------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ 𝔸🌎▦▌RSRC▐:▦ 🧊💪 💻🌐 💻⌨ ⌨ ▦ ⎆ 📂 ✎ ˽ 📤 📥 ▌RSRC▐ 📄 📑 📓 📰 ⏺ ⮂ 🔄 ⏪ 🔻 ✅ 🟩 😼 🤖 🔍 ⏳ 💠 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ 💻💪⌨.VSC ⮂ Connect-AzAccount 💻💪⌨.VSC ⮂ az deployment group show --resource-group 💻💪⌨.VSC ⮂ New-AzResourceGroupDeployment -Name "deployment123" -ResourceGroupName rg123 -TemplateFile .\template123.bicep 💠 💻💪⌨.VSC ⮂ az deployment group create --what-if --resource-group my-rg --template-file template123.bicep --parameters @parameters.json --debug --verbose 💠 💻💪⌨.VSC ⮂ az deployment group show --resource-group rg123 --name resnamevmstoetc 💠 💻💪⌨.VSC ⮂ az deployment operation group list --resource-group rg123 --name deployment123 💠 💻💪⌨.VSC ⮂ az ad sp create-for-rbac --name "gh-spn-123" --role contributor --scopes /subscription/ --sdk-auth 💠😼 💻💪⌨.VSC ⮂ az deployment sub create --name '' --template-file .\main.bicep 💠 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ 💻🐳⌨.VSC ⮂ docker images 💻🐳⌨.VSC ⮂ docker search --filter is-official=true httpd 💻🐳⌨.VSC ⮂ docker image history httpd 💻🐳⌨.VSC ⮂ docker image inspect 💻🐳⌨.VSC ⮂ docker ps -a 💻🐳⌨.VSC ⮂ docker run --name httpdrun -dit httpd bash 💻🐳⌨.VSC ⮂ docker ps -a 💻🐳⌨.VSC ⮂ $dockid = $(docker ps -a -q --filter "name=httpdrun") 💻🐳⌨.VSC ⮂ docker attach $dockid 💻🐳⌨.VSC ⮂ docker start $dockid 💻🐳⌨.VSC ⮂ docker stop $dockid 💻🐳⌨.VSC ⮂ docker rm $dockid 💻🐳📑.VSC ⮂ dockerfile ::: FROM httpd ⎆ RUN rm /usr/local/apache2/htdocs/* ⎆ COPY /website /usr/local/apache2/htdocs/ 💻🐳⌨.VSC ⮂ Set-Location app123 💻🐳⌨.VSC ⮂ docker build -t app123 . 💻🐳⌨.VSC ⮂ docker history app123 💻🐳⌨.VSC ⮂ docker images 💻🐳[].VSC ⮂ docker run -dit --name app123-app -p 80:80 app123 🌐127.0.0.1📰🔄 💻🐳[].VSC ⮂ $dockid = $(docker ps -a -q --filter "name=app123-app") 💻🐳[].VSC ⮂ docker rm app123 💻🐳[].VSC ⮂ docker network ls 💻🐳[].VSC ⮂ docker network inspect bridge 💻🐳[].VSC ⮂ az acr login --name app123 💻🐳[].VSC ⮂ az container list --output table 💻🐳[].VSC ⮂ az container exec -g rg-aci123 --name app123 --container-name app123 --exec-command "/bin/bash" 💻🐳[].VSC ⮂ docker login 💻🐳[].VSC ⮂ docker images 💻🐳[].VSC ⮂ docker tag app123 adminahb.azurecr.io/images/app123 💻🐳[].VSC ⮂ docker push adminahb.azurecr.io/images/app123 💠 💻🐳[].VSC ⮂ docker pull adminahb.azurecr.io/images/app123 💻🐳[].VSC ⮂ docker image history adminahb.azurecr.io/images/app123 💻🐳[].VSC ⮂ docker rmi adminahb.azure.io/images/app123 💻🐳[].VSC ⮂ docker rmi app123 💻🐳[].VSC ⮂ docker rmi httpd 𝔸🌎🧊[].▦ ⮂ [workloads] : deployments | pods | replica sets | stateful sets | daemon sets | jobs | cron jobs 💻🧊[].VSC ⮂ az aks get-credentials --resource-group rg-aks123 --name aksc1n2i3 💻🧊[].VSC ⮂ az aks show --resource-group rg-aks123 --name aksc1n2i3 --query servicePrincipalProfile.clientId 💻🧊[].VSC ⮂ az ad sp show --id (az aks show --resource-group rg-aks123 --name aksc1n2i3 --query servicePrincipalProfile.clientId) 💠 💻🧊[].VSC ⮂ az aks install-cli 💻🧊[].VSC ⮂ kubectl cluster-info 💻🧊[].VSC ⮂ kubectl get namespace 💻🧊[].VSC ⮂ kubectl get nodes 💻🧊[].