├── assets ├── images │ ├── placeholder.md │ ├── create-secret.png │ ├── node-action.png │ ├── create-app-service.png │ ├── workflow-complete.png │ ├── get-publish-profile.png │ └── Add-secret-name-value.png └── create-secrets-for-GitHub-workflows.md ├── AppService ├── node_express_sampleApp │ ├── app.yaml │ ├── assets │ │ └── images │ │ │ ├── placeholder.md │ │ │ ├── node-action.png │ │ │ ├── create-secret.png │ │ │ ├── create-app-service.png │ │ │ ├── get-publish-profile.png │ │ │ └── workflow-complete.png │ ├── views │ │ ├── error.pug │ │ ├── layout.pug │ │ └── index.pug │ ├── public │ │ ├── fonts │ │ │ └── segoeuil.ttf │ │ ├── stylesheets │ │ │ ├── style.styl │ │ │ └── style.css │ │ └── images │ │ │ ├── tweetThis.svg │ │ │ └── successCloudNew.svg │ ├── Dockerfile │ ├── routes │ │ ├── index.js │ │ └── users.js │ ├── config.yml │ ├── package.json │ ├── LICENSE │ ├── Web.Debug.config │ ├── .github │ │ └── workflows │ │ │ └── workflow.yml │ ├── app.js │ ├── Web.config │ └── nodejs-webapp-express.njsproj ├── Properties │ ├── node.js-webapp-on-azure.properties.json │ ├── python-webapp-on-azure.properties.json │ ├── asp.net-webapp-on-azure.properties.json │ ├── java-jar-webapp-on-azure.properties.json │ ├── asp.net-core-webapp-on-azure.properties.json │ ├── java-war-webapp-on-azure.properties.json │ ├── docker-webapp-container-on-azure.properties.json │ └── docker-asp.net-core-webapp-sql-on-azure.properties.json ├── php-webapp-on-azure.yml ├── go-webapp-on-azure.yml ├── java-war-webapp-on-azure.yml ├── java-jar-webapp-on-azure.yml ├── asp.net-webapp-on-azure.yml ├── asp.net-core-webapp-on-azure.yml ├── node.js-webapp-on-azure.yml ├── python-webapp-on-azure.yml ├── Python-GHA-Samples │ ├── Python-Local-Built-Deploy-Sample.yml │ ├── Python-Poetry-Sample.yml │ ├── Python-SetupPy-Sample.yml │ └── Python-PyProject-Uv-Sample.yml ├── docker-webapp-container-on-azure.yml ├── vsts-only-sitecontainers.yml ├── blessed-sitecontainers-webapp-on-azure.yml ├── sitecontainers-webapp-on-azure.yml └── vsts-blessed-sitecontainers.yml ├── MachineLearning ├── img │ └── ml-lifecycle.png └── README.md ├── FunctionApp ├── Properties │ ├── linux-node.js-functionapp-on-azure.properties.json │ ├── linux-python-functionapp-on-azure.properties.json │ ├── windows-dotnet-functionapp-on-azure-rbac.properties.json │ ├── windows-java-functionapp-on-azure.properties.json │ ├── linux-dotnet-functionapp-on-azure.properties.json │ ├── linux-java-functionapp-on-azure.properties.json │ ├── windows-node.js-functionapp-on-azure.properties.json │ ├── linux-container-functionapp-on-azure.properties.json │ ├── windows-powershell-functionapp-on-azure.properties.json │ └── windows-dotnet-functionapp-on-azure.properties.json ├── linux-powershell-functionapp-on-azure.yml ├── windows-powershell-functionapp-on-azure.yml ├── linux-dotnet-functionapp-on-azure.yml ├── windows-dotnet-functionapp-on-azure.yml ├── linux-node.js-functionapp-on-azure.yml ├── windows-node.js-functionapp-on-azure.yml ├── linux-java-functionapp-on-azure.yml ├── windows-java-functionapp-on-azure.yml ├── windows-dotnet-functionapp-on-azure-rbac.yml ├── linux-python-functionapp-on-azure.yml ├── linux-container-functionapp-on-azure.yml └── oidc-auth-samples │ ├── powershell-functionapp-on-azure-oidc.yml │ ├── python-functionapp-on-azure-oidc.yml │ ├── linux-java-functionapp-on-azure-oidc.yml │ ├── linux-node-functionapp-on-azure-oidc.yml │ ├── linux-dotnet-functionapp-on-azure-oidc.yml │ ├── windows-java-functionapp-on-azure-oidc.yml │ ├── windows-node-functionapp-on-azure-oidc.yml │ └── windows-dotnet-functionapp-on-azure-oidc.yml ├── PackageManagement ├── Properties │ └── nuget.properties.json └── nuget.yml ├── AzurePolicy ├── Properties │ └── trigger-scan-on-scope.properties.yml ├── trigger-scan-on-scope.yml ├── trigger-scan-on-subscription.yml ├── trigger-scan-on-resource-group-ignore-compliance-result.yml ├── trigger-scan-on-subscription-no-report.yml ├── trigger-scan-on-multiple-subscriptions-no-wait.yml └── trigger-scan-on-resource-group-ignore-compliance-result-for-testApp.yml ├── CODE_OF_CONDUCT.md ├── Others └── variable-substitution.yml ├── Database ├── MySQL-on-Azure.yml ├── SQL-on-Azure.yml └── PostgreSQL-on-Azure.yml ├── .gitmodules ├── AzureCLI ├── Az-PowerShell.yml └── Az-cli-Provision-Webapp.yml ├── LICENSE ├── ARM ├── ResourceGroupScope-ARM-Deployment.yml ├── ManagementGroupScope-ARM-Deployment.yml └── SubscriptionScope-ARM-Deployment.yml ├── AzurePipelines └── trigger-azure-pipelines.yml ├── Terraform ├── terraform-deployment.yml └── README.md ├── End-to-End └── Serverless-web-application │ ├── README.md │ ├── azure-infra-cicd.yml │ ├── functions-api-cicd.yml │ └── spa-cicd.yml ├── SECURITY.md ├── Kubernetes ├── build-and-deploy-docker-image-aks-using-manifests.yml ├── build-and-deploy-docker-image-to-aks-using-helm.yml └── README.md └── README.md /assets/images/placeholder.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/app.yaml: -------------------------------------------------------------------------------- 1 | runtime: nodejs10 2 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/assets/images/placeholder.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /assets/images/create-secret.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/assets/images/create-secret.png -------------------------------------------------------------------------------- /assets/images/node-action.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/assets/images/node-action.png -------------------------------------------------------------------------------- /MachineLearning/img/ml-lifecycle.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/MachineLearning/img/ml-lifecycle.png -------------------------------------------------------------------------------- /assets/images/create-app-service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/assets/images/create-app-service.png -------------------------------------------------------------------------------- /assets/images/workflow-complete.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/assets/images/workflow-complete.png -------------------------------------------------------------------------------- /assets/images/get-publish-profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/assets/images/get-publish-profile.png -------------------------------------------------------------------------------- /assets/images/Add-secret-name-value.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/assets/images/Add-secret-name-value.png -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/views/error.pug: -------------------------------------------------------------------------------- 1 | extends layout 2 | 3 | block content 4 | h1= message 5 | h2= error.status 6 | pre #{error.stack} -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/public/fonts/segoeuil.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/AppService/node_express_sampleApp/public/fonts/segoeuil.ttf -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/assets/images/node-action.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/AppService/node_express_sampleApp/assets/images/node-action.png -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/assets/images/create-secret.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/AppService/node_express_sampleApp/assets/images/create-secret.png -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/assets/images/create-app-service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/AppService/node_express_sampleApp/assets/images/create-app-service.png -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/assets/images/get-publish-profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/AppService/node_express_sampleApp/assets/images/get-publish-profile.png -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/assets/images/workflow-complete.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/actions-workflow-samples/HEAD/AppService/node_express_sampleApp/assets/images/workflow-complete.png -------------------------------------------------------------------------------- /AppService/Properties/node.js-webapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Node.js Web App to Azure", 3 | "description": "Deploy Node.js app to Azure App Service", 4 | "iconName": "azure", 5 | "categories": [ 6 | "node" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/Properties/python-webapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Python Web App to Azure", 3 | "description": "Deploy Python app to Azure App Service", 4 | "iconName": "azure", 5 | "categories": [ 6 | "Python" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/Properties/asp.net-webapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ASP.NET MVC Web App to Azure", 3 | "description": "Deploy ASP.NET MVC Web App to Azure App Service", 4 | "iconName": "azure", 5 | "categories": [ 6 | "ASP" , "Deployment" 7 | ] 8 | } -------------------------------------------------------------------------------- /AppService/Properties/java-jar-webapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Java Web App to Azure", 3 | "description": "Deploy Java Web App to Azure App Service", 4 | "iconName": "azure", 5 | "categories": [ 6 | "java" ,"Maven" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/Properties/asp.net-core-webapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ASP.NET Core Web App to Azure", 3 | "description": "Deploy ASP.NET Core app to Azure App Service", 4 | "iconName": "azure", 5 | "categories": [ 6 | "ASP", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/Properties/java-war-webapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Java Web App to Azure", 3 | "description": "Deploy Java War package to Azure App Service", 4 | "iconName": "azure", 5 | "categories": [ 6 | "java" ,"Maven" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/linux-node.js-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Node.js Serverless App to Azure", 3 | "description": "Deploy Node.js app to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "node" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/linux-python-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Python Serverless App to Azure", 3 | "description": "Deploy Python app to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "Python" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /PackageManagement/Properties/nuget.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Publish Nuget Packages", 3 | "description": "Publish Nuget package to GitHub Package Registry and Azure Artifacts", 4 | "iconName": "azure", 5 | "categories": [ 6 | "Nuget", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:8 2 | LABEL maintainer="Azure App Services Container Images " 3 | 4 | # Create app directory 5 | WORKDIR /app 6 | 7 | # Bundle app source 8 | COPY . . 9 | 10 | EXPOSE 8080 80 11 | CMD [ "npm", "start" ] 12 | -------------------------------------------------------------------------------- /AzurePolicy/Properties/trigger-scan-on-scope.properties.yml: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Trigger Azure Policy Compliance Scan", 3 | "description": "Trigger an on-demand Azure policy compliance scan on a scope", 4 | "iconName": "azure", 5 | "categories": [ 6 | "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/windows-dotnet-functionapp-on-azure-rbac.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ASP.NET Serverless App to Azure", 3 | "description": "Deploy ASP.NET Web App to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "ASP" , "Deployment" 7 | ] 8 | } -------------------------------------------------------------------------------- /FunctionApp/Properties/windows-java-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Java Serverless App to Azure", 3 | "description": "Deploy Java App to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "java" ,"Maven" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/linux-dotnet-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ASP.NET Core Serverless App to Azure", 3 | "description": "Deploy ASP.NET Core app to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "ASP", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/linux-java-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Java Serverless App to Azure", 3 | "description": "Deploy Java War package to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "java" ,"Maven" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/windows-node.js-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Node.js Serverless App to Azure", 3 | "description": "Deploy Windows Node.js app to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "node" , "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/Properties/docker-webapp-container-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Build and deploy Docker Web App to Azure", 3 | "description": "Build and deploy Docker app to Azure App Service", 4 | "iconName": "azure", 5 | "categories": [ 6 | "Docker", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/routes/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | var express = require('express'); 3 | var router = express.Router(); 4 | 5 | /* GET home page. */ 6 | router.get('/', function (req, res) { 7 | res.render('index', { title: 'Express' }); 8 | }); 9 | 10 | module.exports = router; 11 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/routes/users.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | var express = require('express'); 3 | var router = express.Router(); 4 | 5 | /* GET users listing. */ 6 | router.get('/', function (req, res) { 7 | res.send('respond with a resource'); 8 | }); 9 | 10 | module.exports = router; 11 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/config.yml: -------------------------------------------------------------------------------- 1 | title: Deploy Node App to Azure 2 | tagline: Learn how to create an Action workflow to set up CICD for a Node App deployed to Azure 3 | description: Point users to a newly created issue and closes the original issue 4 | template: 5 | name: node-app 6 | repo: node-express 7 | -------------------------------------------------------------------------------- /FunctionApp/Properties/linux-container-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Build and deploy Docker Serverless App to Azure", 3 | "description": "Build and deploy Docker app to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "Docker", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/windows-powershell-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Windows PowerShell based Serverless App to Azure", 3 | "description": "Deploy Windows PowerShell app to Azure Functions", 4 | "iconName": "azure", 5 | "categories": [ 6 | "ASP", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /FunctionApp/Properties/windows-dotnet-functionapp-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ASP.NET Core Serverless App to Azure", 3 | "description": "Deploy ASP.NET Core app to Azure Functions using a Publish Profile", 4 | "iconName": "azure", 5 | "categories": [ 6 | "ASP", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /AppService/Properties/docker-asp.net-core-webapp-sql-on-azure.properties.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Docker ASP.NET Core Web App with Azure SQL backend to Azure", 3 | "description": "Build and Deploy docker ASP.NET Core Web App with Azure SQL backend to Azure", 4 | "iconName": "azure", 5 | "categories": [ 6 | "Docker", "ASP.NET Core", "Azure SQL", "Deployment" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Microsoft Open Source Code of Conduct 2 | 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 4 | 5 | Resources: 6 | 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns 10 | -------------------------------------------------------------------------------- /Others/variable-substitution.yml: -------------------------------------------------------------------------------- 1 | # .github/workflows/var-substitution.yml 2 | on: [push] 3 | name: variable substitution in json, xml, and yml files 4 | 5 | jobs: 6 | build: 7 | runs-on: windows-latest 8 | steps: 9 | - uses: microsoft/variable-substitution@v1 10 | with: 11 | files: 'Application/*.json, Application/*.yaml, ./Application/SampleWebApplication/We*.config' 12 | env: 13 | Var1: "value1" 14 | Var2.key1: "value2" 15 | SECRET: ${{ secrets.SOME_SECRET }} 16 | -------------------------------------------------------------------------------- /Database/MySQL-on-Azure.yml: -------------------------------------------------------------------------------- 1 | # .github/workflows/mysql-deploy.yml 2 | on: [push] 3 | 4 | jobs: 5 | build: 6 | runs-on: windows-latest 7 | steps: 8 | - uses: actions/checkout@v1 9 | - uses: azure/login@v1 10 | with: 11 | creds: ${{ secrets.AZURE_CREDENTIALS }} 12 | - uses: azure/mysql-action@v1 13 | with: 14 | server-name: REPLACE_THIS_WITH_YOUR_MYSQL_SERVER_NAME 15 | connection-string: ${{ secrets.AZURE_MYSQL_CONNECTION_STRING }} 16 | sql-file: './sqlFile.sql' 17 | -------------------------------------------------------------------------------- /Database/SQL-on-Azure.yml: -------------------------------------------------------------------------------- 1 | # .github/workflows/sql-deploy.yml 2 | on: [push] 3 | 4 | jobs: 5 | build: 6 | runs-on: windows-latest 7 | steps: 8 | - uses: actions/checkout@v1 9 | - uses: azure/actions/login@v1 10 | with: 11 | creds: ${{ secrets.AZURE_CREDENTIALS }} 12 | - uses: Azure/sql-action@v1 13 | with: 14 | server-name: REPLACE_THIS_WITH_YOUR_SQL_SERVER_NAME 15 | connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }} 16 | dacpac-package: './Database.dacpac' 17 | -------------------------------------------------------------------------------- /Database/PostgreSQL-on-Azure.yml: -------------------------------------------------------------------------------- 1 | on: [push] 2 | 3 | jobs: 4 | build: 5 | runs-on: ubuntu-latest 6 | 7 | steps: 8 | - uses: actions/checkout@v2.3.2 9 | # login not needed if firewall is