.github/workflows/gtc-rg-entities-landingzone.yml #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches-ignore: | |
- main | |
paths: | |
- .github/workflows/gtc-rg-entities-landingzone.yml | |
- .azure/**/*.json | |
pull_request: | |
branches: | |
- main | |
paths: | |
- .github/workflows/gtc-rg-entities-landingzone.yml | |
- .azure/**/*.json | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: 'Environment to run' | |
required: true | |
default: 'development' | |
mode: | |
description: 'Running mode' | |
env: | |
APPINSIGHTS_NAME: 'appi-entities-dev-001' | |
ARM_PATH: './.azure' | |
AZURE_RG_NAME: 'gtc-rg-entities-dev-001' | |
AZURE_RG_LOCATION: 'westus3' | |
KEYVAULT_NAME: 'kv-entities-dev-001' | |
PLAN_CAPACITY: 4 | |
PLAN_NAME: 'plan-entities-dev-001' | |
PLAN_SKU: 'F1' | |
SQL_NAME: 'sql-entities-dev-001' | |
SQLDB_NAME: 'sqldb-entities-dev-001' | |
SQLDB_SKU: 'Basic' | |
STORAGE_NAME: 'stentitiesdev001' | |
WORKSPACE_NAME: 'work-entities-dev-001' | |
permissions: | |
id-token: write | |
contents: read | |
security-events: write | |
jobs: | |
development_Stage_deploy_landing_zone: | |
name: 'Deploy landing zone IaC' | |
runs-on: ubuntu-latest | |
environment: development | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: 'Az CLI login' | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy ${{ env.AZURE_RG_NAME }} | |
uses: Azure/[email protected] | |
with: | |
inlineScript: az group create -n ${{ env.AZURE_RG_NAME }} -l ${{ env.AZURE_RG_LOCATION }} | |
# stPRODUCTENVIRONMENT001 | |
- name: Deploy ${{ env.STORAGE_NAME }} | |
uses: azure/arm-deploy@v1 | |
with: | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ env.AZURE_RG_NAME }} | |
template: ${{ env.ARM_PATH }}/st-storageaccount.json | |
parameters: name=${{ env.STORAGE_NAME }} | |
# kv-PRODUCT-ENVIRONMENT-001 | |
- name: Deploy ${{ env.KEYVAULT_NAME }} | |
uses: azure/arm-deploy@v1 | |
with: | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ env.AZURE_RG_NAME }} | |
template: ${{ env.ARM_PATH }}/kv-keyvault.json | |
parameters: name=${{ env.KEYVAULT_NAME }} | |
# work-PRODUCT-ENVIRONMENT-001 | |
- name: Deploy ${{ env.WORKSPACE_NAME }} | |
uses: azure/arm-deploy@v1 | |
with: | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ env.AZURE_RG_NAME }} | |
template: ${{ env.ARM_PATH }}/work-loganalyticsworkspace.json | |
parameters: name=${{ env.WORKSPACE_NAME }} | |
# appi-PRODUCT-ENVIRONMENT-001 | |
- name: Deploy ${{ env.APPINSIGHTS_NAME }} | |
uses: azure/arm-deploy@v1 | |
with: | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ env.AZURE_RG_NAME }} | |
template: ${{ env.ARM_PATH }}/appi-applicationinsights.json | |
parameters: name=${{ env.APPINSIGHTS_NAME }} workName=${{ env.WORKSPACE_NAME }} | |
# plan-PRODUCT-ENVIRONMENT-001 | |
- name: Deploy ${{ env.PLAN_NAME }} | |
uses: azure/arm-deploy@v1 | |
with: | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ env.AZURE_RG_NAME }} | |
template: ${{ env.ARM_PATH }}/plan-appplan.json | |
parameters: name=${{ env.PLAN_NAME }} sku=${{ env.PLAN_SKU }} skuCapacity=${{ env.PLAN_CAPACITY }} | |
# sqldb-PRODUCT-ENVIRONMENT-001 | |
- name: Deploy ${{ env.SQLDB_NAME }} | |
uses: azure/arm-deploy@v1 | |
with: | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ env.AZURE_RG_NAME }} | |
template: ${{ env.ARM_PATH }}/sqldb-sqldatabase.json | |
parameters: name=${{ env.SQLDB_NAME }} sku=${{ env.SQLDB_SKU }} sqlName=${{ env.SQL_NAME }} adminLogin=${{ secrets.SQL_USER }} adminPassword=${{ secrets.SQL_PASSWORD }} |