📑 ⮂ aksapp123.yaml # containers: ⎆ -name:aksapp123 ⎆ image:adminahb.azurecr.io/images/app123 ⎆ -containerPort:80 ⎆ 💠 💻🧊[].VSC ⮂ kubectl apply -f aksapp123.yaml 💠 💻🧊[].VSC ⮂ kubectl get pods -o wide 💻🧊[].VSC ⮂ kubectl get pods --show-labels 💻🧊[].VSC ⮂ kubectl get service 💻🧊[].VSC ⮂ kubectl describe svc aksapp123 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ ⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⏺ ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ 💻🧊[].bash ⮂ npx create-next-app --example with-docker repodirapp123 🌐 127.0.0.1:3000 💻🧊[].bash ⮂ docker run -p 3000:3000 repodirapp123 🌐 127.0.0.1:3000 𝔸🌎 ⮂ {+} container registry ▦ adminahb.azurecr.io 💻🧊[].VSC ⮂ az login 💻🧊[].VSC ⮂ az acr login --name adminahb 💻🧊[].VSC ⮂ docker buildx build \ ⎆ --platform linux/amd64 \ ⎆ -t adminahb.azurecr.io/repoapp123:v1 \ ⎆ --push . ⮂ 𝔸🌎🔍container registry🔍Login Server 💻🧊[].VSC ⮂ az acr repository list \ ⎆ --name repoapp123 \ --output table ⎆ 💻🧊[].VSC ⮂ az acr repository show-tags --name repoapp123 \ ⎆ --repository repoapp123 \ ⎆ --output table ⎆ ⮂ 𝔸🌎🔍container registry🔍services🔍repositories 𝔸🌎 ⮂ {+} kubernetes cluster ▦ node pools ▦ access ▦ networking ▦ integrations 💻🧊[].VSC ⮂ az aks install-cli 💻🧊[].VSC ⮂ az aks get-credentials --resource-group repoapp123 \ ⎆ --name repoapp123 💻🧊[].VSC ⮂ kubectls get nodes 💻🧊[].VSC ⮂ k9 # k9scli.io # ⌨: pods⎆ # ⌨: deployment 💻🧊[].VSC ⮂ code . 💻🧊[].VSC ⮂ {+} 📑 deployment.yml # specs: template: spec: containers -container port 💻🧊[].VSC ⮂ kubectl apply -f deployment.yml # k9s 💻🧊[].VSC ⮂ az aks update -n repoapp123 -g repoapp123 --attach-acr repoapp123 💻🧊[].VSC ⮂ {+} 📑 service.yml # specs: type: LoadBalancer selector: app: nextjs-docker 💻🧊[].VSC ⮂ kubectl apply -f deployment.yml # k9s # labels: app=nextjs-docker status: Running IP: 10. 💻🧊[].VSC ⮂ kubectl apply -f service.yml ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ ⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⏺ ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ 💻🌐 winget install --exact --id Microsoft.AzureCLI 💻⌨ az login 💻⌨ az login --tenant 💻⌨ az bicep install 💻⌨ az bicep version 🧊💪 Bicep 💻⌨ [].bicep ⌨res▦[CTRL][space] ⌨res-st▦ 💻⌨ [].bicep ⌨resource any~name~storage~account 'Microsoft.Sto@[CTRL][space]' 💻⌨ [].bicep ⌨ name 'name' ⌨ name 'name123' 💻⌨ [].bicep ⌨resource ' 💻⌨ az login 💻⌨ az account show 💻⌨ az account set --subscription "" 💻⌨ az bicep build -f .\template.bicep 💻⌨ az deployment group create --resource-group template-rg --name deploy1 --template-file template.bicep --verbose --debug 💠 𝔸🌎▦▌STO_ACC▐: 📂Data_management--📂Static_website✅Enabled✎index_document_name 𝔸🌎▦▌STO_ACC▐: 📂Data_storage--📂$web📤index.html 𝔸🌎▦▌STO_ACC▐: 📂Automation--📂Export_template📥 💻⌨ [].