configured 10 | - uses: Azure/login@v1 11 | with: 12 | creds: ${{secrets.AZURE_CREDENTIALS}} 13 | - uses: azure/postgresql@v1 14 | with: 15 | connection-string: ${{ secrets.AZURE_POSTGRESQL_CONNECTION_STRING }} 16 | server-name: REPLACE_THIS_WITH_YOUR_POSTGRESQL_SERVER_NAME 17 | plsql-file: "sql_files/*.sql" 18 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "Kubernetes/java-on-aks"] 2 | path = Kubernetes/java-on-aks 3 | url = https://github.com/Azure-Samples/java-on-aks 4 | [submodule "Kubernetes/RockPaperScissorsLizardSpock"] 5 | path = Kubernetes/RockPaperScissorsLizardSpock 6 | url = https://github.com/microsoft/RockPaperScissorsLizardSpock 7 | [submodule "MachineLearning/ml-template-azure"] 8 | path = MachineLearning/ml-template-azure 9 | url = https://github.com/machine-learning-apps/ml-template-azure.git 10 | [submodule "MachineLearning/mlops-enterprise-template"] 11 | path = MachineLearning/mlops-enterprise-template 12 | url = https://github.com/Azure-Samples/mlops-enterprise-template 13 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "nodejs-webapp-express", 3 | "version": "0.0.0", 4 | "private": true, 5 | "scripts": { 6 | "start": "node app" 7 | }, 8 | "description": "nodejs-webapp-express", 9 | "author": { 10 | "name": "alagrawa" 11 | }, 12 | "dependencies": { 13 | "applicationinsights": "^1.0.0", 14 | "body-parser": "^1.15.0", 15 | "cookie-parser": "^1.4.0", 16 | "debug": "^2.2.0", 17 | "express": "^4.14.0", 18 | "morgan": "^1.9.1", 19 | "pug": "^2.0.0-beta6", 20 | "serve-favicon": "^2.3.0", 21 | "natives": "^1.1.6" 22 | }, 23 | "engines": { 24 | "node": ">6.0.0" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /AzureCLI/Az-PowerShell.yml: -------------------------------------------------------------------------------- 1 | on: [push] 2 | 3 | name: AzurePowerShellSample 4 | 5 | jobs: 6 | 7 | build-and-deploy: 8 | runs-on: ubuntu-latest 9 | steps: 10 | 11 | - name: Login via Az module 12 | uses: azure/login@v1.1 13 | with: 14 | creds: ${{secrets.AZURE_CREDENTIALS}} 15 | enable-AzPSSession: true 16 | 17 | - name: Run Az CLI script 18 | run: | 19 | az webapp list --query "[?state=='Running']" 20 | 21 | - name: Run Azure PowerShell script 22 | uses: azure/powershell@v1 23 | with: 24 | azPSVersion: '3.1.0' 25 | inlineScript: | 26 | Get-AzVM -ResourceGroupName "ActionsDemo" 27 | -------------------------------------------------------------------------------- /AzurePolicy/trigger-scan-on-scope.yml: -------------------------------------------------------------------------------- 1 | name: trigger_scan_on_scope 2 | on: 3 | push: 4 | paths: 5 | - '**trigger-scan-on-scope.yml' 6 | 7 | env: 8 | SCAN_SCOPE: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx # set this to the scope that is to be scanned. It can be a Subscription, Resource group or a resource 9 | 10 | jobs: 11 | assess-policy-compliance: 12 | runs-on: ubuntu-latest 13 | steps: 14 | # Azure Login 15 | - name: Login to Azure 16 | uses: azure/login@v1 17 | with: 18 | creds: ${{secrets.AZURE_CREDENTIALS}} 19 | 20 | - name: Check for resource compliance 21 | uses: azure/policy-compliance-scan@v0 22 | with: 23 | scopes: ${{env.SCAN_SCOPE}} 24 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/public/stylesheets/style.styl: -------------------------------------------------------------------------------- 1 | body 2 | padding-top: 50px 3 | padding-bottom: 20px 4 | 5 | /* Set padding to keep content from hitting the edges */ 6 | .body-content 7 | padding-left: 15px 8 | padding-right: 15px 9 | 10 | /* Set width on the form input elements since they're 100% wide by default */ 11 | input, 12 | select, 13 | textarea 14 | max-width: 280px 15 | 16 | /* styles for validation helpers */ 17 | .field-validation-error 18 | color: #b94a48 19 | 20 | .field-validation-valid 21 | display: none 22 | 23 | input.input-validation-error 24 | border: 1px solid #b94a48 25 | 26 | input[type="checkbox"].input-validation-error 27 | border: 0 none 28 | 29 | .validation-summary-errors 30 | color: #b94a48 31 | 32 | .validation-summary-valid 33 | display: none 34 | -------------------------------------------------------------------------------- /AzurePolicy/trigger-scan-on-subscription.yml: -------------------------------------------------------------------------------- 1 | # This workflow triggers an azure policy compliance scan on the subscription. 2 | # Waits till the scan is complete and displays the latest compliance state of resources in logs. 3 | # Also generates the compliance report in form of a CSV file and uploads it as an artifact of this workflow run. 4 | # The action will fail if there are non-compliant resources found( Use 'scopes-ignore' input to ignore the compliance status of resources ) 5 | name: scan-subscription 6 | on: push 7 | 8 | jobs: 9 | assess-policy-compliance: 10 | runs-on: ubuntu-latest 11 | steps: 12 | # Azure Login 13 | - name: Login to Azure 14 | uses: azure/login@v1 15 | with: 16 | creds: ${{secrets.AZURE_CREDENTIALS}} 17 | 18 | - name: Check for resource compliance 19 | uses: azure/policy-compliance-scan@v0 20 | with: 21 | scopes: | 22 | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 23 | 24 | -------------------------------------------------------------------------------- /AzurePolicy/trigger-scan-on-resource-group-ignore-compliance-result.yml: -------------------------------------------------------------------------------- 1 | # This workflow triggers an azure policy compliance scan on the resource group. 2 | # Waits till the scan is complete and displays the latest compliance state of resources in logs and uploads a compliance report in form of a CSV file.# 3 | # The compliance scan action will pass irrespective of the compliance status of scanned resources 4 | 5 | name: scan-rg-ignore-compliance-status 6 | on: push 7 | 8 | jobs: 9 | assess-policy-compliance: 10 | runs-on: ubuntu-latest 11 | steps: 12 | # Azure Login 13 | - name: Login to Azure 14 | uses: azure/login@v1 15 | with: 16 | creds: ${{secrets.AZURE_CREDENTIALS}} 17 | 18 | - name: Check for resource compliance 19 | uses: azure/policy-compliance-scan@v0 20 | with: 21 | scopes: | 22 | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-Resource-Group/ 23 | scopes-ignore: all 24 | 25 | -------------------------------------------------------------------------------- /AzurePolicy/trigger-scan-on-subscription-no-report.yml: -------------------------------------------------------------------------------- 1 | # This workflow triggers an azure policy compliance scan on the subscription. 2 | # Waits till the scan is complete and displays the latest compliance state of resources in logs. 3 | # The compliance scan action will fail if there are non-compliant resources found( Use 'scopes-ignore' input to ignore the compliance status of resources ) 4 | # The compliance scan action will not upload a report to the workflow run 5 | 6 | name: scan-subscription-without-report 7 | on: push 8 | 9 | jobs: 10 | assess-policy-compliance: 11 | runs-on: ubuntu-latest 12 | steps: 13 | # Azure Login 14 | - name: Login to Azure 15 | uses: azure/login@v1 16 | with: 17 | creds: ${{secrets.AZURE_CREDENTIALS}} 18 | 19 | - name: Check for resource compliance 20 | uses: azure/policy-compliance-scan@v0 21 | with: 22 | scopes: | 23 | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 24 | skip-report: true 25 | -------------------------------------------------------------------------------- /AzurePolicy/trigger-scan-on-multiple-subscriptions-no-wait.yml: -------------------------------------------------------------------------------- 1 | # This workflow triggers an azure policy compliance scan on multiple subscriptions, resource groups and resources 2 | # The compliance scan action will progress successfully to the next step without waiting. 3 | name: scan-subscriptions-no-wait 4 | on: push 5 | 6 | jobs: 7 | assess-policy-compliance: 8 | runs-on: ubuntu-latest 9 | steps: 10 | # Azure Login 11 | - name: Login to Azure 12 | uses: azure/login@v1 13 | with: 14 | creds: ${{secrets.AZURE_CREDENTIALS}} 15 | 16 | - name: Check for resource compliance 17 | uses: azure/policy-compliance-scan@v0 18 | with: 19 | scopes: | 20 | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 21 | /subscriptions/########-####-####-####-############/resourceGroups/my-resource-group 22 | /subscriptions/@@@@@@@@-@@@@-@@@@-@@@@-@@@@@@@@@@@@/resourceGroups/my-new-resource-group/providers/Microsoft.Web/sites/zenithWorksApp 23 | wait: false 24 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/views/layout.pug: -------------------------------------------------------------------------------- 1 | doctype html 2 | html 3 | head 4 | meta(charset='utf-8') 5 | meta(name='viewport', content='width=device-width, initial-scale=1.0') 6 | title #{title} - Node.js Express Application 7 | link(rel='stylesheet', type='text/css', href='/stylesheets/bootstrap.min.css') 8 | link(rel='stylesheet', type='text/css', href='/stylesheets/style.css') 9 | 10 | body 11 | .navbar.navbar-inverse.navbar-fixed-top 12 | .container 13 | .navbar-header 14 | button.navbar-toggle(type='button', data-toggle='collapse', data-target='.navbar-collapse') 15 | span.icon-bar 16 | span.icon-bar 17 | span.icon-bar 18 | a.navbar-brand(href='/') Nodejs Express App 19 | .navbar-collapse.collapse 20 | ul.nav.navbar-nav 21 | li 22 | a(href='/') Home 23 | 24 | .container.body-content 25 | block content 26 | hr 27 | footer 28 | p © Nodejs Express Application 29 | 30 | block scripts -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/public/images/tweetThis.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzurePolicy/trigger-scan-on-resource-group-ignore-compliance-result-for-testApp.yml: -------------------------------------------------------------------------------- 1 | # This workflow triggers an azure policy compliance scan on the resource group. 2 | # Waits till the scan is complete and displays the latest compliance state of resources in logs and uploads a compliance report to the workflow run. 3 | # The compliance scan action will fail if any non-compliant resources found except for 'Microsoft.Web/sites/testApp'. 4 | 5 | name: scan-subscription-no-wait 6 | on: push 7 | 8 | jobs: 9 | assess-policy-compliance: 10 | runs-on: ubuntu-latest 11 | steps: 12 | # Azure Login 13 | - name: Login to Azure 14 | uses: azure/login@v1 15 | with: 16 | creds: ${{secrets.AZURE_CREDENTIALS}} 17 | 18 | - name: Check for resource compliance 19 | uses: azure/policy-compliance-scan@v0 20 | with: 21 | scopes: | 22 | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-Resource-Group/ 23 | scopes-ignore: | 24 | /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-Resource-Group/providers/Microsoft.Web/sites/testApp 25 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /AppService/php-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy PHP to Azure Web App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_WEBAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_WEBAPP_NAME: your-app-name # set this to your application's name 15 | AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root 16 | 17 | jobs: 18 | build-and-deploy: 19 | name: Build and Deploy 20 | runs-on: ubuntu-latest 21 | environment: dev 22 | steps: 23 | - uses: actions/checkout@v3 24 | 25 | - name: 'Deploy to Azure WebApp' 26 | uses: azure/webapps-deploy@v2 27 | with: 28 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 29 | publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} 30 | package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} 31 | 32 | # For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions 33 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 34 | -------------------------------------------------------------------------------- /FunctionApp/linux-powershell-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy PowerShell project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | 17 | jobs: 18 | build-and-deploy: 19 | runs-on: ubuntu-latest 20 | environment: dev 21 | steps: 22 | - name: 'Checkout GitHub Action' 23 | uses: actions/checkout@v3 24 | 25 | - name: 'Run Azure Functions Action' 26 | uses: Azure/functions-action@v1 27 | id: fa 28 | with: 29 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 30 | package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} 31 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 32 | 33 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 34 | -------------------------------------------------------------------------------- /FunctionApp/windows-powershell-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy PowerShell project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | 17 | jobs: 18 | build-and-deploy: 19 | runs-on: windows-latest 20 | environment: dev 21 | steps: 22 | - name: 'Checkout GitHub Action' 23 | uses: actions/checkout@v3 24 | 25 | - name: 'Run Azure Functions Action' 26 | uses: Azure/functions-action@v1 27 | id: fa 28 | with: 29 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 30 | package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} 31 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 32 | 33 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 34 | -------------------------------------------------------------------------------- /AppService/go-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | # Go on Linux Web App 2 | # Build a Go project and deploy it to Azure as a Linux web app. 3 | name: Deploy Go package to Azure Web App as a Linux web app. 4 | on: 5 | [push] 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_WEBAPP_NAME: # set this to your application's name 15 | WORKING_DIRECTORY: '.' # set this to the path to your path of working directory inside github repository, defaults to the repository root 16 | GO_VERSION: '1.18' # set this to your application's go version 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: ubuntu-latest 21 | environment: production 22 | steps: 23 | # checkout the repo 24 | - uses: actions/checkout@v3 25 | # setup Go 26 | - name: Setup Go 27 | uses: actions/setup-go@v3 28 | with: 29 | go-version: ${{ env.GO_VERSION }} 30 | - run: go version 31 | # install dependencies 32 | - name: go build 33 | working-directory: ${{ env.WORKING_DIRECTORY }} 34 | run: | 35 | go build 36 | - name: 'Deploy to Azure Web App' 37 | id: deploy-to-webapp 38 | uses: azure/webapps-deploy@v2 39 | with: 40 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 41 | slot-name: 'Production' 42 | publish-profile: ${{ secrets.AZURE_PUBLISH_PROFILE}} 43 | package: . 44 | -------------------------------------------------------------------------------- /ARM/ResourceGroupScope-ARM-Deployment.yml: -------------------------------------------------------------------------------- 1 | name: workflow to deploy an ARM Template to a resource group 2 | on: push 3 | 4 | # CONFIGURATION 5 | # For help, go to https://github.com/Azure/Actions 6 | 7 | env: 8 | AZURE_RESOURCE_GROUP: << Azure Resource Group >> # set this to your Azure Resource group's name 9 | AZURE_SUBSCRIPTION_ID: << Subscription Id >> # set this to your Azure Subscription Id 10 | 11 | jobs: 12 | build-and-deploy-to-dev: 13 | runs-on: ubuntu-latest 14 | steps: 15 | 16 | # Authentication 17 | # Set up the following secrets in your repository: AZURE_CREDENTIALS 18 | # For details on usage of secrets, please refer https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 19 | - name: Azure Login 20 | uses: azure/login@v1 21 | with: 22 | creds: ${{ secrets.AZURE_CREDENTIALS }} 23 | 24 | # Checkout 25 | - name: Checkout 26 | uses: actions/checkout@v1 27 | 28 | # Deployment of template 29 | - name: Deploy ARM Template 30 | uses: azure/arm-deploy@v1 31 | with: 32 | # You can change these environment variables for your configuration: AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP 33 | subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }} 34 | resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP }} 35 | template: $GITHUB_WORKSPACE/azuredeploy.json # Set this to the location of your template file 36 | parameters: $GITHUB_WORKSPACE/azuredeploy.parameters.json # Set this to the location of your parameters file 37 | -------------------------------------------------------------------------------- /AppService/java-war-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Java War package to Azure web app 2 | 3 | on: 4 | [push,pull_request] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_WEBAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_WEBAPP_NAME: JavaPetstore # set this to your application's name 15 | AZURE_WEBAPP_PACKAGE_PATH: ${{ github.workspace }} # set this to the path to your web app project 16 | JAVA_VERSION: '1.8' # set this to the java version to use 17 | AZURE_WEBAPP_PUBLISH_PROFILE: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # set GH repo secret with the publish profile of the web app 18 | 19 | jobs: 20 | build-and-deploy: 21 | name: Build and Deploy 22 | runs-on: ubuntu-latest 23 | environment: dev 24 | steps: 25 | - uses: actions/checkout@v3 26 | - name: Set up JDK 1.8 27 | uses: actions/setup-java@v1 28 | with: 29 | java-version: ${{ env.JAVA_VERSION }} 30 | - name: Build with Maven 31 | run: mvn package --file pom.xml 32 | - name: 'Deploy to Azure WebApp' 33 | uses: azure/webapps-deploy@v2 34 | with: 35 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 36 | publish-profile: ${{ env.AZURE_WEBAPP_PUBLISH_PROFILE }} 37 | package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/target/*.war' 38 | 39 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 40 | -------------------------------------------------------------------------------- /ARM/ManagementGroupScope-ARM-Deployment.yml: -------------------------------------------------------------------------------- 1 | name: workflow to deploy an ARM Template to a Management Group Scope 2 | on: push 3 | 4 | # CONFIGURATION 5 | # For help, go to https://github.com/Azure/Actions 6 | 7 | env: 8 | AZURE_MANAGEMENT_GROUP_ID: << Management Group Id >> # set this to your Azure