Skip to content

Latest commit

 

History

History
180 lines (146 loc) · 5.45 KB

STACKS.md

File metadata and controls

180 lines (146 loc) · 5.45 KB

Deployment Stacks

Snippets

With .bicepparam

This snippet demonstrates the default usage of the azure/bicep-deploy@v2 GitHub Action to create a deployment stack. It deploys a "Development" environment in the westus2 region at the subscription scope, using main.bicep as the template and main.bicepparam for parameters. The deployment also deletes untracked resources and resource groups as needed, applies deny settings to prevent write and delete actions, and includes a description for the stack.

- name: Create
  uses: azure/bicep-deploy@v2
  with:
    type: deploymentStack
    operation: create
    name: Development
    location: westus2
    scope: subscription
    subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
    parameters-file: ./main.bicepparam
    action-on-unmanage-resources: delete
    action-on-unmanage-resourcegroups: delete
    deny-settings-mode: denyWriteAndDelete
    description: "Development Environment"

With in-line parameters

This snippet illustrates the default usage of the azure/bicep-deploy@v2 action to create a deployment stack, with an emphasis on the parameters input. It initiates a "Development" stack in the westus2 region for a specific Azure subscription. The parameters are given as a JSON object, specifying the resource name as "Development" and tagging it as "development." The configuration also includes deletion policies for unmanaged resources and resource groups, applies deny settings to restrict write and delete actions, and includes a description for the environment being created.

- name: Create
  uses: azure/bicep-deploy@v2
  with:
    type: deploymentStack
    operation: create
    name: Development
    location: westus2
    scope: subscription
    subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
    template-file: ./main.bicep
    parameters: '{"name": "Development", "tags": { "environment": "development" }}'
    action-on-unmanage-resources: delete
    action-on-unmanage-resourcegroups: delete
    deny-settings-mode: denyWriteAndDelete
    description: "Development Environment"

Workflows

Create

This workflow triggers on every push to the main branch. It checks out the repository, logs into Azure, and deploys a "Development" stack in the westus2 region using the provided template and parameters files. It also manages any untracked resources, applies deny policies, and adds a deployment description for clarity.

name: Stacks (Create)

on:
  push:
    branches:
      - main

permissions:
  contents: read
  id-token: write

jobs:
  deployment:
    name: "Deployment Stack"
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Create
        uses: azure/bicep-deploy@v2
        with:
          type: deploymentStack
          operation: create
          name: Development
          location: westus2
          scope: subscription
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          parameters-file: ./main.bicepparam
          action-on-unmanage-resources: delete
          action-on-unmanage-resourcegroups: delete
          deny-settings-mode: denyWriteAndDelete
          description: "Development Environment"

Validate

This workflow runs on pull requests to the main branch. It checks out the code, logs into Azure, and validates the "Development" deployment stack in the westus2 region using the specified template and parameters files.

name: Stacks (Validate)

on:
  pull_request:
    branches:
      - main

permissions:
  contents: read
  id-token: write

jobs:
  deployment:
    name: "Deployment Stack"
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Validate
        uses: azure/bicep-deploy@v2
        with:
          type: deploymentStack
          operation: validate
          name: Development
          location: westus2
          scope: subscription
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          parameters-file: ./main.bicepparam

Delete

This workflow runs on manual dispatch. It checks out the code, logs into Azure, and deletes a "Development" deployment stack in the westus2 region using the specified template and parameters files.

name: Stacks (Delete)

on: workflow_dispatch

permissions:
  contents: read
  id-token: write

jobs:
  deployment:
    name: "Stacks"
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Delete
        uses: azure/bicep-deploy@v2
        with:
          type: deploymentStack
          operation: delete
          name: Development
          location: westus2
          scope: subscription
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          parameters-file: ./main.bicepparam