💪 ⌨param˽nameofparam˽string = 'property~value~string' 💻⌨ [].💪 ⌨param˽nameofparam˽|array|bool|int|object|resourceInput|resourceOutput| 💻⌨ [].💪 ⌨@description('parameter~desc') 💻⌨ [].💪 ⌨@allowed(['property~value1' ⎆ 'property~value2']) 💻⌨ [].💪 ⌨param abcdefg string 💻⌨ [].💪 ⌨param abcdefg string = 'string123' 💻⌨ [].💪 ⌨resource res123 'M.res/'= { abcdefg: abcdefg } ▦ name~of~the~parameter:name~of~the~parameter 💻⌨ az deployment group create --name deploy1 --resource-group template-rg --template-file .\template.bicep --parameters abcdefg='value123' 💠 💻⌨ 📄 [parameter].json ⌨ ▦schema|"parameters":{"name~of~the~parameter":{"value":"value~of~the~parameter"}} 💻⌨ az deployment group create --name deploy1 --resource-group template-rg --template-file .\template.bicep --parameters .\parameters.json 💠 💻⌨ [].💪 var variable_123 = 'variable_123_value' 💻⌨ [].💪 var variable_123 = { azure_property: 'azure~property~value ⎆ azure_property2:['value1',⎆'value2'] } 💻⌨ [].💪 var variable_123 = 'part1' 💻⌨ [].💪 var variable_456 = '${variable_123}${otherfunction()}' 💻⌨ [].💪 param˽array_param_1˽array = [] 💻⌨ [].💪 variable_name = 'variable_value' 💻⌨ [].💪 variable_name = { property1: 'azpropvalue1' ⎆ property2: [⎆'value1',⎆'value2'⎆] ⎆ property3: [⎆'class/url']} 💻⌨ [].💪 variable_name = '${other_variable}${uniqueString(resourceGroup().name)}' 📑.json # "variable_name":"[format('{0}{1}',variables('other_variable'),uniqueString(resourceGroup().name))]" 💻⌨ [].💪 output˽output_id1˽string = res123.id|kind|location|name|properties|sku|tags|type 💻⌨ [].💪 output˽output_id1˽string = res123.properties.accessTier|allowBlobPublicAccess|customDomain|encryption ⭕ L➿ps 💻⌨ [].💪 var res_123 = [{ name:'nameofres123' ⎆ location:'locationofres123'} { name:'2ndnameofres123' ⎆ location:'2ndlocationofres123' }] 💻⌨ [].💪 resource res123 'ms.class/' = [for i in res_123: {⎆ name: i.name ⎆ location: i.location}] ⮂ ▦for|for-filtered|if|required-properties|{} 📑.json # "name": "[variables('res_123')[copyIndex()].name]" , ⎆ "location": "[variables('res_123')[copyIndex()].location]" , 💻⌨ [].💪 resource res123 'ms.class/' = [for (i,index) in res_123: { ⎆ name: '${i.name-index}' ⎆ location: i.location}] 💻⌨ [].💪 resource res123 'ms.class/' = [for (i,index) in res_123: if(location == i.location) { ⎆ name: '${i.name-index' ⎆ location: i.location}] 💻⌨ [].💪 resource res123 'ms.class/' = [for (item,index) in items(res_123): { name: item.key ⎆ location: item.value.location }] 💻⌨ [].💪 resource res123 'ms.class/' = [for (item,index) in items(res_123): if(location == item.value.location) { name: item.key ⎆ location: item.value.location }] 💻⌨ [].💪 param srvc_name = '${uniqueString(resourceGroup().name)}-srvc123 💻⌨ [].💪 resource res123 'ms.class/' existing = if(param_123 != '') { ⎆ name: '${param_456}/${param123}' ⎆ } 💻⌨ [].