Create README.md #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "PR - IaC (Bicep)" | |
| # run on pr to main branch only | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - ".azure/bicep/**" | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| # Set envs | |
| env: | |
| WORKDIR: ".azure/bicep" | |
| RESOURCE-GROUP: ivey-az400-github | |
| # Set defaults for GitHub Actions runner | |
| defaults: | |
| run: | |
| working-directory: ".azure/bicep" | |
| jobs: | |
| codequalitycheck: | |
| name: "Code Quality Check" | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the repository to the GitHub Actions runner | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| # Get RESOURCES_PREFIX based on the repo name | |
| - name: Get repo name | |
| uses: actions/github-script@v5 | |
| id: resources_prefix | |
| with: | |
| result-encoding: string | |
| script: return context.repo.repo.toLowerCase() | |
| # Login to Azure with Service Principal | |
| - name: Azure login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Checks that all Bicep configuration files adhere to a canonical format | |
| - name: Bicep Lint | |
| uses: Azure/[email protected] | |
| with: | |
| inlineScript: az bicep build --file ${{ env.WORKDIR }}/webapp.bicep | |
| id: lint | |
| # Create resource group | |
| - name: Create resource group | |
| uses: azure/cli@v2 | |
| with: | |
| azcliversion: 2.30.0 | |
| inlineScript: az group create -n ${{ env.RESOURCE-GROUP }} -l ${{ env.LOCATION }} --tags course=AZ-400 | |
| # Validate whether a template is valid at subscription scope | |
| - name: Bicep Validate | |
| uses: Azure/[email protected] | |
| with: | |
| inlineScript: | | |
| az deployment group validate \ | |
| --name ${{ github.run_id }} \ | |
| --resource-group ${{ env.RESOURCE-GROUP }} \ | |
| --template-file ${{ env.WORKDIR }}/webapp.bicep \ | |
| --location uksouth \ | |
| --parameters resourcesPrefix=${{ steps.resources_prefix.outputs.result }} | |
| id: validate | |
| - name: Update Pull Request | |
| uses: actions/[email protected] | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const output = `#### Bicep Lint 🖌\`${{ steps.lint.outcome }}\` | |
| #### Bicep Validation 🤖\`${{ steps.validate.outcome }}\` | |
| *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) |