Management Group Id 9 | 10 | jobs: 11 | build-and-deploy-to-dev: 12 | runs-on: ubuntu-latest 13 | steps: 14 | 15 | # Set up the following secrets in your repository: AZURE_CREDENTIALS 16 | # Ensure that the SPN has contributor access to Management Group, please refer https://docs.microsoft.com/en-us/azure/governance/management-groups/manage 17 | # For details on usage of secrets, please refer https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 18 | - name: Azure Login 19 | uses: azure/login@v1 20 | with: 21 | creds: ${{ secrets.AZURE_CREDENTIALS }} 22 | 23 | # Checkout 24 | - name: Checkout 25 | uses: actions/checkout@v1 26 | 27 | # Deployment of template 28 | - name: Deploy ARM Template 29 | uses: azure/arm-deploy@v1 30 | with: 31 | # You can change these environment variables for your configuration: AZURE_SUBSCRIPTION_ID 32 | scope: managementgroup 33 | managementGroupId: ${{ env.AZURE_MANAGEMENT_GROUP_ID }} 34 | region: centralus # Set this to your target region 35 | template: $GITHUB_WORKSPACE/azuredeploy.json # Set this to the location of your template file 36 | parameters: $GITHUB_WORKSPACE/azuredeploy.parameters.json # Set this to the location of your parameters file 37 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/public/stylesheets/style.css: -------------------------------------------------------------------------------- 1 | html, 2 | body { 3 | height: 100%; 4 | width: 100%; 5 | padding: 0; 6 | margin: 0; 7 | } 8 | 9 | @font-face { 10 | font-family: "Segoe UI"; 11 | src: url('../fonts/segoeuil.ttf') format('truetype'); 12 | } 13 | 14 | .main-container { 15 | height: 400px; 16 | width: 100%; 17 | background-color: #1d539d; 18 | color: white; 19 | padding-top: 30px; 20 | box-sizing: border-box; 21 | overflow-y: hidden; 22 | overflow-x: hidden; 23 | font-family: "Segoe UI"; 24 | padding: 80px; 25 | margin-bottom: 30px; 26 | } 27 | 28 | .cloud-image { 29 | width: 350px; 30 | height: 150px; 31 | padding-bottom: 20px; 32 | margin: auto; 33 | } 34 | 35 | .cloud-image img { 36 | width: 100%; 37 | height: 100%; 38 | } 39 | 40 | .success-text { 41 | padding-bottom: 20px; 42 | font-size: 45px; 43 | line-height: 54px; 44 | text-align: center; 45 | } 46 | 47 | .description { 48 | font-size: 18px; 49 | line-height: 24px; 50 | text-align: center; 51 | } 52 | 53 | .content { 54 | box-sizing: border-box; 55 | max-width: 450px; 56 | position: relative; 57 | margin: auto; 58 | } 59 | 60 | .tweet-container { 61 | height: 30px; 62 | width: 30px; 63 | min-width: 30px; 64 | min-height: 50px; 65 | margin: 0 20px; 66 | position: absolute; 67 | left: -55px; 68 | top: 90px; 69 | } 70 | 71 | .tweet-container img { 72 | width: 100%; 73 | height: 100%; 74 | } 75 | 76 | .content-body { 77 | min-width: 400px; 78 | } 79 | 80 | .col-md-4 { 81 | color: black; 82 | } 83 | -------------------------------------------------------------------------------- /AzurePipelines/trigger-azure-pipelines.yml: -------------------------------------------------------------------------------- 1 | name: Multijob workflow to build and deploy Docker app to Azure 2 | 3 | on: push 4 | 5 | # CONFIGURATION 6 | # For help, go to https://github.com/Azure/Actions 7 | # 8 | # Set up the following secrets in your repository: 9 | # AZURE_CREDENTIALS, REGISTRY_USERNAME, REGISTRY_PASSWORD, AZURE_DEVOPS_TOKEN 10 | # 2. Change these variables for your configuration: 11 | env: 12 | CONTAINER_REGISTRY: actionregistry.azurecr.io # set this to Container Registry name 13 | 14 | jobs: 15 | build-in-actions-workflow: 16 | runs-on: ubuntu-latest 17 | steps: 18 | - uses: actions/checkout@master 19 | 20 | # Authentication 21 | - uses: azure/login@v1 22 | with: 23 | creds: ${{ secrets.AZURE_CREDENTIALS }} 24 | - uses: azure/docker-login@v1 25 | with: 26 | login-server: ${{ env.CONTAINER_REGISTRY }} 27 | username: ${{ secrets.REGISTRY_USERNAME }} 28 | password: ${{ secrets.REGISTRY_PASSWORD }} 29 | 30 | # Build and push container 31 | - run: | 32 | docker build . -t ${{ env.CONTAINER_REGISTRY }}/nodejsapp:latest 33 | docker push ${{ env.CONTAINER_REGISTRY }}/nodejsapp:latest 34 | 35 | 36 | deploy-using-azure-pipelines: 37 | needs: build-in-actions-workflow 38 | runs-on: ubuntu-latest 39 | steps: 40 | - name: 'Trigger an Azure Pipeline to deploy the app to PRODUCTION' 41 | uses: Azure/pipelines@releases/v1 42 | with: 43 | azure-devops-project-url: 'https://dev.azure.com/OrganizationName/ProjectName' 44 | azure-pipeline-name: 'WebApp_Azure_Prod' 45 | azure-devops-token: '${{ secrets.AZURE_DEVOPS_TOKEN }}' 46 | -------------------------------------------------------------------------------- /AppService/java-jar-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Java Web App to Azure 2 | 3 | on: 4 | [push,pull_request] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_WEBAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_WEBAPP_NAME: JavaSpringPetclinic # set this to your application's name 15 | AZURE_WEBAPP_PACKAGE_PATH: ${{ github.workspace }} # set this to the path to your web app project 16 | JAVA_VERSION: '1.8' # set this to the Java version to use 17 | AZURE_WEBAPP_PUBLISH_PROFILE: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # set GH repo secret with the publish profile of the web app 18 | 19 | jobs: 20 | build-and-deploy: 21 | name: Build and Deploy 22 | runs-on: ubuntu-latest 23 | environment: dev 24 | steps: 25 | - uses: actions/checkout@v3 26 | - name: Set up JDK 1.8 27 | uses: actions/setup-java@v1 28 | with: 29 | java-version: ${{ env.JAVA_VERSION }} 30 | - name: Build with Maven 31 | run: mvn package --file pom.xml 32 | - name: 'Deploy to Azure WebApp' 33 | uses: azure/webapps-deploy@v2 34 | with: 35 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 36 | publish-profile: ${{ env.AZURE_WEBAPP_PUBLISH_PROFILE }} 37 | package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/target/*.jar' 38 | 39 | # For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions 40 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 41 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/views/index.pug: -------------------------------------------------------------------------------- 1 | extends layout 2 | 3 | block content 4 | .main-container 5 | .cloud-image 6 | img(src='/images/successCloudNew.svg') 7 | .content 8 | .tweet-container 9 | a(href='http://twitter.com/intent/tweet/?text=I%20just%20created%20a%20new%20Node.js%20Express%20website%20on%20Azure%20using%20Azure%20DevOps%20Project&hashtags=GitHubDreamLifter%2CVSTS%20%40Azure%20%40Pipelines') 10 | img(src='/images/tweetThis.svg') 11 | .content-body 12 | .success-text 13 | p GitHub + Azure rocks! 14 | .description 15 | p App service has been successfully setup 16 | .description 17 | p Your Node.js Express app is up and running on Azure!!! 18 | 19 | .row 20 | .col-md-4 21 | h2 Get started right away 22 | p Clone your code repository and start developing your application on IDE of your choice 23 | p 24 | a.btn.btn-default(href='https://go.microsoft.com/fwlink/?linkid=862409') Learn more » 25 | .col-md-4 26 | h2 Continuous Integration 27 | p View your pipeline under Actions tab! 28 | p 29 | a.btn.btn-default(href='https://go.microsoft.com/fwlink/?linkid=862410') Learn more » 30 | .col-md-4 31 | h2 GitHub Actions 32 | p Making CI a first class citizen in GitHub through a native CI experience. 33 | p Technically, we will do this by leveraging Azure Pipelines technologies, but from a customer perspective it will be a fully GitHub experience. 34 | p Humans want easy and powerful automation :) 35 | p 36 | a.btn.btn-default(href='https://go.microsoft.com/fwlink/?linkid=862126') Learn more » 37 | -------------------------------------------------------------------------------- /Terraform/terraform-deployment.yml: -------------------------------------------------------------------------------- 1 | name: "Terraform Deploy" 2 | on: 3 | push: 4 | branches: 5 | - master 6 | 7 | # Update secrets TF_VAR_agent_client_id, TF_VAR_agent_client_secret, TF_VAR_subscription_id, TF_VAR_tenant_id in the GitHub repository. 8 | # For steps to create and store secrets, please check https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 9 | 10 | jobs: 11 | terraform: 12 | name: "Terraform" 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: "Checkout" 16 | uses: actions/checkout@master 17 | 18 | - name: Setup Terraform 19 | uses: hashicorp/setup-terraform@v1 20 | 21 | - name: "Terraform Format" 22 | id: fmt 23 | run: terraform fmt 24 | 25 | - name: "Terraform Init" 26 | id: init 27 | run: terraform init 28 | 29 | - name: "Terraform Validate" 30 | id: validate 31 | run: terraform validate -no-color 32 | 33 | - name: "Terraform Plan" 34 | id: plan 35 | run: terraform plan -no-color 36 | env: 37 | TF_VAR_agent_client_id: ${{ secrets.TF_VAR_agent_client_id }} 38 | TF_VAR_agent_client_secret: ${{ secrets.TF_VAR_agent_client_secret }} 39 | TF_VAR_subscription_id: ${{ secrets.TF_VAR_subscription_id }} 40 | TF_VAR_tenant_id: ${{ secrets.TF_VAR_tenant_id }} 41 | 42 | - name: "Terraform Apply" 43 | id: apply 44 | run: terraform apply 45 | env: 46 | TF_VAR_agent_client_id: ${{ secrets.TF_VAR_agent_client_id }} 47 | TF_VAR_agent_client_secret: ${{ secrets.TF_VAR_agent_client_secret }} 48 | TF_VAR_subscription_id: ${{ secrets.TF_VAR_subscription_id }} 49 | TF_VAR_tenant_id: ${{ secrets.TF_VAR_tenant_id }} 50 | -------------------------------------------------------------------------------- /FunctionApp/linux-dotnet-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy DotNet project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | DOTNET_VERSION: '6.0.x' # set this to the dotnet version to use (e.g. '2.1.x', '3.1.x', '5.0.x') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: ubuntu-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment 27 | uses: actions/setup-dotnet@v3 28 | with: 29 | dotnet-version: ${{ env.DOTNET_VERSION }} 30 | 31 | - name: 'Resolve Project Dependencies Using Dotnet' 32 | shell: bash 33 | run: | 34 | pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' 35 | dotnet build --configuration Release --output ./output 36 | popd 37 | 38 | - name: 'Run Azure Functions Action' 39 | uses: Azure/functions-action@v1 40 | id: fa 41 | with: 42 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 43 | package: '${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}/output' 44 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 45 | 46 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 47 | -------------------------------------------------------------------------------- /FunctionApp/windows-dotnet-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy DotNet project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | DOTNET_VERSION: '6.0.x' # set this to the dotnet version to use (e.g. '2.1.x', '3.1.x', '5.0.x') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: windows-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment 27 | uses: actions/setup-dotnet@v3 28 | with: 29 | dotnet-version: ${{ env.DOTNET_VERSION }} 30 | 31 | - name: 'Resolve Project Dependencies Using Dotnet' 32 | shell: pwsh 33 | run: | 34 | pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' 35 | dotnet build --configuration Release --output ./output 36 | popd 37 | 38 | - name: 'Run Azure Functions Action' 39 | uses: Azure/functions-action@v1 40 | id: fa 41 | with: 42 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 43 | package: '${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}/output' 44 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 45 | 46 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 47 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/Web.Debug.config: -------------------------------------------------------------------------------- 1 | 2 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 21 | 22 | 23 | 24 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /FunctionApp/linux-node.js-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Node.js project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | NODE_VERSION: '16.x' # set this to the node version to use (e.g. '8.x', '10.x', '12.x') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: ubuntu-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: Setup Node ${{ env.NODE_VERSION }} Environment 27 | uses: actions/setup-node@v3 28 | with: 29 | node-version: ${{ env.NODE_VERSION }} 30 | 31 | - name: 'Resolve Project Dependencies Using Npm' 32 | shell: bash 33 | run: | 34 | pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' 35 | npm install 36 | npm run build --if-present 37 | npm run test --if-present 38 | popd 39 | 40 | - name: 'Run Azure Functions Action' 41 | uses: Azure/functions-action@v1 42 | id: fa 43 | with: 44 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 45 | package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} 46 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 47 | 48 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 49 | -------------------------------------------------------------------------------- /FunctionApp/windows-node.js-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Node.js project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | NODE_VERSION: '16.x' # set this to the node version to use (e.g. '8.x', '10.x', '12.x') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: windows-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: Setup Node ${{ env.NODE_VERSION }} Environment 27 | uses: actions/setup-node@v3 28 | with: 29 | node-version: ${{ env.NODE_VERSION }} 30 | 31 | - name: 'Resolve Project Dependencies Using Npm' 32 | shell: pwsh 33 | run: | 34 | pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' 35 | npm install 36 | npm run build --if-present 37 | npm run test --if-present 38 | popd 39 | 40 | - name: 'Run Azure Functions Action' 41 | uses: Azure/functions-action@v1 42 | id: fa 43 | with: 44 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 45 | package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} 46 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 47 | 48 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 49 | -------------------------------------------------------------------------------- /FunctionApp/linux-java-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Java project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | POM_XML_DIRECTORY: '.' # set this to the directory which contains pom.xml file 16 | JAVA_VERSION: '8' # set this to the java version to use (e.g. '8', '11', '17') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: ubuntu-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: Setup Java Sdk ${{ env.JAVA_VERSION }} 27 | uses: actions/setup-java@v1 28 | with: 29 | java-version: ${{ env.JAVA_VERSION }} 30 | 31 | - name: 'Restore Project Dependencies Using Mvn' 32 | shell: bash 33 | run: | 34 | pushd './${{ env.POM_XML_DIRECTORY }}' 35 | mvn clean package 36 | popd 37 | 38 | - name: 'Run Azure Functions Action' 39 | uses: Azure/functions-action@v1 40 | id: fa 41 | with: 42 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 43 | package: '${{ env.POM_XML_DIRECTORY }}' # if there are multiple function apps in same project, then this path will be like './${{ env.POM_XML_DIRECTORY }}/target/azure-functions/${{ env.POM_FUNCTIONAPP_NAME }' 44 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 45 | respect-pom-xml: true 46 | 47 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 48 | -------------------------------------------------------------------------------- /FunctionApp/windows-java-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Java project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | POM_XML_DIRECTORY: '.' # set this to the directory which contains pom.xml file 16 | JAVA_VERSION: '8' # set this to the java version to use (e.g. '8', '11', '17') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: windows-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: Setup Java Sdk ${{ env.JAVA_VERSION }} 27 | uses: actions/setup-java@v1 28 | with: 29 | java-version: ${{ env.JAVA_VERSION }} 30 | 31 | - name: 'Restore Project Dependencies Using Mvn' 32 | shell: pwsh 33 | run: | 34 | pushd './${{ env.POM_XML_DIRECTORY }}' 35 | mvn clean package 36 | popd 37 | 38 | - name: 'Run Azure Functions Action' 39 | uses: Azure/functions-action@v1 40 | id: fa 41 | with: 42 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 43 | package: '${{ env.POM_XML_DIRECTORY }}' # if there are multiple function apps in same project, then this path will be like './${{ env.POM_XML_DIRECTORY }}/target/azure-functions/${{ env.POM_FUNCTIONAPP_NAME }' 44 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 45 | respect-pom-xml: true 46 | 47 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 48 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/.github/workflows/workflow.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build and push a node.js application to an Azure Web App on every push to the master branch. 2 | # 3 | # To configure this workflow: 4 | # 1. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile. 5 | # 2. Change the value for AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION set as environment variables (below). 