💪 ⮂ parent: resource_1234 ⎆ ⮂ properties:{ ⎆ ▦prop~ResourceId: res_123.id } ⮂ 𝔸🌎▦▌RSRC▐ 💻⌨ [].💪 ⮂ dependsOn: [ ⎆ resource_1234 ⎆ ] res_123-->▌resource_1234▐<---res_456 💻⌨ [].💪 param one string '1' ⎆ param two string '2' ⎆ output onetwo string '${one} ${two}' ⮂ 📄module.💪 💠 💻⌨ [].💪 m▦|module keyword| ⮂ module module_123 'module.bicep' = { ⎆ name: 'mod1' ⎆ params { one: '5' ⎆ two: '6' }} 💻⌨ az bicep build -f .\module.bicep ⮂ az bicep build -f .\main.bicep 💻⌨ [].💪 ⮂ output myonetwo string = module_123.outputs.onetwo 💠 💻⌨ [].💪 ⮂ resource rg7 'ms.Res/rg' existing = { ⎆ name: '789-rg' ⎆ scope: subscription() } ⏺ 💻⌨ [].💪 ⮂ module mod789 'module.bicep' = { name: 'mod_789' ⎆ scope: rg7 } ⏺ 😼⌨ 🟩code🟩 github.com/owner123/repo123.git 💻⌨ [].VSC ⮂ clone😼repo ⮂ repo123.git [open] [VSC][explorer][+📄]file.bicep 💻⌨ [].VSC ⮂ git add . ⎆ git commit -am "adding file.bicep" ⎆ git push 😼⌨ [code] main/repo123/file.bicep 😼⌨ [Actions] ⮂ [Simple workflow][configure] ⮂ owner123/repo123/.github/workflows/blank.yml 😼⌨ 📑.yml ⮂ on ⮂ push: branches:[main] pull_req: ⮂ workflow_dispatch: ⮂ jobs: ⮂ build: ⮂ runs-on: 😼⌨ 📑.yml ⮂ steps: ⎆ - uses: actions/checkout@v2 ⎆ -name: step123 ⎆ run: echo step123 😼⌨ 🟩Start commit🟩Commit new file🟩 😼⌨ 🟩code🟩 [Marketplace]🔍:az˽login ⮂ Azure Login (byAzure✅):yml code 💻⌨ [].VSC ⮂ az ad sp create-for-rbac --name "gh spn az bicep" --role contributor --scopes /sub/subid --sdk-auth 💠 😼⌨ Settings|Secrets|name[AZ_SPN_CRED][Value| cliendId ⎆ clientSecret ⎆ subsId ⎆ tenantId ⎆ actDirEPurl ⎆ rmUPurl |||]🟩add_secret 😼⌨ 📑.yml ⮂ steps: - uses: actions/checkut@v2 ⎆ - name: azurelogin ⎆ uses: Azure/login@v1 ⎆ with: ⎆ creds: ${{ secrets.AZ_SPN_CRED }} 💠 😼⌨ 📑.yml ⮂ steps: - name: azure_bicep_deploy ⎆ uses: Azure/login@v1 ⎆ working-directory: '{github.workspace}/folder/bicep' 💻⌨ [].VSC ⮂ -name: azure_bicep_deploy ⎆ run:| ⎆ az deployment group create --resource-group my-rg --template-file template.bicep 💻⌨ [].VSC ⮂ git commit -am "azure_bicep_deploy" ⎆ git push 💻⌨ [].VSC ⮂ 📑.yml -name: azure_bicep_deploy ⎆ run:| ⎆ az deployment group create --what-if --resource-group my-rg --template-file template.bicep 💠 💻⌨ [].VSC ⮂ 📑.yml ⮂ deploy: ⎆ name: ⎆ runs-on: ⎆ needs: [build] ⎆ environment: dev 💻⌨ [].VSC ⮂ git commit -am "azure_bicep_deploy" ⎆ git push 💻⌨ [].VSC ⮂ template.bicep # change a param 😼⌨ ✅ 🟩💪bicep_build 🟩💪bicep_deploy ⏺ 😼⌨[Settings][Environments][✅]Required_reviewers 😼⌨ ✅ 🟩💪bicep_build ⏳!💪bicep_deploy ⏺ 🟩APPROVe_and_Deploy🟩> ✅ 🟩💪bicep_build 🟩💪bicep_deploy ⏺ 😼⌨ ⎆ run:| ⎆ az deployment group create --what-if --resource-group my-rg --template-file template.bicep --parameters @parameters.json 💠 💻⌨ [].💪 ⮂ targetScope = 'resourceGroup' ... module res123 'module.bicep' = { name : 'res123' ⎆ scope: resourceGroup() } 💻⌨ [].