Build, apply IaC and deploy to Azure App Service

Merge pull request #22 from secure-web-apps/feature/improvements #44

Workflow file for this run

.github/workflows/deploy-to-azure.yml at 6da26c2

	name: Build, apply IaC and deploy to Azure App Service

	on:
	push:
	branches: ["main"]
	workflow_dispatch:

	concurrency:
	group: deploy-to-azure
	cancel-in-progress: false

	env:
	AZURE_WEBAPP_NAME: e2e-security-web-appsrv-dev # set this to the name of your Azure App Service
	AZURE_WEBAPP_PACKAGE_PATH: "."
	DOTNET_VERSION: "10.0.x" # set this to the .NET Core version to use
	TERRAFORM_ROOT_DIRECTORY: "./iac"
	TERRAFORM_VERSION: "1.13.3"

	jobs:
	build:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	id-token: write

	steps:
	- uses: actions/checkout@v4

	- name: Setup .NET
	uses: actions/setup-dotnet@v5
	with:
	dotnet-version: ${{ env.DOTNET_VERSION }}

	- name: Set up dependency caching for faster builds
	uses: actions/cache@v4
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
	restore-keys: \|
	${{ runner.os }}-nuget-

	- name: Restore dependencies
	run: dotnet restore

	- name: npm setup
	working-directory: ui
	run: npm install --force --ignore-scripts

	- name: ui-angular-cli-build
	working-directory: ui
	run: npm run build

	- name: Build with dotnet
	run: dotnet build --configuration Release

	- name: dotnet publish
	run: dotnet publish server/BffMicrosoftEntraID.Server.csproj -c Release -o ./temp

	- name: Upload artifact for deployment job
	uses: actions/upload-artifact@v4
	with:
	name: dotnet-app
	path: ./temp
	include-hidden-files: true # otherwise .well-known folder is not included

	iac_plan:
	name: IaC (Terraform) Plan
	runs-on: ubuntu-latest
	environment: dev-iac

	steps:
	- uses: actions/checkout@v4

	- uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{ env.TERRAFORM_VERSION }}

	- name: Terraform init
	run: terraform -chdir=${{ env.TERRAFORM_ROOT_DIRECTORY }} init --backend-config=backend/dev.backend.tfvars --backend-config='client_id=${{ secrets.AZURE_CLIENT_ID }}' --backend-config='subscription_id=${{ secrets.AZURE_SUBSCRIPTION_ID }}' --backend-config='tenant_id=${{ secrets.AZURE_TENANT_ID }}'

	- name: Terraform plan
	run: terraform -chdir=${{ env.TERRAFORM_ROOT_DIRECTORY }} plan --var-file=vars/dev.app.tfvars --var='client_id=${{ secrets.AZURE_CLIENT_ID }}' --var='subscription_id=${{ secrets.AZURE_SUBSCRIPTION_ID }}' --var='tenant_id=${{ secrets.AZURE_TENANT_ID }}' -out=tfplan

	iac_apply:
	name: IaC (Terraform) Apply
	runs-on: ubuntu-latest
	environment: dev-iac
	needs: iac_plan

	steps:
	- uses: actions/checkout@v4

	- uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{ env.TERRAFORM_VERSION }}

	- name: Terraform init
	run: terraform -chdir=${{ env.TERRAFORM_ROOT_DIRECTORY }} init --backend-config=backend/dev.backend.tfvars --backend-config='client_id=${{ secrets.AZURE_CLIENT_ID }}' --backend-config='subscription_id=${{ secrets.AZURE_SUBSCRIPTION_ID }}' --backend-config='tenant_id=${{ secrets.AZURE_TENANT_ID }}'

	- name: Terraform apply
	run: terraform -chdir=${{ env.TERRAFORM_ROOT_DIRECTORY }} apply --var-file=vars/dev.app.tfvars --var='client_id=${{ secrets.AZURE_CLIENT_ID }}' --var='subscription_id=${{ secrets.AZURE_SUBSCRIPTION_ID }}' --var='tenant_id=${{ secrets.AZURE_TENANT_ID }}' -auto-approve

	deploy:
	name: Deploy to Azure App Service
	runs-on: ubuntu-latest
	needs: [build, iac_apply]
	environment:
	name: dev
	url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}

	steps:
	- name: Download artifact from build job
	uses: actions/download-artifact@v4
	with:
	name: dotnet-app

	- uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Deploy to Azure App Service
	id: deploy-to-webapp
	uses: azure/webapps-deploy@v3
	with:
	app-name: ${{ env.AZURE_WEBAPP_NAME }}
	resource-group-name: e2e-security-web-rg-dev
	package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #22 from secure-web-apps/feature/improvements #44

Workflow file

Merge pull request #22 from secure-web-apps/feature/improvements #44

Uh oh!

Workflow file for this run