Script to help testing #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| push: | |
| # Run when commits are pushed to mainline branch (main or master) | |
| # Set this to the mainline branch you are using | |
| branches: | |
| - main | |
| - master | |
| # GitHub Actions workflow to deploy to Azure using azd | |
| # To configure required secrets for connecting to Azure, simply run `azd pipeline config` | |
| # Set up permissions for deploying with secretless Azure federated credentials | |
| # https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| env: | |
| AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} | |
| AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install azd | |
| uses: Azure/setup-azd@v0.1.0 | |
| - name: Log in with Azure (Federated Credentials) | |
| if: ${{ env.AZURE_CLIENT_ID != '' }} | |
| run: | | |
| azd auth login ` | |
| --client-id "$Env:AZURE_CLIENT_ID" ` | |
| --federated-credential-provider "github" ` | |
| --tenant-id "$Env:AZURE_TENANT_ID" | |
| shell: pwsh | |
| - name: Log in with Azure (Client Credentials) | |
| if: ${{ env.AZURE_CREDENTIALS != '' }} | |
| run: | | |
| $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable; | |
| Write-Host "::add-mask::$($info.clientSecret)" | |
| azd auth login ` | |
| --client-id "$($info.clientId)" ` | |
| --client-secret "$($info.clientSecret)" ` | |
| --tenant-id "$($info.tenantId)" | |
| shell: pwsh | |
| env: | |
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Provision Infrastructure | |
| run: azd provision --no-prompt | |
| - name: Deploy Application | |
| run: azd deploy --no-prompt |