diff --git a/.azure/modules/api-apiapp.bicep b/.azure/modules/api-apiapp.bicep deleted file mode 100644 index c166ca6..0000000 --- a/.azure/modules/api-apiapp.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@minLength(1) -param planName string - -@minLength(1) -param name string -param appiKey string -param appiConnection string - -@minLength(1) -@allowed([ - 'Development' - 'QA' - 'Staging' - 'Production' -]) -param environmentApp string - -var webSiteName_var = name - -resource webSiteName 'Microsoft.Web/sites@2022-03-01' = { - name: webSiteName_var - kind: 'app' - location: resourceGroup().location - tags: { - 'hidden-related:${resourceGroup().id}/providers/Microsoft.Web/serverfarms/${planName}': 'Resource' - displayName: 'Website' - } - properties: { - name: webSiteName_var - serverFarmId: resourceId('Microsoft.Web/serverfarms', planName) - siteConfig: { - appSettings: [ - { - name: 'APPINSIGHTS_INSTRUMENTATIONKEY' - value: appiKey - } - { - name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' - value: appiConnection - } - { - name: 'ASPNETCORE_ENVIRONMENT' - value: environmentApp - } - ] - } - } -} diff --git a/.azure/modules/api-appservice.bicep b/.azure/modules/api-appservice.bicep index f64597b..92e7dcc 100644 --- a/.azure/modules/api-appservice.bicep +++ b/.azure/modules/api-appservice.bicep @@ -1,7 +1,6 @@ - param name string param location string -param tags object +param tags object = {} @minLength(1) @allowed(['Development', 'QA', 'Staging', 'Production']) param environment string = 'Development' @@ -17,7 +16,7 @@ resource apiResource 'Microsoft.Web/sites@2023-12-01' = { name: name location: location kind: kind - tags: tags + tags: empty(tags) ? null : tags properties: { serverFarmId: planId siteConfig: { @@ -38,6 +37,9 @@ resource apiResource 'Microsoft.Web/sites@2023-12-01' = { ] } } + identity: { + type: 'SystemAssigned' + } } output id string = apiResource.id diff --git a/.azure/modules/appcs-appconfigurationsetting.bicep b/.azure/modules/appcs-appconfigurationsetting.bicep index 11e3a23..4cfa993 100644 --- a/.azure/modules/appcs-appconfigurationsetting.bicep +++ b/.azure/modules/appcs-appconfigurationsetting.bicep @@ -27,7 +27,7 @@ resource name_appcsKeys 'Microsoft.AppConfiguration/configurationStores/keyValue properties: { value: appcsValues[i] contentType: contentType - tags: tags + tags: empty(tags) ? null : tags } }] diff --git a/.azure/modules/appcs-appconfigurationstore.bicep b/.azure/modules/appcs-appconfigurationstore.bicep index 3fcac45..ad3b74c 100644 --- a/.azure/modules/appcs-appconfigurationstore.bicep +++ b/.azure/modules/appcs-appconfigurationstore.bicep @@ -45,7 +45,7 @@ resource name_appcsKeys 'Microsoft.AppConfiguration/configurationStores/keyValue properties: { value: appcsValues[i] contentType: contentType - tags: tags + tags: empty(tags) ? null : tags } dependsOn: [ name_resource diff --git a/.azure/modules/appi-applicationinsights.bicep b/.azure/modules/appi-applicationinsights.bicep index ea6ba8c..b69eb6b 100644 --- a/.azure/modules/appi-applicationinsights.bicep +++ b/.azure/modules/appi-applicationinsights.bicep @@ -1,6 +1,6 @@ param location string -param tags object +param tags object = {} param name string param Application_Type string param Flow_Type string @@ -9,7 +9,7 @@ param workResourceId string resource appiResource 'Microsoft.Insights/components@2020-02-02' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags kind:'web' properties: { Application_Type: Application_Type diff --git a/.azure/modules/bot-botservice.bicep b/.azure/modules/bot-botservice.bicep index 00391b5..26937d7 100644 --- a/.azure/modules/bot-botservice.bicep +++ b/.azure/modules/bot-botservice.bicep @@ -30,7 +30,7 @@ resource keyVaultName 'Microsoft.KeyVault/vaults@2023-07-01' = { family: 'A' name: 'standard' } - accessPolicies: [] + enableRbacAuthorization: true enabledForTemplateDeployment: true } } diff --git a/.azure/modules/func-functionsapp.bicep b/.azure/modules/func-functionsapp.bicep index 8644e14..10de799 100644 --- a/.azure/modules/func-functionsapp.bicep +++ b/.azure/modules/func-functionsapp.bicep @@ -1,7 +1,10 @@ param name string param location string +param tags object = {} param planId string param stName