6 | # 7 | # For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions 8 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 9 | 10 | on: 11 | push: 12 | branches: 13 | - master 14 | 15 | env: 16 | AZURE_WEBAPP_NAME: nodeappgh # set this to your application's name 17 | AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root 18 | NODE_VERSION: '16.x' # set this to the node version to use 19 | 20 | jobs: 21 | build-and-deploy: 22 | name: Build and Deploy 23 | runs-on: ubuntu-latest 24 | steps: 25 | - uses: actions/checkout@v3 26 | - name: Use Node.js ${{ env.NODE_VERSION }} 27 | uses: actions/setup-node@v3 28 | with: 29 | node-version: ${{ env.NODE_VERSION }} 30 | - name: npm install, build, and test 31 | run: | 32 | # Build and test the project, then 33 | # deploy to Azure Web App. 34 | npm install 35 | npm run build --if-present 36 | # npm run test --if-present 37 | - name: 'Deploy to Azure WebApp' 38 | uses: azure/webapps-deploy@v2 39 | with: 40 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 41 | publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} 42 | package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} 43 | -------------------------------------------------------------------------------- /FunctionApp/windows-dotnet-functionapp-on-azure-rbac.yml: -------------------------------------------------------------------------------- 1 | name: Deploy DotNet project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Paste the RBAC json into the following secret in your repository: 10 | # AZURE_RBAC_CREDENTIALS 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | DOTNET_VERSION: '6.0.x' # set this to the dotnet version to use (e.g. '2.1.x', '3.1.x', '5.0.x') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: windows-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: 'Login via Azure CLI' 27 | uses: azure/login@v1 28 | with: 29 | creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} 30 | 31 | - name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment 32 | uses: actions/setup-dotnet@v3 33 | with: 34 | dotnet-version: ${{ env.DOTNET_VERSION }} 35 | 36 | - name: 'Resolve Project Dependencies Using Dotnet' 37 | shell: pwsh 38 | run: | 39 | pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' 40 | dotnet build --configuration Release --output ./output 41 | popd 42 | 43 | - name: 'Run Azure Functions Action' 44 | uses: Azure/functions-action@v1 45 | id: fa 46 | with: 47 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 48 | package: '${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}/output' 49 | 50 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 51 | -------------------------------------------------------------------------------- /FunctionApp/linux-python-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Python project to Azure Function App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_FUNCTIONAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure 15 | AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root 16 | PYTHON_VERSION: '3.9' # set this to the python version to use (e.g. '3.6', '3.7', '3.8') 17 | 18 | jobs: 19 | build-and-deploy: 20 | runs-on: ubuntu-latest 21 | environment: dev 22 | steps: 23 | - name: 'Checkout GitHub Action' 24 | uses: actions/checkout@v3 25 | 26 | - name: Setup Python ${{ env.PYTHON_VERSION }} Environment 27 | uses: actions/setup-python@v4 28 | with: 29 | python-version: ${{ env.PYTHON_VERSION }} 30 | 31 | - name: 'Resolve Project Dependencies Using Pip' 32 | shell: bash 33 | run: | 34 | pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}' 35 | python -m pip install --upgrade pip 36 | pip install -r requirements.txt --target=".python_packages/lib/site-packages" 37 | popd 38 | 39 | - name: 'Run Azure Functions Action' 40 | uses: Azure/functions-action@v1 41 | id: fa 42 | with: 43 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 44 | package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} 45 | publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} 46 | scm-do-build-during-deployment: true 47 | enable-oryx-build: true 48 | 49 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 50 | -------------------------------------------------------------------------------- /AppService/asp.net-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy ASP.NET MVC App deploy to Azure Web App 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | pull_request: 8 | branches: 9 | - '*' 10 | # CONFIGURATION 11 | # For help, go to https://github.com/Azure/Actions 12 | # 13 | # 1. Set up the following secrets in your repository: 14 | # AZURE_WEBAPP_PUBLISH_PROFILE 15 | # 16 | # 2. Change these variables for your configuration: 17 | env: 18 | AZURE_WEBAPP_NAME: your-app-name # set this to your application's name 19 | AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root 20 | NUGET_VERSION: '5.3.x' # set this to the dot net version to use 21 | 22 | jobs: 23 | build-and-deploy: 24 | runs-on: windows-latest 25 | environment: dev 26 | steps: 27 | 28 | # checkout the repo 29 | - uses: actions/checkout@v3 30 | 31 | - name: Install Nuget 32 | uses: nuget/setup-nuget@v1 33 | with: 34 | nuget-version: ${{ env.NUGET_VERSION}} 35 | - name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file 36 | run: nuget restore 37 | 38 | - name: Add msbuild to PATH 39 | uses: microsoft/setup-msbuild@v1.0.0 40 | 41 | - name: Run MSBuild 42 | run: msbuild .\SampleWebApplication.sln 43 | 44 | - name: 'Run Azure webapp deploy action using publish profile credentials' 45 | uses: azure/webapps-deploy@v2 46 | with: 47 | app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name 48 | publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # Define secret variable in repository settings as per action documentation 49 | package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/' 50 | 51 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 52 | -------------------------------------------------------------------------------- /AppService/asp.net-core-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy ASP.NET Core app to Azure Web App 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | pull_request: 8 | branches: 9 | - '*' 10 | # CONFIGURATION 11 | # For help, go to https://github.com/Azure/Actions 12 | # 13 | # 1. Set up the following secrets in your repository: 14 | # AZURE_WEBAPP_PUBLISH_PROFILE 15 | # 16 | # 2. Change these variables for your configuration: 17 | env: 18 | AZURE_WEBAPP_NAME: your-app-name # set this to your application's name 19 | AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root 20 | DOTNET_VERSION: '7.0.x' # set this to the dot net version to use 21 | 22 | jobs: 23 | build-and-deploy: 24 | runs-on: ubuntu-latest 25 | environment: dev 26 | steps: 27 | 28 | # Checkout the repo 29 | - uses: actions/checkout@v3 30 | 31 | # Setup .NET Core SDK 32 | - name: Setup .NET Core 33 | uses: actions/setup-dotnet@v1 34 | with: 35 | dotnet-version: ${{ env.DOTNET_VERSION }} 36 | 37 | # Run dotnet build and publish 38 | - name: dotnet build and publish 39 | run: | 40 | dotnet restore 41 | dotnet build --configuration Release 42 | dotnet publish -c Release -o '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp' 43 | 44 | # Deploy to Azure Web apps 45 | - name: 'Run Azure webapp deploy action using publish profile credentials' 46 | uses: azure/webapps-deploy@v2 47 | with: 48 | app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name 49 | publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # Define secret variable in repository settings as per action documentation 50 | package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp' 51 | 52 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 53 | -------------------------------------------------------------------------------- /AzureCLI/Az-cli-Provision-Webapp.yml: -------------------------------------------------------------------------------- 1 | name: workflow to Create an Azure Web app, build and deploy Docker app to the Azure app 2 | 3 | on: push 4 | 5 | # CONFIGURATION 6 | # For help, go to https://github.com/Azure/Actions 7 | # 8 | # Set up the following secrets in your repository: 9 | # AZURE_CREDENTIALS, REGISTRY_USERNAME, REGISTRY_PASSWORD, AZURE_DEVOPS_TOKEN 10 | # 2. Change these variables for your configuration: 11 | env: 12 | AZURE_RESOURCE_GROUP: ActionsDemo # set this to your Azure Resource group's name 13 | AZURE_WEBAPP_NAME: AppWithContainer1 # set this to your application's name 14 | AZURE_APP_PLAN: ActionPlan # set this to your App service plan's name 15 | CONTAINER_REGISTRY: actionregistry.azurecr.io # set this to Container Registry name 16 | 17 | jobs: 18 | build-and-deploy-to-dev: 19 | runs-on: ubuntu-latest 20 | environment: dev 21 | steps: 22 | - uses: actions/checkout@master 23 | 24 | # Authentication 25 | - uses: azure/login@v1 26 | with: 27 | creds: ${{ secrets.AZURE_CREDENTIALS }} 28 | - uses: azure/docker-login@v1 29 | with: 30 | login-server: ${{ env.CONTAINER_REGISTRY }} 31 | username: ${{ secrets.REGISTRY_USERNAME }} 32 | password: ${{ secrets.REGISTRY_PASSWORD }} 33 | 34 | # Authentication 35 | - run: | 36 | docker build . -t ${{ env.CONTAINER_REGISTRY }}/app:latest 37 | docker push ${{ env.CONTAINER_REGISTRY }}/app:latest 38 | 39 | # Provision a new Web App 40 | - name: Azure CLI script to create a new Web App for Container 41 | uses: azure/CLI@v1 42 | with: 43 | azcliversion: latest 44 | inlineScript: | 45 | az account show 46 | az webapp create --resource-group ${{ env.AZURE_RESOURCE_GROUP }} --plan ${{ env.AZURE_APP_PLAN }} --name ${{ env.AZURE_WEBAPP_NAME }} -i nginx 47 | 48 | - uses: azure/webapps-container-deploy@v1 49 | with: 50 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 51 | images: '${{ env.CONTAINER_REGISTRY }}/app:latest' 52 | -------------------------------------------------------------------------------- /ARM/SubscriptionScope-ARM-Deployment.yml: -------------------------------------------------------------------------------- 1 | name: workflow to deploy an ARM Template to a Subscription Scope 2 | on: push 3 | 4 | # CONFIGURATION 5 | # For help, go to https://github.com/Azure/Actions 6 | 7 | env: 8 | AZURE_SUBSCRIPTION_ID: << Subscription Id >> # set this to your Azure Subscription Id 9 | 10 | jobs: 11 | build-and-deploy-to-dev: 12 | runs-on: ubuntu-latest 13 | steps: 14 | 15 | # Authentication 16 | # Set up the following secrets in your repository: AZURE_CREDENTIALS 17 | # Below *az ad* command scopes the service principal to a specific Azure subscription *{subscription-id}* 18 | # az ad sp create-for-rbac --name "myApp" --role contributor --scopes /subscriptions/{subscription-id} --sdk-auth 19 | # Replace {subscription-id} with the your subscription, resource group details. 20 | # Example: az ad sp create-for-rbac --name "myApp" --role contributor --scopes /subscriptions/e1046c08-7072-****-****-************ --sdk-auth 21 | # Place the output of the above command as value of secret variable - AZURE_CREDENTIALS 22 | # For details on usage of secrets, please refer https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 23 | - name: Azure Login 24 | uses: azure/login@v1 25 | with: 26 | creds: ${{ secrets.AZURE_CREDENTIALS }} 27 | 28 | # Checkout 29 | - name: Checkout 30 | uses: actions/checkout@v1 31 | 32 | # Deployment of template 33 | - name: Deploy ARM Template 34 | uses: azure/arm-deploy@v1 35 | with: 36 | # You can change these environment variables for your configuration: AZURE_SUBSCRIPTION_ID 37 | scope: subscription 38 | subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }} 39 | region: centralus # Set this to your target region 40 | template: $GITHUB_WORKSPACE/azuredeploy.json # Set this to the location of your template file 41 | parameters: $GITHUB_WORKSPACE/azuredeploy.parameters.json # Set this to the location of your parameters file 42 | -------------------------------------------------------------------------------- /FunctionApp/linux-container-functionapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | # Action Requires 2 | # 1. Setup the AZURE_CREDENTIALS secrets in your GitHub Repository 3 | # 2. Setup the REGISTRY_USERNAME secrets in your GitHub Repository 4 | # 3. Setup the REGISTRY_PASSWORD secrets in your GitHub Repository 5 | # 4. Replace REGISTRY, NAMESPACE, IMAGE, TAG in the following template with proper values 6 | # 5. Add this yaml file to your project's .github/workflows/ 7 | # 6. Push your local project to your GitHub Repository 8 | 9 | name: Linux_Container_Workflow 10 | 11 | on: 12 | push: 13 | branches: 14 | - master 15 | 16 | jobs: 17 | build-and-deploy: 18 | runs-on: ubuntu-latest 19 | environment: dev 20 | steps: 21 | - name: 'Checkout GitHub Action' 22 | uses: actions/checkout@v3 23 | 24 | - name: 'Login via Azure CLI' 25 | uses: azure/login@v1 26 | with: 27 | creds: ${{ secrets.AZURE_CREDENTIALS }} 28 | 29 | - name: 'Docker Login' 30 | uses: azure/docker-login@v1 31 | with: 32 | login-server: contoso.azurecr.io 33 | username: ${{ secrets.REGISTRY_USERNAME }} 34 | password: ${{ secrets.REGISTRY_PASSWORD }} 35 | 36 | - name: 'Compose Customized Docker Image' 37 | shell: bash 38 | run: | 39 | # If your function app project is not located in your repository's root 40 | # Please change the path to your directory for docker build 41 | docker build . -t REGISTRY/NAMESPACE/IMAGE:TAG 42 | docker push REGISTRY/NAMESPACE/IMAGE:TAG 43 | 44 | - name: 'Run Azure Functions Container Action' 45 | uses: Azure/functions-container-action@v1 46 | id: fa 47 | with: 48 | app-name: PLEASE_REPLACE_THIS_WITH_YOUR_FUNCTION_APP_NAME 49 | image: REGISTRY/NAMESPACE/IMAGE:TAG 50 | 51 | #- name: 'use the published functionapp url in upcoming steps' 52 | # run: | 53 | # echo "${{ steps.fa.outputs.app-url }}" 54 | 55 | - name: Azure logout 56 | run: | 57 | az logout 58 | 59 | # For more information on GitHub Actions: 60 | # https://help.github.com/en/categories/automating-your-workflow-with-github-actions 61 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/app.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | var debug = require('debug'); 3 | var express = require('express'); 4 | var path = require('path'); 5 | var favicon = require('serve-favicon'); 6 | var logger = require('morgan'); 7 | var cookieParser = require('cookie-parser'); 8 | var bodyParser = require('body-parser'); 9 | 10 | var routes = require('./routes/index'); 11 | var users = require('./routes/users'); 12 | 13 | var server; 14 | var app = express(); 15 | 16 | // view engine setup 17 | app.set('views', path.join(__dirname, 'views')); 18 | app.set('view engine', 'pug'); 19 | 20 | // uncomment after placing your favicon in /public 21 | //app.use(favicon(__dirname + '/public/favicon.ico')); 22 | app.use(logger('dev')); 23 | app.use(bodyParser.json()); 24 | app.use(bodyParser.urlencoded({ extended: false })); 25 | app.use(cookieParser()); 26 | app.use(express.static(path.join(__dirname, 'public'))); 27 | 28 | app.use('/', routes); 29 | app.use('/users', users); 30 | 31 | // catch 404 and forward to error handler 32 | app.use(function (req, res, next) { 33 | var err = new Error('Not Found'); 34 | err.status = 404; 35 | next(err); 36 | }); 37 | 38 | // error handlers 39 | 40 | // development error handler 41 | // will print stacktrace 42 | if (app.get('env') === 'development') { 43 | app.use(function (err, req, res, next) { 44 | res.status(err.status || 500); 45 | res.render('error', { 46 | message: err.message, 47 | error: err 48 | }); 49 | }); 50 | } 51 | 52 | // production error handler 53 | // no stacktraces leaked to user 54 | app.use(function (err, req, res, next) { 55 | res.status(err.status || 500); 56 | res.render('error', { 57 | message: err.message, 58 | error: {} 59 | }); 60 | }); 61 | 62 | app.set('port', process.env.PORT || 3000); 63 | 64 | exports.listen = function () { 65 | server = app.listen(app.get('port'), function () { 66 | debug('Express server listening on port ' + server.address().port); 67 | }); 68 | } 69 | 70 | exports.close = function () { 71 | server.close(() => { 72 | debug('Server stopped.'); 73 | }); 74 | } 75 | 76 | this.listen(); 77 | -------------------------------------------------------------------------------- /AppService/node.js-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Node.js to Azure Web App 2 | 3 | on: 4 | [push] 5 | 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # 9 | # 1. Set up the following secrets in your repository: 10 | # AZURE_WEBAPP_PUBLISH_PROFILE 11 | # 12 | # 2. Change these variables for your configuration: 13 | env: 14 | AZURE_WEBAPP_NAME: your-app-name # set this to your application's name 15 | AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root 16 | NODE_VERSION: '16.x' # set this to the node version to use 17 | 18 | jobs: 19 | build: 20 | runs-on: ubuntu-latest 21 | 22 | steps: 23 | - uses: actions/checkout@v4 24 | 25 | - name: Set up Node.js version 26 | uses: actions/setup-node@v3 27 | with: 28 | node-version: ${{ env.NODE_VERSION }} 29 | 30 | - name: npm install, build, and test 31 | run: | 32 | npm install 33 | npm run build --if-present 34 | # npm run test --if-present 35 | 36 | - name: Upload artifact for deployment job 37 | uses: actions/upload-artifact@v3 38 | with: 39 | name: node-app 40 | path: . 41 | 42 | deploy: 43 | runs-on: ubuntu-latest 44 | needs: build 45 | environment: 46 | name: 'production' 47 | url: ${{ steps.deploy-to-webapp.outputs.webapp-url }} 48 | 49 | steps: 50 | - name: Download artifact from build job 51 | uses: actions/download-artifact@v3 52 | with: 53 | name: node-app 54 | 55 | - name: 'Deploy to Azure Web App' 56 | id: deploy-to-webapp 57 | uses: azure/webapps-deploy@v2 58 | with: 59 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 60 | slot-name: 'production' 61 | publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} 62 | package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} 63 | 64 | # For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions 65 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 66 | -------------------------------------------------------------------------------- /End-to-End/Serverless-web-application/README.md: -------------------------------------------------------------------------------- 1 | # Action samples for deploying Serverless Web Application architecture 2 | 3 | This sample references an architecture of a serverless web application. The application serves static Angular.JS content from Azure Blob Storage (Static Website), and implements REST APIs for CRUD of a to do list with Azure Functions. The API reads data from Cosmos DB and returns the results to the web app. The GitHub workflow uses Azure Bicep for Infrastructure as Code to deploy and configure Azure resources. 