💪 ⮂ targetScope = 'subscription' ... module res123 'module.bicep' = { name : 'res123' ⎆ scope: resourceGroup(newgroup123.name) } ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ ⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⮂⏺ ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺ 🔻💾 main.bicep // // main.bicep #### // // main.bicep invokes vm.bicep module // main.bicep iterates and creates 3 VMs via vm.bicep module // param location string = resourceGroup().location param vmBaseName string = 'programaticVMloop' @secure() param adminUsername string @secure() param adminPassword string param vnetName string param subnetName string param vmCount int = 3 // Loop to deploy VMs var vmIndices = [for i in range(0, vmCount): i] module vmsArray 'vm.bicep' = [for i in vmIndices: { name: 'vm${i}' params: { vmName: '${vmBaseName}${i}' adminUsername: adminUsername adminPassword: adminPassword location: location vnetName: vnetName subnetName: subnetName } }] 🔻💾 vm.bicep // // vm.bicep #### // // vm.bicep modules is consumed by main.bicep // vm.bicep creates Virtual Machines with variable and dynamic names // vm.bicep is intended to be consumed programmatically and iteratively // vm.bicep creates VNET + Subnet + IP Address Space + VM Public IP + NIC + VM // param vmName string @secure() param adminUsername string @secure() param adminPassword string param location string param vnetName string = 'myVnet' param subnetName string = 'default' // Virtual Network with Subnet resource vnet 'Microsoft.Network/virtualNetworks@2024-07-01' = { name: vnetName location: location properties: { addressSpace: { addressPrefixes: [ '10.0.0.0/16' ] } subnets: [ { name: subnetName properties: { addressPrefix: '10.0.0.0/24' } } ] } } // Public IP address with Standard SKU, Static allocation resource pip 'Microsoft.Network/publicIPAddresses@2024-05-01' = { name: '${vmName}-pip' location: location properties: { publicIPAllocationMethod: 'Static' } sku: { name: 'Standard' tier: 'Regional' } } // Network Interface depending on VNet/subnet and PIP resource nic 'Microsoft.Network/networkInterfaces@2024-07-01' = { name: '${vmName}-nic' location: location properties: { ipConfigurations: [ { name: 'ipconfig1' properties: { subnet: { id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetName) } privateIPAllocationMethod: 'Dynamic' publicIPAddress: { id: pip.id } } } ] } } // Virtual Machine resource vm 'Microsoft.Compute/virtualMachines@2024-11-01' = { name: vmName location: location properties: { hardwareProfile: { vmSize: 'Standard_B1s' } osProfile: { computerName: vmName adminUsername: adminUsername adminPassword: adminPassword windowsConfiguration: { provisionVMAgent: true enableAutomaticUpdates: true } } storageProfile: { imageReference: { publisher: 'MicrosoftWindowsServer' offer: 'WindowsServer' sku: '2016-Datacenter-smalldisk' version: 