diff --git a/templates/common/.azdo/pipelines/bicep/azure-dev.yml b/templates/common/.azdo/pipelines/bicep/azure-dev.yml new file mode 100644 index 00000000000..8c67ec048e4 --- /dev/null +++ b/templates/common/.azdo/pipelines/bicep/azure-dev.yml @@ -0,0 +1,57 @@ +# Run when commits are pushed to mainline branch (main or master) +# Set this to the mainline branch you are using +trigger: + - main + - master + +# Azure Pipelines workflow to deploy to Azure using azd +# To configure required secrets and service connection for connecting to Azure, simply run `azd pipeline config --provider azdo` +# Task "Install azd" needs to install setup-azd extension for azdo - https://marketplace.visualstudio.com/items?itemName=ms-azuretools.azd +# See below for alternative task to install azd if you can't install above task in your organization + +pool: + vmImage: ubuntu-latest + +steps: + - task: setup-azd@0 + displayName: Install azd + + # If you can't install above task in your organization, you can comment it and uncomment below task to install azd + # - task: Bash@3 + # displayName: Install azd + # inputs: + # targetType: 'inline' + # script: | + # curl -fsSL https://aka.ms/install-azd.sh | bash + + # azd delegate auth to az to use service connection with AzureCLI@2 + - pwsh: | + azd config set auth.useAzCliAuth "true" + displayName: Configure AZD to Use AZ CLI Authentication. + + - task: AzureCLI@2 + displayName: Provision Infrastructure + inputs: + azureSubscription: azconnection + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + azd provision --no-prompt + env: + AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID) + AZURE_ENV_NAME: $(AZURE_ENV_NAME) + AZURE_LOCATION: $(AZURE_LOCATION) + AZD_INITIAL_ENVIRONMENT_CONFIG: $(secrets.AZD_INITIAL_ENVIRONMENT_CONFIG) + + - task: AzureCLI@2 + displayName: Deploy Application + inputs: + azureSubscription: azconnection + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + azd deploy --no-prompt + env: + AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID) + AZURE_ENV_NAME: $(AZURE_ENV_NAME) + AZURE_LOCATION: $(AZURE_LOCATION) diff --git a/templates/common/.azdo/pipelines/terraform/azure-dev.yml b/templates/common/.azdo/pipelines/terraform/azure-dev.yml new file mode 100644 index 00000000000..32a7c2bc2b9 --- /dev/null +++ b/templates/common/.azdo/pipelines/terraform/azure-dev.yml @@ -0,0 +1,63 @@ +# Run when commits are pushed to mainline branch (main or master) +# Set this to the mainline branch you are using +trigger: + - main + - master + +# Azure Pipelines workflow to deploy to Azure using azd +# To configure required secrets and service connection for connecting to Azure, simply run `azd pipeline config --provider azdo` +# Task "Install azd" needs to install setup-azd extension for azdo - https://marketplace.visualstudio.com/items?itemName=ms-azuretools.azd +# See below for alternative task to install azd if you can't install above task in your organization + +pool: + vmImage: ubuntu-latest + +steps: + - task: setup-azd@0 + displayName: Install azd + + # If you can't install above task in your organization, you can comment it and uncomment below task to install azd + # - task: Bash@3 + # displayName: Install azd + # inputs: + # targetType: 'inline' + # script: | + # curl -fsSL https://aka.ms/install-azd.sh | bash + + # azd delegate auth to az to use service connection with AzureCLI@2 + - pwsh: | + azd config set auth.useAzCliAuth "true" + displayName: Configure AZD to Use AZ CLI Authentication. + + - task: AzureCLI@2 + displayName: Provision Infrastructure + inputs: + azureSubscription: azconnection + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + azd provision --no-prompt + env: + AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID) + AZURE_ENV_NAME: $(AZURE_ENV_NAME) + AZURE_LOCATION: $(AZURE_LOCATION) + ARM_TENANT_ID: $(ARM_TENANT_ID) + ARM_CLIENT_ID: $(ARM_CLIENT_ID) + ARM_CLIENT_SECRET: $(ARM_CLIENT_SECRET) + RS_RESOURCE_GROUP: $(RS_RESOURCE_GROUP) + RS_STORAGE_ACCOUNT: $(RS_STORAGE_ACCOUNT) + RS_CONTAINER_NAME: $(RS_CONTAINER_NAME) + AZD_INITIAL_ENVIRONMENT_CONFIG: $(secrets.AZD_INITIAL_ENVIRONMENT_CONFIG) + + - task: AzureCLI@2 + displayName: Deploy Application + inputs: + azureSubscription: azconnection + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + azd deploy --no-prompt + env: + AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID) + AZURE_ENV_NAME: $(AZURE_ENV_NAME) + AZURE_LOCATION: $(AZURE_LOCATION) diff --git a/templates/common/.github/workflows/bicep/azure-dev.yml b/templates/common/.github/workflows/bicep/azure-dev.yml new file mode 100644 index 00000000000..7b374fae089 --- /dev/null +++ b/templates/common/.github/workflows/bicep/azure-dev.yml @@ -0,0 +1,64 @@ +on: + workflow_dispatch: + push: + # Run when commits are pushed to mainline branch (main or master) + # Set this to the mainline branch you are using + branches: + - main + - master + +# GitHub Actions workflow to deploy to Azure using azd +# To configure required secrets for connecting to Azure, simply run `azd pipeline config` + +# Set up permissions for deploying with secretless Azure federated credentials +# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication +permissions: + id-token: write + contents: read + +jobs: + build: + runs-on: ubuntu-latest + env: + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install azd + uses: Azure/setup-azd@v1.0.0 + + - name: Log in with Azure (Federated Credentials) + if: ${{ env.AZURE_CLIENT_ID != '' }} + run: | + azd auth login ` + --client-id "$Env:AZURE_CLIENT_ID" ` + --federated-credential-provider "github" ` + --tenant-id "$Env:AZURE_TENANT_ID" + shell: pwsh + + - name: Log in with Azure (Client Credentials) + if: ${{ env.AZURE_CREDENTIALS != '' }} + run: | + $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable; + Write-Host "::add-mask::$($info.clientSecret)" + + azd auth login ` + --client-id "$($info.clientId)" ` + --client-secret "$($info.clientSecret)" ` + --tenant-id "$($info.tenantId)" + shell: pwsh + env: + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Provision Infrastructure + run: azd provision --no-prompt + env: + AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }} + + - name: Deploy Application + run: azd deploy --no-prompt diff --git a/templates/common/.github/workflows/terraform/azure-dev.yml b/templates/common/.github/workflows/terraform/azure-dev.yml new file mode 100644 index 00000000000..14454e2ae50 --- /dev/null +++ b/templates/common/.github/workflows/terraform/azure-dev.yml @@ -0,0 +1,71 @@ +on: + workflow_dispatch: + push: + # Run when commits are pushed to mainline branch (main or master) + # Set this to the mainline branch you are using + branches: + - main + - master + +# GitHub Actions workflow to deploy to Azure using azd +# To configure required secrets for connecting to Azure, simply run `azd pipeline config --auth-type client-credentials` + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install azd + uses: Azure/setup-azd@v1.0.0 + + - name: Install Nodejs + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Login az + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Set az account + uses: azure/CLI@v1 + with: + inlineScript: | + az account set --subscription ${{vars.AZURE_SUBSCRIPTION_ID}} + + - name: Log in with Azure + run: | + $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable; + Write-Host "::add-mask::$($info.clientSecret)" + + azd auth login ` + --client-id "$($info.clientId)" ` + --client-secret "$($info.clientSecret)" ` + --tenant-id "$($info.tenantId)" + shell: pwsh + env: + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Provision Infrastructure + run: azd provision --no-prompt + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }} + ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + RS_RESOURCE_GROUP: ${{ vars.RS_RESOURCE_GROUP }} + RS_STORAGE_ACCOUNT: ${{ vars.RS_STORAGE_ACCOUNT }} + RS_CONTAINER_NAME: ${{ vars.RS_CONTAINER_NAME }} + AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }} + + - name: Deploy Application + run: azd deploy --no-prompt + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} diff --git a/templates/starter/bicep/repo.yaml b/templates/starter/bicep/repo.yaml index 9e61c184226..7b9de6e2127 100644 --- a/templates/starter/bicep/repo.yaml +++ b/templates/starter/bicep/repo.yaml @@ -22,14 +22,6 @@ repo: - "**/*.bicep" assets: - # AzDo workflows for bicep - - from: ../../common/.azdo/pipelines/bicep/azure-dev.yml - to: ./.azdo/pipelines/azure-dev.yml - - # Github workflows for bicep - - from: ../../common/.github/workflows/bicep - to: ./.github/workflows - # abbreviations.json - from: ../../common/infra/bicep/abbreviations.json to: ./infra/abbreviations.json diff --git a/templates/starter/terraform/repo.yaml b/templates/starter/terraform/repo.yaml index 62b2fa8dd6c..d53c2b38581 100644 --- a/templates/starter/terraform/repo.yaml +++ b/templates/starter/terraform/repo.yaml @@ -15,14 +15,6 @@ repo: branch: staging assets: - # AzDo workflows for bicep - - from: ../../common/.azdo/pipelines/terraform/azure-dev.yml - to: ./.azdo/pipelines/azure-dev.yml - - # Github workflows for bicep - - from: ../../common/.github/workflows/terraform - to: ./.github/workflows - # .gitignore - from: ../../common/.gitignore to: ./.gitignore