Chaminda's DevOps Journey with MSFT: Running Bicep IaC with GitHub Actions

We have discussed deploying Bicep script using an Azure DevOps pipeline in a pervious post. We have explored having a approvals working with GitHub actions in the post "Manual Approval in GitHub Actions". Let's utilize manual approvals and deploy Bicep script with GitHub actions.

As the first part of the pipeline let's set couple of variables required to pass as parameters to Bicep script.

name: Bicep Deploy

on:
  workflow_dispatch:

env:
  rgLocation: 'centralus'
  rgName: 'rg-githubbicep-001'
  planName: 'plan-githubbicep-001'
  planSKUName: 'B3' 
  planSKUCapacity: 1
  planKind: 'linux'
  webappName: 'app-githubbicep-001'
  linuxFxVersion: '"node|16-lts"'
  templateFile: './BicepDemo/Infra/main.bicep'

As the first job lets execute a --what-if to see what would happen is the Bicpe script is executed. We are using az login to logon to the Azure using CLI in GitHub actions.

jobs:
  Pre-Dev:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout
        uses: actions/checkout@v2.3.4
        
      - name: 'Az CLI login'
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: 'What happens if'
        shell: pwsh
        run: |
          az deployment sub create --location ${{ env.rgLocation }} `
                --template-file ${{ env.templateFile }} `
                --parameters rgName=${{ env.rgName }} `
                rgLocation=${{ env.rgLocation }} `
                planName=${{ env.planName }} `
                planSKUName=${{ env.planSKUName }} `
                planSKUCapacity=${{ env.planSKUCapacity }} `
                planKind=${{ env.planKind }} `
                webappName=${{ env.webappName }} `
                linuxFxVersion=${{ env.linuxFxVersion }} --what-if

Once executed the --what-if the log will display what would happen if the Bicep script is executed.

The next job is setup to to deploy the resources using Bicep script. The job is having a prerequisite job setup as the previous job to make it sequential and manual approval is setup as described in "Manual Approval in GitHub Actions".

  Dev:
    runs-on: ubuntu-latest
    needs: Pre-Dev
    environment:
      name: DevEnv

    steps:
      - name: Checkout
        uses: actions/checkout@v2.3.4
        
      - name: 'Az CLI login'
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: 'Deploy Dev Resources with Bicep'
        shell: pwsh
        run: |
          az deployment sub create --location ${{ env.rgLocation }} `
                --template-file ${{ env.templateFile }} `
                --parameters rgName=${{ env.rgName }} `
                rgLocation=${{ env.rgLocation }} `
                planName=${{ env.planName }} `
                planSKUName=${{ env.planSKUName }} `
                planSKUCapacity=${{ env.planSKUCapacity }} `
                planKind=${{ env.planKind }} `
                webappName=${{ env.webappName }} `
                linuxFxVersion=${{ env.linuxFxVersion }}

The approval/reject can be given in the job as shown below.

Once approval given the resources would be deployed using Bicep script n the GitHub action pipeline.

The entire pipeline code is as below.

name: Bicep Deploy

on:
  workflow_dispatch:

env:
  rgLocation: 'centralus'
  rgName: 'rg-githubbicep-001'
  planName: 'plan-githubbicep-001'
  planSKUName: 'B3' 
  planSKUCapacity: 1
  planKind: 'linux'
  webappName: 'app-githubbicep-001'
  linuxFxVersion: '"node|16-lts"'
  templateFile: './BicepDemo/Infra/main.bicep'
    
jobs:
  Pre-Dev:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout
        uses: actions/checkout@v2.3.4
        
      - name: 'Az CLI login'
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: 'What happens if'
        shell: pwsh
        run: |
          az deployment sub create --location ${{ env.rgLocation }} `
                --template-file ${{ env.templateFile }} `
                --parameters rgName=${{ env.rgName }} `
                rgLocation=${{ env.rgLocation }} `
                planName=${{ env.planName }} `
                planSKUName=${{ env.planSKUName }} `
                planSKUCapacity=${{ env.planSKUCapacity }} `
                planKind=${{ env.planKind }} `
                webappName=${{ env.webappName }} `
                linuxFxVersion=${{ env.linuxFxVersion }} --what-if

  Dev:
    runs-on: ubuntu-latest
    needs: Pre-Dev
    environment:
      name: DevEnv

    steps:
      - name: Checkout
        uses: actions/checkout@v2.3.4
        
      - name: 'Az CLI login'
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: 'Deploy Dev Resources with Bicep'
        shell: pwsh
        run: |
          az deployment sub create --location ${{ env.rgLocation }} `
                --template-file ${{ env.templateFile }} `
                --parameters rgName=${{ env.rgName }} `
                rgLocation=${{ env.rgLocation }} `
                planName=${{ env.planName }} `
                planSKUName=${{ env.planSKUName }} `
                planSKUCapacity=${{ env.planSKUCapacity }} `
                planKind=${{ env.planKind }} `
                webappName=${{ env.webappName }} `
                linuxFxVersion=${{ env.linuxFxVersion }}

Chaminda's DevOps Journey with MSFT

Saturday 17 July 2021

Running Bicep IaC with GitHub Actions

No comments:

Popular Posts