4 | 5 | ## Workflows 6 | 7 | This repo contains three GitHub workflow samples. A walk-through and complete artifacts, including sample codes and Bicep files, can be found [here](https://github.com/Azure-Samples/serverless-web-application). 8 | 9 | * [Create Azure Resource (IaC)](azure-infra-cicd.yml) workflow validates Bicep files and creates Azure resources necessary to host the sample solution. The Bicep file will create the following resources as a pre-requisite to the next two workflows: 10 | 11 | - Azure API Management. 12 | - Azure CDN. 13 | - Azure Cosmos DB for MongolDB. 14 | - Azure Functions (Windows). 15 | - Azure Key Vault option to BYO. 16 | - Azure Storage Account for hosting Static Website. 17 | 18 | * [Build and publish .NET](functions-api-cicd.yml) workflow build .NET Core application and publish it to Azure Function. It also import the HTTP Trigger Functions as API's to the API Management using Bicep. This requires that Functions must be able to generate an OpenAPI specification. 19 | 20 | * [Build and publish Angular (SPA)](spa-cicd.yml) workflow build Angular application and publish it to Azure Storage Account as a static website. This workflow will register both client and API applications in Azure Active Directory tenant of your subscription for authentication. It also purge Azure CDN to refresh static web content. 21 | 22 | ## Contributing 23 | 24 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. -------------------------------------------------------------------------------- /Terraform/README.md: -------------------------------------------------------------------------------- 1 | # Action Samples for deploying using Terraform 2 | 3 | With Terraform workflows, you can automate your terraform templates to deploy to Azure. 4 | 5 | Terraform templates use Azure Resource Manager to deploy resources to Azure. More details on Terraform Provider for Azure can be found [here](https://www.terraform.io/docs/providers/azurerm/index.html). 6 | 7 | ## Configure Azure credentials 8 | 9 | To fetch the credentials required to authenticate with Azure, run the following command: 10 | 11 | ```sh 12 | az ad sp create-for-rbac --name "myApp" --role contributor \ 13 | --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \ 14 | --sdk-auth 15 | 16 | # Replace {subscription-id}, {resource-group} with the subscription, resource group details 17 | 18 | # The command should output a JSON object similar to the example below 19 | 20 | { 21 | "clientId": "", 22 | "clientSecret": "", 23 | "subscriptionId": "", 24 | "tenantId": "", 25 | (...) 26 | } 27 | ``` 28 | 29 | Add the JSON output as secrets TF_VAR_agent_client_id, TF_VAR_agent_client_secret, TF_VAR_subscription_id, TF_VAR_tenant_id in the GitHub repository. For steps to create and storing secrets, please check [here](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) 30 | 31 | The terraform deployment actions expects the terraform templates to be stored in the root directory. If the terraform templates are stored in a different directory, update the path to terraform actions. More information on terraform actions can be found [here](https://www.terraform.io/docs/github-actions/setup-terraform.html) 32 | 33 | For additional help on how use Azure actions, please refer [here](https://github.com/Azure/Actions) 34 | 35 | ## Terraform Sample Templates 36 | 37 | For additional terraform sample templates for Azure deployment, please refer to these [quick-start templates](https://github.com/Azure/terraform/tree/master/quickstart) 38 | 39 | ## GitHub Action Workflows 40 | 41 | For more samples to get started with GitHub Action workflows to deploy to Azure refer [here](https://github.com/Azure/actions-workflow-samples) 42 | -------------------------------------------------------------------------------- /AppService/python-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | # Python on Linux Web App 2 | # Build a Python project (using Django/Flask/Bottle frameworks) and deploy it to Azure as a Linux web app. 3 | name: Deploy Python package to Azure Web App as a Linux web app. 4 | on: 5 | [push] 6 | # CONFIGURATION 7 | # For help, go to https://github.com/Azure/Actions 8 | # See this in-depth article on CI for Python applications: https://azure.github.io/AppService/2020/12/11/cicd-for-python-apps.html 9 | # 10 | # 1. Set up the following secrets in your repository: 11 | # AZURE_CREDENTIALS_GITHUB_SECRET 12 | # 13 | # 2. Change these variables for your configuration: 14 | env: 15 | AZURE_WEBAPP_NAME: my-app # set this to your application's name 16 | WORKING_DIRECTORY: '.' # set this to the path to your path of working directory inside github repository, defaults to the repository root 17 | PYTHON_VERSION: '3.10' # set the version to use 18 | STARTUP_COMMAND: '' # set this to the startup command required to start the gunicorn server. default it is empty 19 | 20 | name: Build and deploy Python app 21 | jobs: 22 | build-and-deploy: 23 | runs-on: ubuntu-latest 24 | environment: dev 25 | steps: 26 | # checkout the repo 27 | - uses: actions/checkout@v3 28 | # setup python 29 | - name: Setup Python 30 | uses: actions/setup-python@v1 31 | with: 32 | python-version: ${{ env.PYTHON_VERSION }} 33 | # install dependencies 34 | - name: python install 35 | working-directory: ${{ env.WORKING_DIRECTORY }} 36 | run: | 37 | sudo apt install python${{ env.PYTHON_VERSION }}-venv 38 | python -m venv --copies antenv 39 | source antenv/bin/activate 40 | pip install setuptools 41 | pip install -r requirements.txt 42 | # Azure login 43 | - uses: azure/login@v1 44 | with: 45 | creds: ${{ secrets.AZURE_CREDENTIALS_GITHUB_SECRET }} 46 | - uses: azure/appservice-settings@v1 47 | with: 48 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 49 | mask-inputs: false 50 | general-settings-json: '{"linuxFxVersion": "PYTHON|${{ env.PYTHON_VERSION }}"}' #'General configuration settings as Key Value pairs' 51 | # deploy web app 52 | - uses: azure/webapps-deploy@v2 53 | with: 54 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 55 | package: ${{ env.WORKING_DIRECTORY }} 56 | startup-command: ${{ env.STARTUP_COMMAND }} 57 | # Azure logout 58 | - name: logout 59 | run: | 60 | az logout 61 | -------------------------------------------------------------------------------- /AppService/Python-GHA-Samples/Python-Local-Built-Deploy-Sample.yml: -------------------------------------------------------------------------------- 1 | # Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy 2 | # More GitHub Actions for Azure: https://github.com/Azure/actions 3 | # More info on Python, GitHub Actions, and Azure App Service: https://aka.ms/python-webapps-actions 4 | 5 | name: Build and Deploy Locally Built Python app to Azure Linux Web App 6 | 7 | on: 8 | push: 9 | branches: 10 | - main 11 | workflow_dispatch: 12 | 13 | env: 14 | PYTHON_VERSION: '3.x' # Set the python version to use 15 | AZURE_WEBAPP_NAME: 'my-app' # Set this to your application's name 16 | WORKING_DIRECTORY: '.' # Set this to the path which is to be deployed to Web App. Defaults to the repository root 17 | STARTUP_COMMAND: '' # Set this to the startup command required to start the application. Default used is gunicorn for Flask/Django apps. Best practice: When using startup commands besides gunicorn while deploying locally built setup, explicitly mention python3 with the startup command such as 'python3 -m uvicorn main:app --host 0.0.0.0 --port ${PORT:-8000}' 18 | SLOT_NAME: 'Production' # Set this to your deployment slot name, default is 'Production' 19 | 20 | jobs: 21 | build-and-deploy: 22 | runs-on: ubuntu-latest 23 | permissions: 24 | id-token: write # This is required for requesting the JWT 25 | contents: read # This is required for actions/checkout 26 | 27 | steps: 28 | - uses: actions/checkout@v4 29 | 30 | 31 | - name: Set up Python version 32 | uses: actions/setup-python@v5 33 | with: 34 | python-version: ${{ env.PYTHON_VERSION }} 35 | 36 | 37 | - name: Create and Start virtual environment and Install dependencies 38 | run: | 39 | python -m venv antenv 40 | source antenv/bin/activate 41 | pip install -r requirements.txt 42 | 43 | 44 | - name: Login to Azure 45 | uses: azure/login@v2 46 | with: 47 | client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID }} 48 | tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID }} 49 | subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID }} 50 | 51 | 52 | - name: 'Deploy to Azure Web App' 53 | uses: azure/webapps-deploy@v3 54 | id: deploy-to-webapp 55 | with: 56 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 57 | package: ${{ env.WORKING_DIRECTORY }} 58 | slot-name: ${{ env.SLOT_NAME }} 59 | startup-command: ${{ env.STARTUP_COMMAND }} 60 | 61 | 62 | - name: 'Logout of Azure' 63 | if: always() 64 | run: | 65 | az logout -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | * Full paths of source file(s) related to the manifestation of the issue 23 | * The location of the affected source code (tag/branch/commit or direct URL) 24 | * Any special configuration required to reproduce the issue 25 | * Step-by-step instructions to reproduce the issue 26 | * Proof-of-concept or exploit code (if possible) 27 | * Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). 40 | 41 | 42 | -------------------------------------------------------------------------------- /Kubernetes/build-and-deploy-docker-image-aks-using-manifests.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Set up the following secrets in your workspace: 6 | # a. REGISTRY_USERNAME with ACR username 7 | # b. REGISTRY_PASSWORD with ACR Password 8 | # c. AZURE_CREDENTIALS with the output of `az ad sp create-for-rbac --sdk-auth` 9 | # 10 | # 2. Change the values for the REGISTRY_NAME, CLUSTER_NAME, CLUSTER_RESOURCE_GROUP and NAMESPACE environment variables (below). 11 | 12 | on: [push] 13 | 14 | # Environment variables available to all jobs and steps in this workflow 15 | env: 16 | REGISTRY_NAME: my-registry-name 17 | CLUSTER_NAME: my-cluster-name 18 | CLUSTER_RESOURCE_GROUP: my-cluster-resource-group 19 | NAMESPACE: default 20 | 21 | jobs: 22 | build: 23 | runs-on: ubuntu-latest 24 | environment: dev 25 | steps: 26 | - uses: actions/checkout@master 27 | 28 | # Connect to Azure Container registry (ACR) 29 | - uses: azure/docker-login@v1 30 | with: 31 | login-server: ${{ env.REGISTRY_NAME }}.azurecr.io 32 | username: ${{ secrets.REGISTRY_USERNAME }} 33 | password: ${{ secrets.REGISTRY_PASSWORD }} 34 | 35 | # Container build and push to a Azure Container registry (ACR) 36 | - run: | 37 | docker build . -t ${{ env.REGISTRY_NAME }}.azurecr.io/myimage:${{ github.sha }} 38 | docker push ${{ env.REGISTRY_NAME }}.azurecr.io/myimage:${{ github.sha }} 39 | 40 | # Set the target Azure Kubernetes Service (AKS) cluster. 41 | - uses: azure/aks-set-context@v1 42 | with: 43 | creds: '${{ secrets.AZURE_CREDENTIALS }}' 44 | cluster-name: ${{ env.CLUSTER_NAME }} 45 | resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }} 46 | 47 | # Create namespace if doesn't exist 48 | - run: | 49 | kubectl create namespace ${{ env.NAMESPACE }} --dry-run -o json | kubectl apply -f - 50 | 51 | # Create imagepullsecret for Azure Container registry (ACR) 52 | - uses: azure/k8s-create-secret@v1 53 | with: 54 | container-registry-url: ${{ env.REGISTRY_NAME }}.azurecr.io 55 | container-registry-username: ${{ secrets.REGISTRY_USERNAME }} 56 | container-registry-password: ${{ secrets.REGISTRY_PASSWORD }} 57 | secret-name: ${{ env.REGISTRY_NAME }}-registry-connection 58 | namespace: ${{ env.NAMESPACE }} 59 | 60 | # Deploy app to AKS 61 | - uses: azure/k8s-deploy@v1 62 | with: 63 | manifests: | 64 | manifests/deployment.yml 65 | manifests/service.yml 66 | images: | 67 | ${{ env.REGISTRY_NAME }}.azurecr.io/myimage:${{ github.sha }} 68 | imagepullsecrets: | 69 | ${{ env.REGISTRY_NAME }}-registry-connection 70 | namespace: ${{ env.NAMESPACE }} 71 | -------------------------------------------------------------------------------- /AppService/Python-GHA-Samples/Python-Poetry-Sample.yml: -------------------------------------------------------------------------------- 1 | # Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy 2 | # More GitHub Actions for Azure: https://github.com/Azure/actions 3 | # More info on Python, GitHub Actions, and Azure App Service: https://aka.ms/python-webapps-actions 4 | 5 | name: Build and Deploy Python app to Azure Linux Web App 6 | 7 | on: 8 | push: 9 | branches: 10 | - main 11 | workflow_dispatch: 12 | 13 | env: 14 | PYTHON_VERSION: '3.x' # Set the python version to use 15 | AZURE_WEBAPP_NAME: 'my-app' # Set this to your application's name 16 | WORKING_DIRECTORY: '.' # Set this to the path which is to be deployed to Web App. Defaults to the repository root 17 | STARTUP_COMMAND: '' # Set this to the startup command required to start the application. Default used is gunicorn for Flask/Django apps 18 | SLOT_NAME: 'Production' # Set this to your deployment slot name, default is 'Production' 19 | 20 | jobs: 21 | build-and-deploy: 22 | runs-on: ubuntu-latest 23 | permissions: 24 | id-token: write # This is required for requesting the JWT 25 | contents: read # This is required for actions/checkout 26 | 27 | steps: 28 | - uses: actions/checkout@v4 29 | 30 | 31 | - name: Set up Python version 32 | uses: actions/setup-python@v5 33 | with: 34 | python-version: ${{ env.PYTHON_VERSION }} 35 | 36 | 37 | - name: Create and Start virtual environment and Install dependencies with Poetry 38 | run: | 39 | pip install poetry 40 | python -m venv antenv 41 | source antenv/bin/activate 42 | poetry install --only main 43 | 44 | 45 | # If the SCM_DO_BUILD_DURING_DEPLOYMENT setting is enabled (set to true), the platform uses Oryx during deployment to build the application and install dependencies (for example, running `pip install`). Since the build happens on the platform, we exclude the antenv virtual environment folder from the deployment package. This helps reduce the size of the deployment artifact and avoids sending unnecessary files that will be recreated during the build process. 46 | - name: Cleanup Venv for Deployment 47 | run: | 48 | rm -rf antenv 49 | 50 | 51 | - name: Login to Azure 52 | uses: azure/login@v2 53 | with: 54 | client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID }} 55 | tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID }} 56 | subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID }} 57 | 58 | 59 | - name: 'Deploy to Azure Web App' 60 | uses: azure/webapps-deploy@v3 61 | id: deploy-to-webapp 62 | with: 63 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 64 | package: ${{ env.WORKING_DIRECTORY }} 65 | slot-name: ${{ env.SLOT_NAME }} 66 | startup-command: ${{ env.STARTUP_COMMAND }} 67 | 68 | 69 | - name: 'Logout of Azure' 70 | if: always() 71 | run: | 72 | az logout -------------------------------------------------------------------------------- /AppService/Python-GHA-Samples/Python-SetupPy-Sample.yml: -------------------------------------------------------------------------------- 1 | # Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy 2 | # More GitHub Actions for Azure: https://github.com/Azure/actions 3 | # More info on Python, GitHub Actions, and Azure App Service: https://aka.ms/python-webapps-actions 4 | 5 | name: Build and Deploy Python app to Azure Linux Web App 6 | 7 | on: 8 | push: 9 | branches: 10 | - main 11 | workflow_dispatch: 12 | 13 | env: 14 | PYTHON_VERSION: '3.x' # Set the python version to use 15 | AZURE_WEBAPP_NAME: 'my-app' # Set this to your application's name 16 | WORKING_DIRECTORY: '.' # Set this to the path which is to be deployed to Web App. Defaults to the repository root 17 | STARTUP_COMMAND: '' # Set this to the startup command required to start the application. Default used is gunicorn for Flask/Django apps 18 | SLOT_NAME: 'Production' # Set this to your deployment slot name, default is 'Production' 19 | 20 | jobs: 21 | build-and-deploy: 22 | runs-on: ubuntu-latest 23 | permissions: 24 | id-token: write # This is required for requesting the JWT 25 | contents: read # This is required for actions/checkout 26 | 27 | steps: 28 | - uses: actions/checkout@v4 29 | 30 | 31 | - name: Set up Python version 32 | uses: actions/setup-python@v5 33 | with: 34 | python-version: ${{ env.PYTHON_VERSION }} 35 | 36 | 37 | - name: Create and Start virtual environment and Install dependencies with setup.py 38 | run: | 39 | pip install --upgrade pip setuptools wheel 40 | python -m venv antenv 41 | source antenv/bin/activate 42 | pip install -e . 43 | 44 | 45 | # If the SCM_DO_BUILD_DURING_DEPLOYMENT setting is enabled (set to true), the platform uses Oryx during deployment to build the application and install dependencies (for example, running `pip install`). Since the build happens on the platform, we exclude the antenv virtual environment folder from the deployment package. This helps reduce the size of the deployment artifact and avoids sending unnecessary files that will be recreated during the build process. 46 | - name: Cleanup Venv for Deployment 47 | run: | 48 | rm -rf antenv 49 | 50 | 51 | - name: Login to Azure 52 | uses: azure/login@v2 53 | with: 54 | client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID }} 55 | tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID }} 56 | subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID }} 57 | 58 | 59 | - name: 'Deploy to Azure Web App' 60 | uses: azure/webapps-deploy@v3 61 | id: deploy-to-webapp 62 | with: 63 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 64 | package: ${{ env.WORKING_DIRECTORY }} 65 | slot-name: ${{ env.SLOT_NAME }} 66 | startup-command: ${{ env.STARTUP_COMMAND }} 67 | 68 | 69 | - name: 'Logout of Azure' 70 | if: always() 71 | run: | 72 | az logout -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/powershell-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Deploy PowerShell project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your PowerShell project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action). 