string +param stSubscriptionId string = subscription().subscriptionId +param stResourceGroupName string = resourceGroup().name param appiKey string param appiConnection string param use32BitWorkerProcess bool = true @@ -29,14 +32,17 @@ param funcRuntime string = 'dotnet' ]) param funcVersion int = 4 +param alwaysOn bool = false + resource functionapp 'Microsoft.Web/sites@2023-12-01' = { name: name kind: 'functionapp' location: location - tags: {} + tags: empty(tags) ? null : tags properties: { serverFarmId: planId siteConfig: { + alwaysOn: alwaysOn appSettings: [ { name: 'FUNCTIONS_EXTENSION_VERSION' @@ -56,11 +62,11 @@ resource functionapp 'Microsoft.Web/sites@2023-12-01' = { } { name: 'AzureWebJobsStorage' - value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' + value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(stSubscriptionId, stResourceGroupName, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' } { name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING' - value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' + value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(stSubscriptionId, stResourceGroupName, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' } { name: 'WEBSITE_CONTENTSHARE' @@ -76,7 +82,9 @@ resource functionapp 'Microsoft.Web/sites@2023-12-01' = { } ] use32BitWorkerProcess: use32BitWorkerProcess - } - + } + } + identity: { + type: 'SystemAssigned' } } diff --git a/.azure/modules/kv-keyvault.bicep b/.azure/modules/kv-keyvault.bicep index 53a721f..88187b7 100644 --- a/.azure/modules/kv-keyvault.bicep +++ b/.azure/modules/kv-keyvault.bicep @@ -1,31 +1,27 @@ -@description('Name of the Key Vault. (kv)') -@minLength(3) -@maxLength(24) -param name string - +param name string param location string - param sku string - param tenantId string - -param tags object +param tags object = {} +param accessPolicies array = [] +param enableRbacAuthorization bool = true resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { enabledForDeployment: true enabledForDiskEncryption: true enabledForTemplateDeployment: true tenantId: tenantId - publicNetworkAccess:'Enabled' - accessPolicies: [] + publicNetworkAccess: 'Enabled' sku: { name: sku family: 'A' - } + } + accessPolicies: accessPolicies == [] && enableRbacAuthorization == true ? null : accessPolicies + enableRbacAuthorization: enableRbacAuthorization networkAcls: { defaultAction: 'Allow' bypass: 'AzureServices' diff --git a/.azure/modules/plan-appserviceplan.bicep b/.azure/modules/plan-appserviceplan.bicep index c6a295d..86c6511 100644 --- a/.azure/modules/plan-appserviceplan.bicep +++ b/.azure/modules/plan-appserviceplan.bicep @@ -2,13 +2,13 @@ param name string param location string param sku string -param tags object +param tags object = {} -resource planResource 'Microsoft.Web/serverfarms@2023-12-01' = { +resource planResource 'Microsoft.Web/serverfarms@2023-01-01' = { name: name kind:'Windows' location: location - tags: tags + tags: empty(tags) ? null : tags properties: { reserved: false } diff --git a/.azure/modules/rg-resourcegroup.bicep b/.azure/modules/rg-resourcegroup.bicep index c24df75..d71eb61 100644 --- a/.azure/modules/rg-resourcegroup.bicep +++ b/.azure/modules/rg-resourcegroup.bicep @@ -2,10 +2,10 @@ targetScope='subscription' param name string param location string -param tags object +param tags object = {} resource rgResource 'Microsoft.Resources/resourceGroups@2024-03-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags } diff --git a/.azure/modules/sql-sqlserver.bicep b/.azure/modules/sql-sqlserver.bicep index 88aa05c..9bfb674 100644 --- a/.azure/modules/sql-sqlserver.bicep +++ b/.azure/modules/sql-sqlserver.bicep @@ -4,7 +4,7 @@ param name string param location string = resourceGroup().location -param tags object +param tags object = {} @minLength(1) @maxLength(60) @@ -24,7 +24,7 @@ var nameLower = toLower(name) resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = { name: nameLower location: location - tags: tags + tags: empty(tags) ? null : tags properties: { administratorLogin: adminLogin administratorLoginPassword: adminPassword diff --git a/.azure/modules/sql-sqlserverdatabase.bicep b/.azure/modules/sql-sqlserverdatabase.bicep index 