Deploy Azure Infrastructure (Bicep) #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Azure Infrastructure (Bicep) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Target environment' | |
| required: true | |
| default: 'dev' | |
| type: choice | |
| options: | |
| - dev | |
| permissions: | |
| id-token: write # Required for OIDC token request | |
| contents: read | |
| env: | |
| RESOURCE_GROUP: 'rg-talent-dev' | |
| BICEP_FILE: 'infra/main.bicep' | |
| PARAMS_FILE: 'infra/parameters/dev.bicepparam' | |
| jobs: | |
| deploy-infrastructure: | |
| name: Deploy Bicep Infrastructure | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Deploy Bicep | |
| env: | |
| SQL_PASSWORD: ${{ secrets.SQL_ADMIN_PASSWORD }} | |
| run: | | |
| az deployment group create \ | |
| --resource-group ${{ env.RESOURCE_GROUP }} \ | |
| --template-file ${{ env.BICEP_FILE }} \ | |
| --parameters ${{ env.PARAMS_FILE }} \ | |
| --parameters sqlAdminPassword="$SQL_PASSWORD" \ | |
| --output json |