6 | # 7 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 8 | # For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended 9 | # 10 | # 2. Add the following values from the managed identity to your repo's variables: 11 | # AZURE_CLIENT_ID 12 | # AZURE_TENANT_ID 13 | # AZURE_SUBSCRIPTION_ID 14 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 15 | # 16 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run. 17 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 18 | # 19 | # 4. Change the variables in the `env` section according to your project: 20 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 21 | 22 | on: 23 | push: 24 | branches: [ main ] 25 | workflow_dispatch: 26 | 27 | env: 28 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # Set this to your function app name on Azure 29 | AZURE_FUNCTIONAPP_PROJECT_PATH: '.' # Set this to the path to your function app project, defaults to the repository root. The deploy action will package the contents of this path. 30 | 31 | jobs: 32 | # PowerShell projects do not require a build step 33 | deploy: 34 | runs-on: windows-latest # For PowerShell projects, the OS of the runner does not affect deployment. You may use either ubuntu-latest or windows-latest. 35 | permissions: 36 | id-token: write # Required for OIDC 37 | contents: read # Required for actions/checkout 38 | steps: 39 | - name: 'Checkout repository' 40 | uses: actions/checkout@v4 41 | 42 | # Perform additional steps such as running tests, if needed 43 | 44 | - name: 'Log in to Azure with AZ CLI' 45 | uses: azure/login@v2 46 | with: 47 | client-id: ${{ vars.AZURE_CLIENT_ID }} 48 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 49 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 50 | 51 | - name: 'Run the Azure Functions action' 52 | uses: Azure/functions-action@v1 53 | id: deploy-to-function-app 54 | with: 55 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 56 | package: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 57 | 58 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /Kubernetes/build-and-deploy-docker-image-to-aks-using-helm.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service using a helm chart. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Set up the following secrets in your workspace: 6 | # a. REGISTRY_USERNAME with ACR username 7 | # b. REGISTRY_PASSWORD with ACR Password 8 | # c. AZURE_CREDENTIALS with the output of `az ad sp create-for-rbac --sdk-auth` 9 | # 10 | # 2. Change the values for the REGISTRY_NAME, CLUSTER_NAME, CLUSTER_RESOURCE_GROUP and NAMESPACE environment variables (below). 11 | 12 | on: [push] 13 | 14 | # Environment variables available to all jobs and steps in this workflow 15 | env: 16 | REGISTRY_NAME: my-registry-name 17 | CLUSTER_NAME: my-cluster-name 18 | CLUSTER_RESOURCE_GROUP: my-cluster-resource-group 19 | NAMESPACE: default 20 | 21 | jobs: 22 | build: 23 | runs-on: ubuntu-latest 24 | environment: dev 25 | steps: 26 | - uses: actions/checkout@master 27 | 28 | # Connect to Azure Container registry (ACR) 29 | - uses: azure/docker-login@v1 30 | with: 31 | login-server: ${{ env.REGISTRY_NAME }}.azurecr.io 32 | username: ${{ secrets.REGISTRY_USERNAME }} 33 | password: ${{ secrets.REGISTRY_PASSWORD }} 34 | 35 | # Container build and push to a Azure Container registry (ACR) 36 | - run: | 37 | docker build . -t ${{ env.REGISTRY_NAME }}.azurecr.io/myimage:${{ github.sha }} 38 | docker push ${{ env.REGISTRY_NAME }}.azurecr.io/myimage:${{ github.sha }} 39 | 40 | # Set the target Azure Kubernetes Service (AKS) cluster. 41 | - uses: azure/aks-set-context@v1 42 | with: 43 | creds: '${{ secrets.AZURE_CREDENTIALS }}' 44 | cluster-name: ${{ env.CLUSTER_NAME }} 45 | resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }} 46 | 47 | # Create namespace if doesn't exist 48 | - run: | 49 | kubectl create namespace ${{ env.NAMESPACE }} --dry-run -o json | kubectl apply -f - 50 | 51 | # Create imagepullsecret for Azure Container registry (ACR) 52 | - uses: azure/k8s-create-secret@v1 53 | with: 54 | container-registry-url: ${{ env.REGISTRY_NAME }}.azurecr.io 55 | container-registry-username: ${{ secrets.REGISTRY_USERNAME }} 56 | container-registry-password: ${{ secrets.REGISTRY_PASSWORD }} 57 | secret-name: ${{ env.REGISTRY_NAME }}-registry-connection 58 | namespace: ${{ env.NAMESPACE }} 59 | 60 | # Baking the helm chart to generate the manifests to deploy 61 | - uses: azure/k8s-bake@v1 62 | with: 63 | renderEngine: 'helm2' 64 | helmChart: './my-helm-chart/' 65 | helm-version: 'latest' 66 | id: bake 67 | 68 | # Deploy app to AKS 69 | - uses: azure/k8s-deploy@v1 70 | with: 71 | manifests: ${{ steps.bake.outputs.manifestsBundle }} 72 | images: | 73 | ${{ env.REGISTRY_NAME }}.azurecr.io/myimage:${{ github.sha }} 74 | imagepullsecrets: | 75 | ${{ env.REGISTRY_NAME }}-registry-connection 76 | namespace: ${{ env.NAMESPACE }} 77 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/Web.config: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 32 | 33 | 35 | 36 | 37 | 38 | 40 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 79 | -------------------------------------------------------------------------------- /AppService/Python-GHA-Samples/Python-PyProject-Uv-Sample.yml: -------------------------------------------------------------------------------- 1 | # Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy 2 | # More GitHub Actions for Azure: https://github.com/Azure/actions 3 | # More info on Python, GitHub Actions, and Azure App Service: https://aka.ms/python-webapps-actions 4 | 5 | name: Build and Deploy Python app to Azure Linux Web App using uv 6 | 7 | on: 8 | push: 9 | branches: 10 | - main 11 | workflow_dispatch: 12 | 13 | env: 14 | PYTHON_VERSION: '3.x' # Set this to the Python version to use 15 | AZURE_WEBAPP_NAME: 'my-app' # Set this to your application's name 16 | WORKING_DIRECTORY: '.' # Set this to the path to deploy to Web App. Defaults to the repository root 17 | STARTUP_COMMAND: '' # Set this to the startup command required to start the application. Default is gunicorn for Flask/Django apps. Best practice: When using startup commands besides gunicorn with a pyproject.toml and uv.lock deployment setup, explicitly mention python3 with the startup command such as 'python3 -m uvicorn main:app --host 0.0.0.0 --port ${PORT:-8000}' 18 | 19 | jobs: 20 | build-and-deploy: 21 | runs-on: ubuntu-latest 22 | permissions: 23 | id-token: write # This is required for requesting the JWT 24 | contents: read # This is required for actions/checkout 25 | 26 | steps: 27 | - uses: actions/checkout@v4 28 | 29 | - name: Install uv 30 | uses: astral-sh/setup-uv@v6 31 | with: 32 | enable-cache: true 33 | 34 | - name: Set up Python 35 | run: uv python install ${{ env.PYTHON_VERSION }} 36 | 37 | - name: Create virtual environment and Generate lock file and install dependencies into antenv 38 | run: | 39 | uv venv antenv 40 | source antenv/bin/activate 41 | uv lock 42 | uv sync --no-dev 43 | 44 | # Optional: Run tests before deploying 45 | # Uncomment the following step to run tests with pytest or your preferred test framework 46 | # - name: Run tests 47 | # run: | 48 | # uv run pytest tests/ 49 | # If you need dev dependencies for testing, use: uv sync --all-groups or uv sync (without --no-dev) 50 | 51 | # If the SCM_DO_BUILD_DURING_DEPLOYMENT setting is enabled (set to true), the platform uses Oryx during deployment to build the application and install dependencies (for example, running `pip install`). Since the build happens on the platform, we exclude the antenv virtual environment folder from the deployment package. This helps reduce the size of the deployment artifact and avoids sending unnecessary files that will be recreated during the build process. 52 | - name: Cleanup Venv for Deployment 53 | run: | 54 | rm -rf antenv 55 | 56 | 57 | - name: Login to Azure 58 | uses: azure/login@v2 59 | with: 60 | client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID }} 61 | tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID }} 62 | subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID }} 63 | 64 | - name: Deploy to Azure Web App 65 | uses: azure/webapps-deploy@v3 66 | id: deploy-to-webapp 67 | with: 68 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 69 | package: ${{ env.WORKING_DIRECTORY }} 70 | startup-command: ${{ env.STARTUP_COMMAND }} 71 | 72 | - name: Logout from Azure 73 | if: always() 74 | run: | 75 | az logout -------------------------------------------------------------------------------- /AppService/docker-webapp-container-on-azure.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy Docker app to Azure 2 | 3 | on: push 4 | 5 | # CONFIGURATION 6 | # For help, go to https://github.com/Azure/Actions 7 | # 8 | # Set up the following secrets in your repository: 9 | # AZURE_CREDENTIALS, REGISTRY_USERNAME, REGISTRY_PASSWORD, REGISTRY_URL 10 | # 2. Change these variables for your configuration: 11 | env: 12 | AZURE_WEBAPP_NAME: AppWithContainer # set this to your application's name 13 | CONTAINER_REGISTRY: ${{ secrets.REGISTRY_URL }} # set secret with Container Registry URL, example : xyz.azurecr.io 14 | # AZURE_RESOURCE_GROUP: ActionsDemo # set this to your Azure Resource group's name - Needed only if you are provisioning the app in the workflow 15 | # AZURE_APP_PLAN: ActionPlan # set this to your App service plan's name - Needed only if you are provisioning the app in the workflow 16 | 17 | jobs: 18 | build-and-deploy-to-dev: 19 | runs-on: ubuntu-latest 20 | environment: dev 21 | steps: 22 | - uses: actions/checkout@v3 23 | - name: Azure authentication 24 | uses: azure/login@v1 25 | with: 26 | creds: ${{ secrets.AZURE_CREDENTIALS }} 27 | # - name: Azure CLI script to provision a new Web App for Container 28 | # uses: azure/CLI@v0-beta 29 | # with: 30 | # azcliversion: latest 31 | # inlineScript: | 32 | # az webapp create --resource-group ${{ env.AZURE_RESOURCE_GROUP }} --plan ${{ env.AZURE_APP_PLAN }} --name ${{ env.AZURE_WEBAPP_NAME }} -i nginx 33 | - name: ACR authentication 34 | uses: azure/docker-login@v1 35 | with: 36 | login-server: ${{ env.CONTAINER_REGISTRY }} 37 | username: ${{ secrets.REGISTRY_USERNAME }} 38 | password: ${{ secrets.REGISTRY_PASSWORD }} 39 | - name: Docker Build & Push to ACR 40 | run: | 41 | docker build . -t ${{ env.CONTAINER_REGISTRY }}/nodejsapp:${{ github.sha }} 42 | docker push ${{ env.CONTAINER_REGISTRY }}/nodejsapp:${{ github.sha }} 43 | 44 | # Uncomment the below action snippet if the Web app credentials are not updated as web app settings 45 | # - name: Set Web App ACR authentication 46 | # uses: Azure/appservice-settings@v1 47 | # with: 48 | # app-name: ${{ env.AZURE_WEBAPP_NAME }} 49 | # app-settings-json: | 50 | # [ 51 | # { 52 | # "name": "DOCKER_REGISTRY_SERVER_PASSWORD", 53 | # "value": "${{ secrets.REGISTRY_PASSWORD }}", 54 | # "slotSetting": false 55 | # }, 56 | # { 57 | # "name": "DOCKER_REGISTRY_SERVER_URL", 58 | # "value": "https://${{ env.CONTAINER_REGISTRY }}", 59 | # "slotSetting": false 60 | # }, 61 | # { 62 | # "name": "DOCKER_REGISTRY_SERVER_USERNAME", 63 | # "value": "${{ secrets.REGISTRY_USERNAME }}", 64 | # "slotSetting": false 65 | # } 66 | # ] 67 | 68 | - name: 'Deploy to Azure Web App for Container' 69 | uses: azure/webapps-deploy@v2 70 | with: 71 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 72 | images: ${{ env.CONTAINER_REGISTRY }}/nodejsapp:${{ github.sha }} 73 | # startup-command: 'npm start' # Include start up command to start the app container 74 | 75 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 76 | -------------------------------------------------------------------------------- /MachineLearning/README.md: -------------------------------------------------------------------------------- 1 | # Action Samples for training and deploying machine learning models to Azure Machine Learning 2 | 3 | We have released multiple actions to help you easily build a Continuous Integration and Continuous Delivery pipeline for a ML/AI project. 4 | - [aml-workspace](https://github.com/Azure/aml-workspace) - Connects to or creates a new workspace 5 | - [aml-compute](https://github.com/Azure/aml-compute) - Connects to or creates a new compute target in Azure Machine Learning 6 | - [aml-run](https://github.com/Azure/aml-run) - Submits a ScriptRun, an Estimator or a Pipeline to Azure Machine Learning 7 | - [aml-registermodel](https://github.com/Azure/aml-registermodel) - Registers a model to Azure Machine Learning 8 | - [aml-deploy](https://github.com/Azure/aml-deploy) - Deploys a model and creates an endpoint for the model 9 | 10 | We will be using the GitHub Actions for defining the workflow along with Azure ML services for model retraining pipeline, model management and operationalization. 11 |

12 | Azure Machine Learning Lifecycle 13 |

14 | 15 | These actions are based on [DevOps principles](https://azure.microsoft.com/overview/what-is-devops/) and practices that increase the efficiency of workflows. For example, continuous integration, delivery, and deployment. 16 | We have applied these principles to the machine learning process, with the goal of: 17 | - Faster experimentation and development of models 18 | - Faster deployment of models into production 19 | - Quality assurance 20 | 21 | Here we have two template contains code and workflow definitions for a machine learning project that demonstrates how to automate an end to end ML/AI lifecycle. 22 | 23 | 1. **Simple template repository: [ml-template-azure](https://github.com/machine-learning-apps/ml-template-azure)** 24 | 25 | Go to this template and follow the getting started guide to setup an ML Ops process within minutes and learn how to use the Azure Machine Learning GitHub Actions in combination. This template demonstrates a very simple process for training and deploying machine learning models. 26 | 27 | 2. **Advanced template repository: [mlops-enterprise-template](https://github.com/Azure-Samples/mlops-enterprise-template)** 28 | 29 | This template demonstrates how approval processes can be included in the process and how training and deployment workflows can be splitted. It also shows how workflows (e.g. deployment) can be triggered from pull requests. More enhancements will be added to this template in the future to make it more enterprise ready. 30 | 31 | 32 | 33 | # Contributing 34 | 35 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 36 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 37 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. 38 | 39 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide 40 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions 41 | provided by the bot. You will only need to do this once across all repos using our CLA. 42 | 43 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 44 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 45 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 46 | 47 | 48 | -------------------------------------------------------------------------------- /assets/create-secrets-for-GitHub-workflows.md: -------------------------------------------------------------------------------- 1 | # Set up Secrets in GitHub Action workflows 2 | 3 | [GitHub Secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets) are encrypted and allow you to store sensitive information, such as access tokens, in your repository. 4 | 5 | You could use GitHub secrets to store your Azure Credentials, Publish profile of your Web app, container registry credentials or any such sensitive details which are required to automate your CI/CD workflows using GitHub Actions. 6 | 7 | ## Creating secrets 8 | 9 | 1. On GitHub, navigate to the main page of the repository. 10 | 1. Under your repository name, click on the "Settings" tab. 11 | 1. In the left sidebar, click Secrets. 12 | 1. On the right bar, click on "Add a new secret" 13 | ![](images/create-secret.png) 14 | 1. Type a name for your secret in the "Name" input box. 15 | 1. Type the value for your secret. 16 | 1. Click Add secret. 17 | ![](images/Add-secret-name-value.png) 18 | 19 | 20 | ## Consume secrets in your workflow 21 | 22 | To consume a secret within an action workflow, set the secret as an input or environment variable in your workflow. 23 | Review the action's README file to learn about which inputs and environment variables the action expects. 24 | For example, most of the [Azure actions](https://github.com/Azure/actions) would need AZURE_CREDENTIALS to be set as a secret. 25 | For more information, see ["Workflow syntax for GitHub Actions."](https://help.github.com/en/articles/workflow-syntax-for-github-actions/#jobsjob_idstepsenv) 26 | 27 | ```yaml 28 | steps: 29 | - name: Sample Azure action 30 | with: # Set Azure credentials secret as an input 31 | credentials: ${{ secrets.AZURE_CREDENTIALS }} 32 | env: # Or as an environment variable 33 | credentials: ${{ secrets.AZURE_CREDENTIALS }} 34 | ``` 35 | 36 | ## Set secret with Azure Credentials 37 | 38 | Most of the Azure services use user-level Azure credentials i.e., Azure Service Principal for deployments. 39 | 40 | Follow the steps to create the Azure credentials (Service Principal) : 41 | * Run the below [az cli](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest) command 42 | ```bash 43 | 44 | az ad sp create-for-rbac --name "myApp" --role contributor \ 45 | --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \ 46 | --sdk-auth 47 | 48 | # Replace {subscription-id}, {resource-group} with the subscription, resource group details 49 | 50 | # The command should output a JSON object similar to this: 51 | 52 | { 53 | "clientId": "", 54 | "clientSecret": "", 55 | "subscriptionId": "", 56 | "tenantId": "", 57 | (...) 58 | } 59 | 60 | ``` 61 | * Store the above JSON as the value of a GitHub secret with a name, for example 'AZURE_CREDENTIALS' 62 | * Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret name 63 | 64 | ## Set secret with Web App Publish_Profile 65 | 66 | **Note: As of October 2020, Linux web apps will need the app setting `WEBSITE_WEBDEPLOY_USE_SCM` set to `true` before downloading the publish profile from the Azure portal. This requirement will be removed in the future.