81ecc0d..f5c95a3 100644 --- a/.azure/modules/sql-sqlserverdatabase.bicep +++ b/.azure/modules/sql-sqlserverdatabase.bicep @@ -3,7 +3,7 @@ @maxLength(60) param name string param location string = resourceGroup().location -param tags object +param tags object = {} @minLength(1) @maxLength(60) param adminLogin string @@ -17,6 +17,7 @@ param endIpAddress string = '0.0.0.0' @minLength(1) @maxLength(60) param sqldbName string +param sqlCapacity int = 5 param collation string = 'SQL_Latin1_General_CP1_CI_AS' @allowed([ 'Basic' @@ -24,13 +25,12 @@ param collation string = 'SQL_Latin1_General_CP1_CI_AS' 'Premium' ]) param sku string = 'Basic' -param sqlCapacity int = 5 param maxSizeBytes int = 1073741824 resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { administratorLogin: adminLogin administratorLoginPassword: adminPassword @@ -47,6 +47,7 @@ resource sqlServerFirewall 'Microsoft.Sql/servers/firewallRules@2023-08-01-previ } output id string = sqlServer.id +output name string = sqlServer.name resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = { parent: sqlServer @@ -57,14 +58,12 @@ resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = { } sku: { name: sku - tier: sku // (e.g., Basic, GeneralPurpose, BusinessCritical) - //family: 'skuFamily' // e.g., Gen4, Gen5) - capacity: sqlCapacity // (e.g., 5) + tier: sku // Replace with the desired SKU tier (e.g., Basic, GeneralPurpose, BusinessCritical) + //family: 'skuFamily' // Replace with the desired SKU family (e.g., Gen4, Gen5) + capacity: sqlCapacity // Replace with the desired capacity (e.g., 1, 2, 4) } properties: { collation: collation maxSizeBytes: maxSizeBytes } } - -output sqldbId string = sqlDatabase.id diff --git a/.azure/modules/sqldb-sqldatabase.bicep b/.azure/modules/sqldb-sqldatabase.bicep index 5d65f03..92726fa 100644 --- a/.azure/modules/sqldb-sqldatabase.bicep +++ b/.azure/modules/sqldb-sqldatabase.bicep @@ -2,7 +2,7 @@ @maxLength(60) param name string param location string = resourceGroup().location -param tags object +param tags object = {} @description('Sku for the database') @allowed([ 'Basic' @@ -18,7 +18,7 @@ param sqlName string resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-08-01-preview' = { name: '${sqlName}/${name}' location: location - tags: tags + tags: empty(tags) ? null : tags sku: { name: sku tier: sku // (e.g., Basic, GeneralPurpose, BusinessCritical) diff --git a/.azure/modules/st-storageaccount.bicep b/.azure/modules/st-storageaccount.bicep index 41abbd6..113208c 100644 --- a/.azure/modules/st-storageaccount.bicep +++ b/.azure/modules/st-storageaccount.bicep @@ -1,16 +1,12 @@ -@description('Name of the Storage Account. (st)') -@minLength(3) -@maxLength(24) -param name string - param location string -param tags object +param tags object = {} +param name string param sku string resource stResource 'Microsoft.Storage/storageAccounts@2023-01-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags sku: { name: sku } diff --git a/.azure/modules/stapp-staticwebapp.bicep b/.azure/modules/stapp-staticwebapp.bicep index 44eeb0a..0620df5 100644 --- a/.azure/modules/stapp-staticwebapp.bicep +++ b/.azure/modules/stapp-staticwebapp.bicep @@ -13,12 +13,23 @@ param sku string = 'Free' @description('Tags to add to the resources') param tags object = {} -resource name_resource 'Microsoft.Web/staticSites@2023-12-01' = { +@description('Git Repository URL') +param repositoryUrl string + +@description('Git Branch') +param branch string = 'main' + +resource name_resource 'Microsoft.Web/staticSites@2022-09-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags sku: { tier: sku name: sku } + properties: { + repositoryUrl: repositoryUrl + branch: branch + } } + diff --git a/.azure/modules/wcert-webcertificate.bicep b/.azure/modules/wcert-webcertificate.bicep index e20e2d3..a38c345 100644 --- a/.azure/modules/wcert-webcertificate.bicep +++ b/.azure/modules/wcert-webcertificate.bicep @@ -1,5 +1,5 @@ param name string -param tags object +param tags object = {} param password string param keyVaultId string param keyVaultSecretName string @@ -14,7 +14,7 @@ var location = resourceGroup().location resource name_resource 'Microsoft.Web/certificates@2023-12-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { hostNames: [ hostnames diff --git a/.azure/modules/web-appservice.bicep b/.azure/modules/web-appservice.bicep new file mode 100644 index 0000000..a5d2485 --- /dev/null +++ b/.azure/modules/web-appservice.bicep @@ -0,0 +1,48 @@ +param name string +param location string +param tags object = {} +@allowed(['Development', 'QA', 'Staging', 'Production']) +param environment string = 'Development' +param appiKey string +param appiConnection string +param planId string +@allowed(['api', 'app', 'app,linux', 'functionapp', 'functionapp,linux']) +param kind string = 'app' +@allowed(['v4.8', 'v6.0', 'v7.0', 'v8.0', 'v9.0']) +param dotnetVersion string = 'v8.0' + +resource webAppResource 'Microsoft.Web/sites@2023-12-01' = { + name: name + location: location + kind: kind + tags: empty(tags) ? null : tags + properties: { + serverFarmId: planId + siteConfig: { + netFrameworkVersion: dotnetVersion + appSettings: [ + { + name: 'APPINSIGHTS_INSTRUMENTATIONKEY' + value: appiKey + } + { + name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' + value: appiConnection + } + { + name: 'ASPNETCORE_ENVIRONMENT' + value: environment + } + { + name: 'WEBSITE_RUN_FROM_PACKAGE' + value: '1' + } + ] + } + } + identity: { + type: 'SystemAssigned' + } +} + +output id string = webAppResource.id diff --git a/.azure/modules/web-webapp.bicep b/.azure/modules/web-webapp.bicep deleted file mode 100644 index a8163af..0000000 --- a/.azure/modules/web-webapp.bicep +++ /dev/null @@ -1,21 +0,0 @@ -@minLength(1) -@maxLength(60) -param name string - -@minLength(1) -@maxLength(60) -param planName string - -resource name_resource 'Microsoft.Web/sites@2023-12-01' = { - name: name - location: resourceGroup().location - tags: { - 'hidden-related:${resourceGroup().id}/providers/Microsoft.Web/serverfarms/${planName}': 'Resource' - displayName: 'Website' - } - properties: { - name: name - serverFarmId: resourceId('Microsoft.Web/serverfarms', planName) - } - dependsOn: [] -} diff --git a/.azure/modules/work-loganalyticsworkspace.bicep b/.azure/modules/work-loganalyticsworkspace.bicep index 28e65ad..53372c2 100644 --- a/.azure/modules/work-loganalyticsworkspace.bicep +++ b/.azure/modules/work-loganalyticsworkspace.bicep @@ -1,16 +1,17 @@ param name string param location string param sku string -param tags object +param tags object = {} resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { sku: { name: sku } + retentionInDays: 30 } } diff --git a/.azure/templates/landingzone-appservice.bicep b/.azure/templates/landingzone-appservice.bicep deleted file mode 100644 index 7c8e853..0000000 --- a/.azure/templates/landingzone-appservice.bicep +++ /dev/null @@ -1,80 +0,0 @@ -targetScope='resourceGroup' - -// Common -param tenantId string = tenant().tenantId -param location string = resourceGroup().location -param sharedSubscriptionId string = subscription().subscriptionId -param sharedResourceGroupName string -param environmentApp string -param tags object -// Azure Monitor -param appiName string -param Application_Type string -param Flow_Type string -// Key Vault -param kvName string -param kvSku string -// Storage Account -param stName string -param stSku string -// App Service -param planName string -param appName string -// workspace -param workName string - -resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { - name: workName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module appiModule '../modules/appi-applicationinsights.bicep' = { - name: 'appiModuleName' - params:{ - location: location - tags: tags - name: appiName - Application_Type: Application_Type - Flow_Type: Flow_Type - workResourceId: workResource.id - } -} - -module kvModule '../modules/kv-keyvault.bicep'= { - name:'kvModuleName' - params:{ - location: location - tags: tags - name: kvName - sku: kvSku - tenantId: tenantId - } -} - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { - name: planName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module apiModule '../modules/api-appservice.bicep' = { - name: 'apiModuleName' - params:{ - name: appName - location: location - tags: tags - environment: environmentApp - appiKey:appiModule.outputs.InstrumentationKey - appiConnection:appiModule.outputs.Connectionstring - planId: planResource.id - } -} diff --git a/.azure/templates/landingzone-appservicesql.bicep b/.azure/templates/landingzone-appservicesql.bicep index 5cc2594..443c399 100644 --- a/.azure/templates/landingzone-appservicesql.bicep +++ b/.azure/templates/landingzone-appservicesql.bicep @@ -92,11 +92,10 @@ module sqlModule '../modules/sql-sqlserverdatabase.bicep' = { params:{ name: sqlName location: location - tags: tags + tags: tags adminLogin: sqlAdminUser adminPassword: sqlAdminPassword sqldbName: sqldbName sku: sqldbSku } } - diff --git a/.azure/templates/landingzone-shared.bicep b/.azure/templates/landingzone-shared.bicep index b53be4e..5f2d4ba 100644 --- a/.azure/templates/landingzone-shared.bicep +++ b/.azure/templates/landingzone-shared.bicep @@ -1,8 +1,8 @@ targetScope='resourceGroup' // Common -param location string = resourceGroup().location param tags object +param location string // Workspace param workName string param workSku string @@ -15,7 +15,7 @@ module workModule '../modules/work-loganalyticsworkspace.bicep' = { params: { name: workName location: location - tags: tags + tags: tags sku: workSku } } diff --git a/.azure/variables/landingzone-appservice-development.bicepparam b/.azure/variables/landingzone-appservice-development.bicepparam deleted file mode 100644 index 8b7eb8a..0000000 --- a/.azure/variables/landingzone-appservice-development.bicepparam +++ /dev/null @@ -1,30 +0,0 @@ -using '../templates/landingzone-appservice.bicep' -// Common -var organizationName = 'gtc' -var productName = 'semkernel' -var subscriptionName = 'devtest' -var environmentIac = 'dev' -param environmentApp = 'Development' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-002' -param kvSku = 'standard' - -// App Service -var planSku = 'F1' -param appName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-appservice-production.bicepparam b/.azure/variables/landingzone-appservice-production.bicepparam deleted file mode 100644 index 6c81cfe..0000000 --- a/.azure/variables/landingzone-appservice-production.bicepparam +++ /dev/null @@ -1,30 +0,0 @@ -using '../templates/landingzone-appservice.bicep' -// Common -var organizationName = 'gtc' -var productName = 'semkernel' -var subscriptionName = 'production' -var environmentIac = 'prod' -param environmentApp = 'Production' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-002' -param kvSku = 'standard' - -// App Service -var planSku = 'F1' -param appName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml b/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml index e867c83..f8e3c99 100644 --- a/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml +++ b/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml @@ -7,12 +7,18 @@ on: paths: - .github/workflows/gtc-rg-semkernel-api-ci-cd.yml - src/** + - .github/workflows/gtc-rg-semkernel-iac.yml + - .azure/**/*.bicep + - .azure/**/*.bicepparams push: branches: - - main + - main paths: - - .github/workflows/gtc-rg-semkernel-api-ci-cd.yml - - src/** + - .github/workflows/gtc-rg-semkernel-api-ci-cd.yml + - src/** + - .github/workflows/gtc-rg-semkernel-iac.yml + - .azure/**/*.bicep + - .azure/**/*.bicepparams workflow_dispatch: inputs: environment: diff --git a/.github/workflows/gtc-rg-semkernel-iac.yml b/.github/workflows/gtc-rg-semkernel-iac.yml index f6be173..78fba74 100644 --- a/.github/workflows/gtc-rg-semkernel-iac.yml +++ b/.github/workflows/gtc-rg-semkernel-iac.yml @@ -94,5 +94,4 @@ jobs: uses: Azure/cli@v2.1.0 with: inlineScript: | - az deployment group create --resource-group ${{ env.PRODUCT_RG_NAME }} --template-file ${{ env.PRODUCT_BICEP_TEMPLATE }} --parameters ${{ env.PRODUCT_BICEP_PARAMETERS }} --parameters sqlAdminUser=${{ secrets.SQL_ADMIN_USER }} sqlAdminPassword=${{ secrets.SQL_ADMIN_PASSWORD }} - az keyvault set-policy --name '${{ env.KEYVAULT_NAME }}' --object-id ${{ secrets.AZURE_SERVICE_PRINCIPAL_OBJECTID }} --secret-permissions get list + az deployment group create --resource-group ${{ env.PRODUCT_RG_NAME }} --template-file ${{ env.PRODUCT_BICEP_TEMPLATE }} --parameters ${{ env.PRODUCT_BICEP_PARAMETERS }} --parameters sqlAdminUser=${{ secrets.SQL_ADMIN_USER }} sqlAdminPassword=${{ secrets.SQL_ADMIN_PASSWORD }} \ No newline at end of file