVaultSecretUserPassword2: 'acr-admin-password2'
   }
 }
 
-
-module appServicePlan 'modules/webApp.bicep' = {
+module appServicePlan 'modules/app-service-plan.bicep' = {
   name: 'appServicePlanPeter'
   params: {
     name: 'appServicePlanPeter'
     location: location
     sku: {
       name: 'B1'
       capacity: 1
+      family: 'B'
+      size: 'B1'
       tier: 'Basic'
     }
   }
 }
 
-
-module appService 'modules/servicePlan.bicep' = {
+module appService 'modules/app-service.bicep' = {
   name: 'appServicePeter'
   params: {
     name: appServiceName
@@ -90,13 +52,9 @@ module appService 'modules/servicePlan.bicep' = {
     containerRegistryName: name
     containerRegistryImageName: containerRegistryImageName
     containerRegistryImageVersion: containerRegistryImageVersion
-    dockerRegistryServerUrl: 'https://${containerRegistry.outputs.loginServer}'
-    dockerRegistryServerUserName: keyVaultResource.getSecret(acrUsernameSecretName)
-    dockerRegistryServerPassword: keyVaultResource.getSecret(acrPasswordSecretName)
   }
 }
 
-
 output containerRegistryLoginServer string = containerRegistry.outputs.loginServer
 output appServiceId string = appService.outputs.id
 output appServiceName string = appService.outputs.name

main.parameters.json

@@ -1,24 +1,21 @@
 {
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json",
   "contentVersion": "1.0.0.0",
   "parameters": {
     "location": {
-      "value": "westeurope"
+      "value": "northeurope"
     },
-    "acrName": {
-      "value": "demoacr${uniqueString(resourceGroup().id)}"
+    "name": {
+      "value": "PeterAppRegistry"
     },
-    "servicePlanName": {
-      "value": "myServicePlan"
-    },
-    "webAppName": {
-      "value": "demo-webapp"
+    "appServiceName": {
+      "value": "PeterAppService"
     },
     "containerRegistryImageName": {
-      "value": "demo-image"
+      "value": "PeterAppRegistry"
     },
     "containerRegistryImageVersion": {
       "value": "latest"
     }
   }
-}
+}

modules/acr.bicep

@@ -0,0 +1,56 @@
+@description('The name of the App Service')
+param name string
+
+@description('The location for the App Service')
+param location string
+
+@description('The name of the App Service Plan')
+param appServicePlanName string
+
+@description('The name of the Container Registry')
+param containerRegistryName string
+
+@description('The name of the container image')
+param containerRegistryImageName string
+
+@description('The version/tag of the container image')
+param containerRegistryImageVersion string
+
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' existing = {
+  name: containerRegistryName
+}
+
+resource appService 'Microsoft.Web/sites@2022-03-01' = {
+  name: name
+  location: location
+  kind: 'app'
+  properties: {
+    serverFarmId: resourceId('Microsoft.Web/serverfarms', appServicePlanName)
+    siteConfig: {
+      linuxFxVersion: 'DOCKER|${containerRegistry.properties.loginServer}/${containerRegistryImageName}:${containerRegistryImageVersion}'
+      appCommandLine: ''
+      appSettings: [
+        {
+          name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE'
+          value: 'false'
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_URL'
+          value: 'https://${containerRegistry.properties.loginServer}/'
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_USERNAME'
+          value: containerRegistry.listCredentials().username
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
+          value: containerRegistry.listCredentials().passwords[0].value
+        }
+      ]
+    }
+  }
+}
+
+output id string = appService.id
+output name string = appService.name
+output defaultHostName string = appService.properties.defaultHostName

modules/servicePlan.bicep modules/app-service-plan.bicepmodules/servicePlan.bicep renamed to modules/app-service-plan.bicep

@@ -0,0 +1,22 @@
+
+@description('The name of the Azure Container Registry')
+param name string
+
+@description('The location for the Azure Container Registry')
+param location string
+
+@description('Enable admin user for the Azure Container Registry')
+param acrAdminUserEnabled bool = true
+
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
+  name: name
+  location: location
+  sku: {
+    name: 'Basic'
+  }
+  properties: {
+    adminUserEnabled: acrAdminUserEnabled
+  }
+}
+
+output loginServer string = containerRegistry.properties.loginServer