** 67 | 1. In the Azure portal, Navigate to your web app 68 | 1. In the Overview page of the app, click on "Get publish profile". A publish profile is a kind of deployment credential, useful when you don't own the Azure subscription. 69 | 1. Open the downloaded settings file in VS Code and copy the contents of the file. 70 | 1. Create a new secret in your GitHub repo using the copied contents of the publish profile. 71 | 72 | ![](images/get-publish-profile.png) 73 | -------------------------------------------------------------------------------- /End-to-End/Serverless-web-application/azure-infra-cicd.yml: -------------------------------------------------------------------------------- 1 | name: Create Azure Resource (IaC) 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | AZURE_REGION: 6 | description: 'Azure Region to deploy Azure resources' 7 | required: true 8 | default: 'azure-region' 9 | ENVIRONMENT_TYPE: 10 | description: 'Environment: dev, test, or prod' 11 | required: true 12 | default: 'dev' 13 | APP_NAME_PREFIX: 14 | description: 'Prefix to be used in naming Azure resources' 15 | required: true 16 | default: 'prefix' 17 | RESOURCE_GROUP_NAME: 18 | description: 'Resource Group to deploy Azure resources' 19 | required: true 20 | default: 'resource-group' 21 | MSI_NAME: 22 | description: 'User Managed Identity' 23 | required: true 24 | default: 'user-msi' 25 | MSI_RESOURCE_GROUP: 26 | description: 'Resource Group where User Managed Identity is located' 27 | required: true 28 | default: 'msi-resource-group' 29 | 30 | # CONFIGURATION 31 | # For help, go to https://github.com/Azure/Actions 32 | # 33 | # 1. Set up the following secrets in your repository: 34 | # AZURE_CREDENTIALS 35 | # 36 | # 2. Change below variables for your configuration: 37 | env: 38 | AZURE_REGION: ${{ github.event.inputs.AZURE_REGION }} 39 | ENVIRONMENT_TYPE: ${{ github.event.inputs.ENVIRONMENT_TYPE }} 40 | APP_NAME_PREFIX: ${{ github.event.inputs.APP_NAME_PREFIX }} 41 | RESOURCE_GROUP_NAME: ${{ github.event.inputs.RESOURCE_GROUP_NAME }} 42 | MSI_NAME: ${{ github.event.inputs.MSI_NAME }} 43 | MSI_RESOURCE_GROUP: ${{ github.event.inputs.MSI_RESOURCE_GROUP }} 44 | BICEP_FILE_PATH: 'deploy' 45 | BICEP_FILE_NAME: 'main' 46 | 47 | jobs: 48 | validate_deploy: 49 | runs-on: ubuntu-latest 50 | steps: 51 | # Authentication 52 | # Set up the following secrets in your repository: AZURE_CREDENTIALS 53 | # For details on usage of secrets, please refer https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 54 | - name: Azure Login 55 | uses: azure/login@v1 56 | with: 57 | creds: ${{ secrets.AZURE_CREDENTIALS }} 58 | 59 | # Checkout 60 | - name: Checkout 61 | uses: actions/checkout@v1 62 | 63 | # Build ARM Template from Bicep and create a target Azure resource group 64 | - name: Azure CLI - Validate Bicep file ${{ env.BICEP_FILE_PATH }}/${{ env.BICEP_FILE_NAME }}.bicep 65 | uses: Azure/cli@1.0.4 66 | with: 67 | # Azure CLI version to be used to execute the script. If not provided, latest version is used 68 | azcliversion: 2.27.2 69 | # Specify the script here 70 | inlineScript: | 71 | az group create -l ${{ env.AZURE_REGION }} -n ${{ env.RESOURCE_GROUP_NAME }} 72 | az deployment group validate -g ${{ env.APP_NAME_PREFIX }}-${{ env.ENVIRONMENT_TYPE }}-rg --template-file ./${{ env.BICEP_FILE_PATH }}/main.bicep 73 | az bicep upgrade 74 | az bicep build --file ./${{ env.BICEP_FILE_PATH }}/${{ env.BICEP_FILE_NAME }}.bicep 75 | 76 | # Deployment Bicep template 77 | - name: Deploy ${{ env.ENVIRONMENT_TYPE }} environment infrastructure to ${{ env.RESOURCE_GROUP_NAME }} 78 | id: infraDeployment 79 | uses: azure/arm-deploy@v1 80 | with: 81 | deploymentName: ${{ github.run_number }} 82 | resourceGroupName: ${{ env.RESOURCE_GROUP_NAME }} 83 | template: ./${{ env.BICEP_FILE_PATH }}/${{ env.BICEP_FILE_NAME }}.json # Set this to the location of your template file 84 | parameters: appNameSuffix=${{ env.APP_NAME_PREFIX }} environmentType=${{ env.ENVIRONMENT_TYPE }} userAssignedIdentityName=${{ env.MSI_NAME }} userAssignedIdentityResourceGroup=${{ env.MSI_RESOURCE_GROUP }} 85 | 86 | # Azure logout 87 | - name: logout 88 | run: | 89 | az logout 90 | if: always() 91 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/public/images/successCloudNew.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/python-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy Python project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your Python project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action). 6 | # 7 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 8 | # For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended 9 | # 10 | # 2. Add the following values from the managed identity to your repo's variables: 11 | # AZURE_CLIENT_ID 12 | # AZURE_TENANT_ID 13 | # AZURE_SUBSCRIPTION_ID 14 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 15 | # 16 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run. 17 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 18 | # 19 | # 4. Change the variables in the `env` section according to your project: 20 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 21 | 22 | on: 23 | push: 24 | branches: [ main ] 25 | workflow_dispatch: 26 | 27 | env: 28 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # Set this to your function app name on Azure 29 | AZURE_FUNCTIONAPP_PROJECT_PATH: '.' # Set this to the path to your function app project, defaults to the repository root. The deploy action will package the contents of this path. 30 | PYTHON_VERSION: '3.12.x' # Set this to the Python version of your project 31 | BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention 32 | 33 | jobs: 34 | build: 35 | runs-on: ubuntu-latest # Python function apps are Linux-based 36 | permissions: 37 | id-token: write # Required for OIDC 38 | contents: read # Required for actions/checkout 39 | defaults: 40 | run: 41 | shell: bash 42 | working-directory: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 43 | steps: 44 | - name: 'Checkout repository' 45 | uses: actions/checkout@v4 46 | 47 | - name: 'Set up Python version: ${{ env.Python_VERSION }}' 48 | uses: actions/setup-python@v5 49 | with: 50 | python-version: ${{ env.PYTHON_VERSION }} 51 | 52 | - name: 'Install project dependencies' 53 | run: pip install -r requirements.txt --target ".python_packages/lib/site-packages" # Ensure requirements.txt contains all dependencies 54 | 55 | # Perform additional steps such as running tests, if needed 56 | 57 | - name: 'Upload artifact for the deployment job' 58 | uses: actions/upload-artifact@v4 59 | with: 60 | name: ${{ env.BUILD_ARTIFACT_NAME }} 61 | path: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 62 | 63 | deploy: 64 | runs-on: ubuntu-latest # Python function apps are Linux-based 65 | needs: build 66 | permissions: 67 | id-token: write # Required for OIDC 68 | steps: 69 | - name: 'Download artifact from build job' 70 | uses: actions/download-artifact@v4 71 | with: 72 | name: ${{ env.BUILD_ARTIFACT_NAME }} 73 | path: ./downloaded-artifact 74 | 75 | - name: 'Log in to Azure with AZ CLI' 76 | uses: azure/login@v2 77 | with: 78 | client-id: ${{ vars.AZURE_CLIENT_ID }} 79 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 80 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 81 | 82 | - name: 'Run the Azure Functions action' 83 | uses: Azure/functions-action@v1 84 | id: deploy-to-function-app 85 | with: 86 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 87 | package: ./downloaded-artifact 88 | 89 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /AppService/vsts-only-sitecontainers.yml: -------------------------------------------------------------------------------- 1 | # This pipeline builds and pushes multiple container images to Azure Container Registry (ACR) 2 | # and deploys them to an Azure Linux App Service as sidecar containers. 3 | 4 | # Structure of the sample project, where router-app works like main container and hello-app is the sidecar container: 5 | # - router-app/ 6 | # - requirements.txt 7 | # - app.py 8 | # - Dockerfile 9 | # - hello-app/ 10 | # - Dockerfile 11 | # - app.py 12 | # - requirements.txt 13 | 14 | trigger: 15 | branches: 16 | include: 17 | - test/sitecontainer # replace with your branch name to trigger the pipeline 18 | 19 | variables: 20 | dockerRegistryServiceConnection: 'sitecontainersampleacr-sc' # replace with your ACR service connection name 21 | containerRegistry: 'sitecontainerssampleacr.azurecr.io' # replace with your Container Registry login server 22 | routerAppImageName: 'test/router-app' # router app image name in Container Registry 23 | helloAppImageName: 'test/hello-app' # hello app image name in Container Registry 24 | azureSubscription: 'sitecontainers-sc' # replace with your Azure RM connection name 25 | appName: 'vsts-docker2' # your App Service name 26 | resourceGroup: 'multicontainer-euap' # your App Service's resource group 27 | projectRoot: 'LinuxAppService/SiteContainers/test/samples' # your project root folder 28 | 29 | pool: 30 | vmImage: 'ubuntu-latest' 31 | 32 | steps: 33 | # one by one specify steps to build and push each container image to Container Registry 34 | - task: Docker@2 35 | displayName: 'Build and Push Docker router-app Image to Container Registry' 36 | inputs: 37 | containerRegistry: $(dockerRegistryServiceConnection) 38 | repository: $(routerAppImageName) 39 | command: buildAndPush 40 | Dockerfile: '$(projectRoot)/router-app/Dockerfile' 41 | buildContext: '$(projectRoot)/router-app' 42 | tags: | 43 | $(Build.BuildId) 44 | 45 | - task: Docker@2 46 | displayName: 'Build and Push Docker hello app Image to Container Registry' 47 | inputs: 48 | containerRegistry: $(dockerRegistryServiceConnection) 49 | repository: $(helloAppImageName) 50 | command: buildAndPush 51 | Dockerfile: '$(projectRoot)/hello-app/Dockerfile' 52 | buildContext: '$(projectRoot)/hello-app' 53 | tags: | 54 | $(Build.BuildId) 55 | 56 | # Deployment step to deploy both main and sidecar containers to Azure Linux App Service 57 | - task: AzureWebAppContainer@1 58 | displayName: 'Deploy to Linux App Service' 59 | inputs: 60 | azureSubscription: $(azureSubscription) 61 | appName: $(appName) 62 | resourceGroupName: $(resourceGroup) 63 | # sitecontainersConfig property to define all containers in the App Service 64 | sitecontainersConfig: | 65 | [ 66 | { 67 | "name": "main", 68 | "image": "$(containerRegistry)/$(routerAppImageName):$(Build.BuildId)", 69 | "targetPort": 5000, 70 | "isMain": true 71 | }, 72 | { 73 | "name": "hello-app", 74 | "image": "$(containerRegistry)/$(helloAppImageName):$(Build.BuildId)", 75 | "targetPort": 5001, 76 | "isMain": false 77 | } 78 | ] 79 | 80 | # Following properties can be set for each container in the sitecontainers-config list. 81 | # SiteContainer 82 | # { 83 | # name: string, // mandatory 84 | # image: string, // mandatory 85 | # isMain: boolean, // mandatory 86 | # targetPort?: string, 87 | # startupCommand?: string, 88 | # authType?: AUTH_TYPE, 89 | # userName?: string, 90 | # passwordSecret?: string, 91 | # userManagedIdentityClientId?: string, 92 | # environmentVariables?: EnvironmentVariable[], 93 | # volumeMounts?: VolumeMount[], 94 | # inheritAppSettingsAndConnectionStrings?: boolean, 95 | # } 96 | 97 | # AUTH_TYPE is any of the following: 98 | # Anonymous, 99 | # UserCredentials, 100 | # SystemIdentity, 101 | # UserAssigned 102 | 103 | # type EnvironmentVariable { 104 | # name: string; // mandatory 105 | # value: string; // mandatory 106 | # } 107 | # type VolumeMount { 108 | # name: string; // mandatory 109 | # mountPath: string; // mandatory 110 | # readOnly?: boolean; 111 | # } -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/linux-java-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy Java project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your Java project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action). 6 | # 7 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 8 | # For instructions, follow the README at https://github.com/Azure/functions-action 9 | # 10 | # 2. Add the following values from the managed identity to your repo's variables: 11 | # AZURE_CLIENT_ID 12 | # AZURE_TENANT_ID 13 | # AZURE_SUBSCRIPTION_ID 14 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 15 | # 16 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main. 17 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 18 | # 19 | # 4. Change the variables in the `env` section according to your project: 20 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 21 | 22 | on: 23 | push: 24 | branches: [ main ] 25 | workflow_dispatch: 26 | 27 | env: 28 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # set this to your function app name on Azure. Ensure that `functionAppName` in your pom.xml file matches. 29 | POM_XML_DIRECTORY: '.' # set this to the directory which contains the pom.xml file. The deploy action will package the contents of this path. 30 | JAVA_VERSION: '17' # set this to the Java version of your project 31 | BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention 32 | 33 | jobs: 34 | build: 35 | runs-on: ubuntu-latest # Assumes your target function app is Linux-based 36 | permissions: 37 | id-token: write # Required to fetch an OIDC token to authenticate with the job 38 | contents: read # Required for actions/checkout 39 | defaults: 40 | run: 41 | shell: bash 42 | working-directory: ${{ env.POM_XML_DIRECTORY }} 43 | steps: 44 | - name: 'Checkout repository' 45 | uses: actions/checkout@v4 46 | 47 | - name: 'Set up Java version: ${{ env.JAVA_VERSION }}' 48 | uses: actions/setup-java@v4 49 | with: 50 | java-version: ${{ env.JAVA_VERSION }} 51 | distribution: 'microsoft' 52 | 53 | - name: 'Build project with Maven' 54 | run: mvn clean package 55 | 56 | # Perform additional steps such as running tests, if needed 57 | 58 | - name: 'Upload artifact for the deployment job' 59 | uses: actions/upload-artifact@v4 60 | with: 61 | name: ${{ env.BUILD_ARTIFACT_NAME }} 62 | path: ${{ env.POM_XML_DIRECTORY }}/target/azure-functions/${{ env.AZURE_FUNCTIONAPP_NAME }} 63 | 64 | deploy: 65 | runs-on: ubuntu-latest # Assumes your target function app is Linux-based 66 | needs: build 67 | permissions: 68 | id-token: write # Required to fetch an OIDC token to authenticate with the job 69 | steps: 70 | - name: 'Download artifact from build job' 71 | uses: actions/download-artifact@v4 72 | with: 73 | name: ${{ env.BUILD_ARTIFACT_NAME }} 74 | path: ./downloaded-artifact 75 | 76 | - name: 'Log in to Azure with AZ CLI' 77 | uses: azure/login@v2 78 | with: 79 | client-id: ${{ vars.AZURE_CLIENT_ID }} 80 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 81 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 82 | 83 | - name: 'Run the Azure Functions action' 84 | uses: Azure/functions-action@v1 85 | id: deploy-to-function-app 86 | with: 87 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 88 | package: ./downloaded-artifact 89 | respect-pom-xml: false # Set to `true` if the build artifact path is ${{ env.POM_XML_DIRECTORY }} 90 | 91 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/linux-node-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy Node.js project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your Node project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action). 6 | # 7 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 8 | # For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended 9 | # 10 | # 2. Add the following values from the managed identity to your repo's variables: 11 | # AZURE_CLIENT_ID 12 | # AZURE_TENANT_ID 13 | # AZURE_SUBSCRIPTION_ID 14 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 15 | # 16 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run. 17 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 18 | # 19 | # 4. Change the variables in the `env` section according to your project: 20 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 21 | 22 | on: 23 | push: 24 | branches: [ main ] 25 | workflow_dispatch: 26 | 27 | env: 28 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # Set this to your function app name on Azure 29 | AZURE_FUNCTIONAPP_PROJECT_PATH: '.' # Set this to the path to your function app project, defaults to the repository root. The deploy action will package the contents of this path. 30 | NODE_VERSION: '22' # Set this to the Node version of your project 31 | BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention 32 | 33 | jobs: 34 | build: 35 | runs-on: ubuntu-latest # Assumes your target function app is Linux-based 36 | permissions: 37 | id-token: write # Required for OIDC 38 | contents: read # Required for actions/checkout 39 | defaults: 40 | run: 41 | shell: bash 42 | working-directory: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 43 | steps: 44 | - name: 'Checkout repository' 45 | uses: actions/checkout@v4 46 | 47 | - name: 'Set up Node version: ${{ env.NODE_VERSION }}' 48 | uses: actions/setup-node@v4 49 | with: 50 | node-version: ${{ env.NODE_VERSION }} 51 | 52 | - name: 'Install project dependencies' 53 | run: npm install # Use `npm ci` if you have a package-lock.json file and want to ensure a clean install 54 | 55 | - name: 'Build project' 56 | run: npm run build --if-present 57 | 58 | - name: 'Run tests' 59 | run: npm run test --if-present 60 | 61 | - name: 'Prune development dependencies' 62 | run: npm prune --production 63 | 64 | - name: 'Upload artifact for the deployment job' 65 | uses: actions/upload-artifact@v4 66 | with: 67 | name: ${{ env.BUILD_ARTIFACT_NAME }} 68 | path: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 69 | 70 | deploy: 71 | runs-on: ubuntu-latest # Assumes your target function app is Linux-based 72 | needs: build 73 | permissions: 74 | id-token: write # Required for OIDC 75 | steps: 76 | - name: 'Download artifact from build job' 77 | uses: actions/download-artifact@v4 78 | with: 79 | name: ${{ env.BUILD_ARTIFACT_NAME }} 80 | path: ./downloaded-artifact 81 | 82 | - name: 'Log in to Azure with AZ CLI' 83 | uses: azure/login@v2 84 | with: 85 | client-id: ${{ vars.AZURE_CLIENT_ID }} 86 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 87 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 88 | 89 | - name: 'Run the Azure Functions action' 90 | uses: Azure/functions-action@v1 91 | id: deploy-to-function-app 92 | with: 93 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 94 | package: ./downloaded-artifact 95 | 96 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/linux-dotnet-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy .NET project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your .NET project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action). 