ci: ensure bicep is upgraded (#1593)

## Description  ## Related Issue(s) - #{issue number} ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)
digdir · Dec 11, 2024 · bb4433b · bb4433b
1 parent 6e88e0c
commit bb4433b
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 24 deletions.
diff --git a/.azure/modules/redis/main.bicep b/.azure/modules/redis/main.bicep
@@ -97,9 +97,6 @@ module privateDnsZone '../privateDnsZone/main.bicep' = {
 
 module privateDnsZoneGroup '../privateDnsZoneGroup/main.bicep' = {
   name: '${namePrefix}-redis-privateDnsZoneGroup'
-  dependsOn: [
-    privateDnsZone
-  ]
   params: {
     name: 'default'
     dnsZoneGroupName: 'privatelink-redis-cache-windows-net'

diff --git a/.azure/modules/serviceBus/main.bicep b/.azure/modules/serviceBus/main.bicep
@@ -83,9 +83,6 @@ module privateDnsZone '../privateDnsZone/main.bicep' = {
 
 module privateDnsZoneGroup '../privateDnsZoneGroup/main.bicep' = {
   name: '${namePrefix}-service-bus-privateDnsZoneGroup'
-  dependsOn: [
-    privateDnsZone
-  ]
   params: {
     name: 'default'
     dnsZoneGroupName: 'privatelink-servicebus-windows-net'

diff --git a/.github/actions/azure-login/action.yml b/.github/actions/azure-login/action.yml
@@ -0,0 +1,28 @@
+name: 'Azure Login with Bicep Upgrade'
+description: 'Login to Azure and upgrade Bicep CLI'
+
+inputs:
+  client-id:
+    description: 'Azure Client ID'
+    required: true
+  tenant-id:
+    description: 'Azure Tenant ID'
+    required: true
+  subscription-id:
+    description: 'Azure Subscription ID'
+    required: true
+env:
+  AZ_CLI_VERSION: 2.67.0
+runs:
+  using: "composite"
+  steps:
+    - name: OIDC Login to Azure Public Cloud
+      uses: azure/login@v2
+      with:
+        client-id: ${{ inputs.client-id }}
+        tenant-id: ${{ inputs.tenant-id }}
+        subscription-id: ${{ inputs.subscription-id }}
+
+    - name: Upgrade Azure Bicep
+      shell: bash
+      run: az bicep upgrade 
diff --git a/.github/workflows/workflow-deploy-apps.yml b/.github/workflows/workflow-deploy-apps.yml
@@ -1,6 +1,4 @@
 name: Deploy apps
-env:
-  AZ_CLI_VERSION: 2.67.0
 on:
   workflow_call:
     outputs:
@@ -67,8 +65,8 @@ jobs:
       - name: "Checkout GitHub Action"
         uses: actions/checkout@v4
 
-      - name: OIDC Login to Azure Public Cloud
-        uses: azure/login@v2
+      - name: Azure Login
+        uses: ./.github/actions/azure-login
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -119,7 +117,6 @@ jobs:
         uses: azure/CLI@v2
         if: ${{!inputs.dryRun}}
         with:
-          azcliversion: ${{ env.AZ_CLI_VERSION }}
           inlineScript: |
             az containerapp job start -n ${{ steps.deploy.outputs.name }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
 
@@ -129,7 +126,6 @@ jobs:
         id: verify-migration
         timeout-minutes: 3
         with:
-          azcliversion: ${{ env.AZ_CLI_VERSION }}
           inlineScript: |
             ./.github/tools/containerAppJobVerifier.sh ${{ steps.deploy.outputs.name }} ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} ${{ inputs.version }}
 
@@ -162,12 +158,13 @@ jobs:
       - name: "Checkout GitHub Action"
         uses: actions/checkout@v4
 
-      - name: OIDC Login to Azure Public Cloud
-        uses: azure/login@v2
+      - name: Azure Login
+        uses: ./.github/actions/azure-login
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
       - name: Dryrun Deploy app ${{ matrix.name }}(${{ inputs.environment }})
         uses: azure/arm-deploy@v2
         if: ${{ inputs.dryRun }}
@@ -223,7 +220,6 @@ jobs:
         id: verify-deployment
         timeout-minutes: 3
         with:
-          azcliversion: ${{ env.AZ_CLI_VERSION }}
           inlineScript: |
             ./.github/tools/revisionVerifier.sh ${{ steps.deploy.outputs.revisionName }} ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
 
@@ -252,8 +248,8 @@ jobs:
       - name: "Checkout GitHub Action"
         uses: actions/checkout@v4
 
-      - name: OIDC Login to Azure Public Cloud
-        uses: azure/login@v2
+      - name: Azure Login
+        uses: ./.github/actions/azure-login
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}

diff --git a/.github/workflows/workflow-deploy-infra.yml b/.github/workflows/workflow-deploy-infra.yml
@@ -1,8 +1,4 @@
 name: Deploy infrastructure
-
-env:
-  AZ_CLI_VERSION: 2.67.0
-
 on:
   workflow_call:
     secrets:
@@ -63,8 +59,8 @@ jobs:
         with:
           ref: ${{ inputs.ref }}
 
-      - name: OIDC Login to Azure Public Cloud
-        uses: azure/login@v2
+      - name: Azure Login
+        uses: ./.github/actions/azure-login
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -74,7 +70,6 @@ jobs:
         uses: azure/CLI@v2
         id: keyvault-keys
         with:
-          azcliversion: ${{ env.AZ_CLI_VERSION }}
           inlineScript: |
             KEY_VAULT_KEYS=$(az keyvault secret list --vault-name ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }} --subscription ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }} --query "[].name" -o json | tr -d '\n')
             echo "::set-output name=key-vault-keys::$KEY_VAULT_KEYS"