Skip to content

Fix: Add support for ssh keys for Linux jumpbox (#134) #71

Fix: Add support for ssh keys for Linux jumpbox (#134)

Fix: Add support for ssh keys for Linux jumpbox (#134) #71

# This workflow will deploy the LZA
name: LZA Deployment
on:
# When you directly push in the main branch
push:
branches:
- main
paths:
- 'scenarios/aca-internal/bicep/**'
- '!scenarios/aca-internal/bicep/**.md'
# when pull request is issued for the main branch
pull_request:
branches:
- main
paths:
- 'scenarios/aca-internal/bicep/**'
- '!scenarios/aca-internal/bicep/**.md'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# The lint job performs linting on the bicep code
lint:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
# Runs the Bicep linter to ensure build is successful
- name: Run Bicep linter
run: az bicep build --file ./scenarios/aca-internal/bicep/main.bicep
validate:
runs-on: ubuntu-latest
needs: [lint]
steps:
- uses: actions/checkout@v3
- uses: azure/login@v1
name: Sign in to Azure
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: azure/[email protected]
name: Run preflight validation
with:
deploymentName: ${{ github.run_number }}
scope: subscription
region: ${{ vars.LOCATION }}
template: ./scenarios/aca-internal/bicep/main.bicep
parameters: ./scenarios/aca-internal/bicep/main.parameters.jsonc
deploymentMode: Validate
preview:
runs-on: ubuntu-latest
needs: [lint, validate]
steps:
- uses: actions/checkout@v3
- uses: azure/login@v1
name: Sign in to Azure
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: Azure/cli@v1
name: Run what-if
with:
azcliversion: 2.45.0
inlineScript: |
az deployment sub what-if \
--location ${{ vars.LOCATION }} \
--template-file ./scenarios/aca-internal/bicep/main.bicep \
--parameters ./scenarios/aca-internal/bicep/main.parameters.jsonc \
--parameters deployHelloWorldSample=false
deploy:
runs-on: ubuntu-latest
needs: [preview]
steps:
- uses: actions/checkout@v3
- uses: azure/login@v1
name: Sign in to Azure
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: azure/[email protected]
id: deployment
name: Deployment
with:
deploymentName: "GitHubAction-${{ github.run_number }}"
scope: subscription
region: ${{ vars.LOCATION }}
template: ./scenarios/aca-internal/bicep/main.bicep
parameters: ./scenarios/aca-internal/bicep/main.parameters.jsonc deployHelloWorldSample=true
failOnStdErr: false
outputs:
spokeResourceGroupName: ${{ steps.deployment.outputs.spokeResourceGroupName }}
hubResourceGroupName: ${{ steps.deployment.outputs.hubResourceGroupName }}
# teardown:
# runs-on: ubuntu-latest
# needs: [deploy]
# env:
# ENABLE_TEARDOWN: true
# steps:
# - uses: trstringer/manual-approval@v1
# name: Manual Approval of tear-down
# if: vars.ENABLE_TEARDOWN == 'true'
# with:
# secret: ${{ github.TOKEN }}
# timeout-minutes: 120
# approvers: thotheod,aarthiem,kpantos
# minimum-approvals: 1
# issue-title: "Deployed ACA-LZA GitHubAction-${{ github.run_number }}"
# issue-body: "Please approve or deny the tear-down of deployment GitHubAction-${{ github.run_number }}"
# exclude-workflow-initiator-as-approver: false
# additional-approved-words: ''
# additional-denied-words: ''
# - uses: azure/login@v1
# if: vars.ENABLE_TEARDOWN == 'true'
# name: Sign in to Azure
# with:
# creds: ${{ secrets.AZURE_CREDENTIALS }}
# - uses: Azure/cli@v1
# name: Run tear-down
# if: vars.ENABLE_TEARDOWN == 'true'
# with:
# azcliversion: 2.45.0
# inlineScript: |
# az group delete --name ${{ needs.deploy.outputs.spokeResourceGroupName }} --yes
# az group delete --name ${{ needs.deploy.outputs.hubResourceGroupName }} --yes
# az deployment sub delete --name "GitHubAction-${{ github.run_number }}" --no-wait