'latest' } osDisk: { createOption: 'FromImage' } } networkProfile: { networkInterfaces: [ { id: nic.id } ] } } } 🔻💾 dev.parameters.json { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { "location": { "value": "eastus" }, "vmBaseName": { "value": "demoVM" }, "vnetName": { "value": "myVnet" }, "subnetName": { "value": "default" }, "vmCount": { "value": 3 } } } 🔻💾 deploy.yml # # deploy.yml #### # # deploy.yml deploys the VMs + all associated resources/features created by vm.bicep when consumed/invoked by main.bicep # deploy.yml relies on 5 GitHub Environment Secrets : SUBSCRIPTION_ID + TENANT_ID + CLIENT_ID + VM_ADMIN_PASSWORD + VM_ADMIN_NAME # # CLIENT_ID : An Azure Managed Identity is used to deploy to GitHub # Below steps show what needs to be done before committing and pushing from VSCode # # $managedIdentityName = "bicep-demo-deploy-federation" # $subscriptionID = "" # az account show # portal.azure.com # $resourceGroupName = "VMs-via-BICEP-programmatic-iterative" # New-AzResourceGroup -Name "managed-identity" -Location "eastus" # Register-AzResourceProvider -ProviderNamespace Microsoft.ManagedIdentity # $managedIdentity = New-AzUserAssignedIdentity -Name $managedIdentityName -ResourceGroupName managed-identity -Location eastus # New-AzResourceGroup -Name $resourceGroupName -Location eastus # $roleAssignment = New-AzRoleAssignment -ObjectId $managedIdentity.PrincipalId -RoleDefinitionName "Contributor" -Scope "/subscriptions/${subscriptionID}/resourceGroups/${resourceGroupName}" # $githubOrganization = "agustinborrajo" # $environmentName = "deploy" # $repoName = "VMs-via-BICEP-programmatic-iterative" # $subjectUri = "repo:${githubOrganization}/${repoName}:environment:${environmentName}" # New-AzFederatedIdentityCredential -ResourceGroupName managed-identity -IdentityName $managedIdentity.name -Name bicep-demo-federation -Issuer "https://token.actions.githubusercontent.com" -Subject $subjectUri # $managedIdentity.ClientID # name: Bicep Deploy on: push: branches: - master permissions: id-token: write contents: read jobs: Bicep-deploy: name: Run Azure Bicep Deployment runs-on: ubuntu-latest environment: deploy steps: - name: Checkout uses: actions/checkout@v4 - name: Login to Azure uses: azure/login@v2 with: client-id: ${{ secrets.CLIENT_ID }} tenant-id: ${{ secrets.TENANT_ID }} subscription-id: ${{ secrets.SUBSCRIPTION_ID }} enable-AzPSSession: true - name: Deploy Bicep uses: Azure/cli@v2 with: azcliversion: latest inlineScript: | az deployment group create --name deploy --resource-group ${{ vars.RESOURCE_GROUP }} --template-file ./main.bicep --parameters @./dev.parameters.json --parameters adminPassword='${{ secrets.VM_ADMIN_PASSWORD }}' --parameters adminUsername='${{ secrets.VM_ADMIN_NAME }}' --debug ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------⏺