6 | # 7 | # For an overview of using GitHub workflows with Azure Functions, see https://learn.microsoft.com/azure/azure-functions/functions-how-to-github-actions 8 | # 9 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 10 | # For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended 11 | # 12 | # 2. Add the following values from the managed identity to your repo's variables: 13 | # AZURE_CLIENT_ID 14 | # AZURE_TENANT_ID 15 | # AZURE_SUBSCRIPTION_ID 16 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 17 | # 18 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run. 19 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 20 | # 21 | # 4. Change the variables in the `env` section according to your project: 22 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 23 | 24 | on: 25 | push: 26 | branches: [ main ] 27 | workflow_dispatch: 28 | 29 | env: 30 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # Set this to your function app name on Azure 31 | AZURE_FUNCTIONAPP_PROJECT_PATH: '.' # Set this to the path to your function app project, defaults to the repository root. The deploy action will package the contents of this path. 32 | DOTNET_VERSION: '9.0.x' # Set this to the .NET version of your project 33 | BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention 34 | 35 | jobs: 36 | build: 37 | runs-on: ubuntu-latest # Assumes your target function app is Linux-based 38 | permissions: 39 | id-token: write # Required for OIDC 40 | contents: read # Required for actions/checkout 41 | defaults: 42 | run: 43 | shell: bash 44 | working-directory: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 45 | steps: 46 | - name: 'Checkout repository' 47 | uses: actions/checkout@v4 48 | 49 | - name: 'Set up .NET version: ${{ env.DOTNET_VERSION }}' 50 | uses: actions/setup-dotnet@v4 51 | with: 52 | dotnet-version: ${{ env.DOTNET_VERSION }} 53 | 54 | # Perform additional steps such as running tests, if needed 55 | 56 | - name: 'Build and prepare .NET project for deployment' 57 | run: dotnet publish --configuration Release --output ./output 58 | 59 | - name: Upload artifact for the deployment job 60 | uses: actions/upload-artifact@v4 61 | with: 62 | name: ${{ env.BUILD_ARTIFACT_NAME }} 63 | path: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }}/output 64 | include-hidden-files: true # Required for .NET projects 65 | 66 | deploy: 67 | runs-on: ubuntu-latest # Assumes your target function app is Linux-based 68 | needs: build 69 | permissions: 70 | id-token: write # Required for OIDC 71 | steps: 72 | - name: 'Download artifact from build job' 73 | uses: actions/download-artifact@v4 74 | with: 75 | name: ${{ env.BUILD_ARTIFACT_NAME }} 76 | path: ./downloaded-artifact 77 | 78 | - name: 'Log in to Azure with AZ CLI' 79 | uses: azure/login@v2 80 | with: 81 | client-id: ${{ vars.AZURE_CLIENT_ID }} 82 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 83 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 84 | 85 | - name: 'Run the Azure Functions action' 86 | uses: Azure/functions-action@v1 87 | id: deploy-to-function-app 88 | with: 89 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 90 | package: ./downloaded-artifact 91 | 92 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/windows-java-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy Java project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your Java project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action) and Flex Consumption (which uses `ubuntu-latest` as the runner). 6 | # 7 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 8 | # For instructions, follow the README at https://github.com/Azure/functions-action 9 | # 10 | # 2. Add the following values from the managed identity to your repo's variables: 11 | # AZURE_CLIENT_ID 12 | # AZURE_TENANT_ID 13 | # AZURE_SUBSCRIPTION_ID 14 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 15 | # 16 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main. 17 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 18 | # 19 | # 4. Change the variables in the `env` section according to your project: 20 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 21 | 22 | on: 23 | push: 24 | branches: [ main ] 25 | workflow_dispatch: 26 | 27 | env: 28 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # set this to your function app name on Azure. Ensure that `functionAppName` in your pom.xml file matches. 29 | POM_XML_DIRECTORY: '.' # set this to the directory which contains the pom.xml file. The deploy action will package the contents of this path. 30 | JAVA_VERSION: '17' # set this to the Java version of your project 31 | BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention 32 | 33 | jobs: 34 | build: 35 | runs-on: windows-latest # Assumes your target function app is Windows-based 36 | permissions: 37 | id-token: write # Required to fetch an OIDC token to authenticate with the job 38 | contents: read # Required for actions/checkout 39 | defaults: 40 | run: 41 | shell: bash 42 | working-directory: ${{ env.POM_XML_DIRECTORY }} 43 | steps: 44 | - name: 'Checkout repository' 45 | uses: actions/checkout@v4 46 | 47 | - name: 'Set up Java version: ${{ env.JAVA_VERSION }}' 48 | uses: actions/setup-java@v4 49 | with: 50 | java-version: ${{ env.JAVA_VERSION }} 51 | distribution: 'microsoft' 52 | 53 | - name: 'Build project with Maven' 54 | run: mvn clean package 55 | 56 | # Perform additional steps such as running tests, if needed 57 | 58 | - name: 'Upload artifact for the deployment job' 59 | uses: actions/upload-artifact@v4 60 | with: 61 | name: ${{ env.BUILD_ARTIFACT_NAME }} 62 | path: ${{ env.POM_XML_DIRECTORY }}/target/azure-functions/${{ env.AZURE_FUNCTIONAPP_NAME }} 63 | 64 | deploy: 65 | runs-on: windows-latest # Assumes your target function app is Windows-based 66 | needs: build 67 | permissions: 68 | id-token: write # Required to fetch an OIDC token to authenticate with the job 69 | steps: 70 | - name: 'Download artifact from build job' 71 | uses: actions/download-artifact@v4 72 | with: 73 | name: ${{ env.BUILD_ARTIFACT_NAME }} 74 | path: ./downloaded-artifact 75 | 76 | - name: 'Log in to Azure with AZ CLI' 77 | uses: azure/login@v2 78 | with: 79 | client-id: ${{ vars.AZURE_CLIENT_ID }} 80 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 81 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 82 | 83 | - name: 'Run the Azure Functions action' 84 | uses: Azure/functions-action@v1 85 | id: deploy-to-function-app 86 | with: 87 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 88 | package: ./downloaded-artifact 89 | respect-pom-xml: false # Set to `true` if the build artifact path is ${{ env.POM_XML_DIRECTORY }} 90 | 91 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/windows-node-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy Node.js project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your Node project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action) and Flex Consumption (which uses `ubuntu-latest` as the runner). 6 | # 7 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 8 | # For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended 9 | # 10 | # 2. Add the following values from the managed identity to your repo's variables: 11 | # AZURE_CLIENT_ID 12 | # AZURE_TENANT_ID 13 | # AZURE_SUBSCRIPTION_ID 14 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 15 | # 16 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run. 17 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 18 | # 19 | # 4. Change the variables in the `env` section according to your project: 20 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 21 | 22 | on: 23 | push: 24 | branches: [ main ] 25 | workflow_dispatch: 26 | 27 | env: 28 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # Set this to your function app name on Azure 29 | AZURE_FUNCTIONAPP_PROJECT_PATH: '.' # Set this to the path to your function app project, defaults to the repository root. The deploy action will package the contents of this path. 30 | NODE_VERSION: '22' # Set this to the Node version of your project 31 | BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention 32 | 33 | jobs: 34 | build: 35 | runs-on: windows-latest # Assumes your target function app is Linux-based 36 | permissions: 37 | id-token: write # Required for OIDC 38 | contents: read # Required for actions/checkout 39 | defaults: 40 | run: 41 | shell: bash 42 | working-directory: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 43 | steps: 44 | - name: 'Checkout repository' 45 | uses: actions/checkout@v4 46 | 47 | - name: 'Set up Node version: ${{ env.NODE_VERSION }}' 48 | uses: actions/setup-node@v4 49 | with: 50 | node-version: ${{ env.NODE_VERSION }} 51 | 52 | - name: 'Install project dependencies' 53 | run: npm install # Use `npm ci` if you have a package-lock.json file and want to ensure a clean install 54 | 55 | - name: 'Build project' 56 | run: npm run build --if-present 57 | 58 | - name: 'Run tests' 59 | run: npm run test --if-present 60 | 61 | - name: 'Prune development dependencies' 62 | run: npm prune --production 63 | 64 | - name: 'Upload artifact for the deployment job' 65 | uses: actions/upload-artifact@v4 66 | with: 67 | name: ${{ env.BUILD_ARTIFACT_NAME }} 68 | path: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 69 | 70 | deploy: 71 | runs-on: windows-latest # Assumes your target function app is Linux-based 72 | needs: build 73 | permissions: 74 | id-token: write # Required for OIDC 75 | steps: 76 | - name: 'Download artifact from build job' 77 | uses: actions/download-artifact@v4 78 | with: 79 | name: ${{ env.BUILD_ARTIFACT_NAME }} 80 | path: ./downloaded-artifact 81 | 82 | - name: 'Log in to Azure with AZ CLI' 83 | uses: azure/login@v2 84 | with: 85 | client-id: ${{ vars.AZURE_CLIENT_ID }} 86 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 87 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 88 | 89 | - name: 'Run the Azure Functions action' 90 | uses: Azure/functions-action@v1 91 | id: deploy-to-function-app 92 | with: 93 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 94 | package: ./downloaded-artifact 95 | 96 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /FunctionApp/oidc-auth-samples/windows-dotnet-functionapp-on-azure-oidc.yml: -------------------------------------------------------------------------------- 1 | name: Build and deploy .NET project to Azure Function App using OIDC 2 | 3 | # CONFIGURATION 4 | # 5 | # This workflow can be used to deploy your .NET project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action) and Flex Consumption (which uses `ubuntu-latest` as the runner). 6 | # 7 | # For an overview of using GitHub workflows with Azure Functions, see https://learn.microsoft.com/azure/azure-functions/functions-how-to-github-actions 8 | # 9 | # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. 10 | # For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended 11 | # 12 | # 2. Add the following values from the managed identity to your repo's variables: 13 | # AZURE_CLIENT_ID 14 | # AZURE_TENANT_ID 15 | # AZURE_SUBSCRIPTION_ID 16 | # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows 17 | # 18 | # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run. 19 | # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows 20 | # 21 | # 4. Change the variables in the `env` section according to your project: 22 | # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages 23 | 24 | on: 25 | push: 26 | branches: [ main ] 27 | workflow_dispatch: 28 | 29 | env: 30 | AZURE_FUNCTIONAPP_NAME: 'APP_NAME' # Set this to your function app name on Azure 31 | AZURE_FUNCTIONAPP_PROJECT_PATH: '.' # Set this to the path to your function app project, defaults to the repository root. The deploy action will package the contents of this path. 32 | DOTNET_VERSION: '9.0.x' # Set this to the .NET version of your project 33 | BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention 34 | 35 | jobs: 36 | build: 37 | runs-on: windows-latest # Assumes your target function app is Windows-based 38 | permissions: 39 | id-token: write # Required for OIDC 40 | contents: read # Required for actions/checkout 41 | defaults: 42 | run: 43 | shell: bash 44 | working-directory: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} 45 | steps: 46 | - name: 'Checkout repository' 47 | uses: actions/checkout@v4 48 | 49 | - name: 'Set up .NET version: ${{ env.DOTNET_VERSION }}' 50 | uses: actions/setup-dotnet@v4 51 | with: 52 | dotnet-version: ${{ env.DOTNET_VERSION }} 53 | 54 | # Perform additional steps such as running tests, if needed 55 | 56 | - name: 'Build and prepare .NET project for deployment' 57 | run: dotnet publish --configuration Release --output ./output 58 | 59 | - name: Upload artifact for the deployment job 60 | uses: actions/upload-artifact@v4 61 | with: 62 | name: ${{ env.BUILD_ARTIFACT_NAME }} 63 | path: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }}/output 64 | include-hidden-files: true # Required for .NET projects 65 | 66 | deploy: 67 | runs-on: windows-latest # Assumes your target function app is Windows-based 68 | needs: build 69 | permissions: 70 | id-token: write # Required for OIDC 71 | steps: 72 | - name: 'Download artifact from build job' 73 | uses: actions/download-artifact@v4 74 | with: 75 | name: ${{ env.BUILD_ARTIFACT_NAME }} 76 | path: ./downloaded-artifact 77 | 78 | - name: 'Log in to Azure with AZ CLI' 79 | uses: azure/login@v2 80 | with: 81 | client-id: ${{ vars.AZURE_CLIENT_ID }} 82 | tenant-id: ${{ vars.AZURE_TENANT_ID }} 83 | subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} 84 | 85 | - name: 'Run the Azure Functions action' 86 | uses: Azure/functions-action@v1 87 | id: deploy-to-function-app 88 | with: 89 | app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} 90 | package: ./downloaded-artifact 91 | 92 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples -------------------------------------------------------------------------------- /AppService/blessed-sitecontainers-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | # Structure of the sample project: 2 | # - router-app/ 3 | # - requirements.txt 4 | # - app.py 5 | # - hello-app/ 6 | # - Dockerfile 7 | # - app.py 8 | # - requirements.txt 9 | # - .github/workflows/blessed-sitecontainers-webapp-on-azure.yml 10 | 11 | name: Build and deploy Python app to Azure Web App - # Your Web App Name 12 | 13 | on: 14 | push: 15 | branches: 16 | - master 17 | workflow_dispatch: 18 | 19 | env: 20 | AZURE_WEBAPP_NAME: 'AppWithSiteContainers' # Replace with your Azure Web App name 21 | AZURE_WEBAPP_SLOT_NAME: 'Production' # Replace with your Azure Web App slot name 22 | CONTAINER_REGISTRY: ${{ secrets.REGISTRY_URL }} # Set secret with Container Registry URL, example : xyz.azurecr.io 23 | 24 | jobs: 25 | build: 26 | runs-on: ubuntu-latest 27 | permissions: 28 | contents: read #This is required for actions/checkout 29 | 30 | steps: 31 | # Steps to build and upload artifacts for python app. 32 | - uses: actions/checkout@v4 33 | 34 | - name: Set up Python version 35 | uses: actions/setup-python@v5 36 | with: 37 | python-version: '3.12' 38 | 39 | 40 | - name: Create and start virtual environment 41 | working-directory: router-app # As blessed app code is in router-app folder 42 | run: | 43 | python -m venv venv 44 | source venv/bin/activate 45 | 46 | - name: Install dependencies 47 | working-directory: router-app 48 | run: | 49 | pip install -r requirements.txt 50 | 51 | - name: Upload artifact for deployment jobs 52 | uses: actions/upload-artifact@v4 53 | with: 54 | name: python-app 55 | path: | 56 | router-app 57 | !router-app/venv/ 58 | 59 | # Steps to build and push Sidecar container image to Azure Container Registry. 60 | - name: Log in to Azure Container Registry 61 | uses: azure/docker-login@v1 62 | with: 63 | login-server: ${{ env.CONTAINER_REGISTRY }} 64 | username: ${{ secrets.AZURE_CONTAINER_REGISTRY_USERNAME }} 65 | password: ${{ secrets.AZURE_CONTAINER_REGISTRY_PASSWORD }} 66 | 67 | - name: Build and push container hello-app image to registry 68 | uses: docker/build-push-action@v3 69 | with: 70 | context: ./hello-app # As sidecar app code is in hello-app folder 71 | push: true 72 | tags: ${{ env.CONTAINER_REGISTRY }}/test/hello-app:${{ github.sha }} 73 | file: ./hello-app/Dockerfile 74 | 75 | deploy: 76 | runs-on: ubuntu-latest 77 | needs: build 78 | permissions: 79 | id-token: write #This is required for requesting the JWT 80 | contents: read #This is required for actions/checkout 81 | 82 | steps: 83 | - name: Download artifact from build job 84 | uses: actions/download-artifact@v4 85 | with: 86 | name: python-app 87 | 88 | - name: Login to Azure 89 | uses: azure/login@v2 90 | with: 91 | client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID }} 92 | tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID }} 93 | subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID }} 94 | 95 | - name: 'Deploy to Azure Web App' 96 | uses: azure/webapps-deploy@v3 97 | id: deploy-to-webapp 98 | with: 99 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 100 | slot-name: ${{ env.AZURE_WEBAPP_SLOT_NAME }} 101 | # Mention properties for the sitecontainers one by one in a list of json objects. 102 | sitecontainers-config: >- 103 | [ 104 | { 105 | "name": "hello-app", 106 | "image": "${{ env.CONTAINER_REGISTRY }}/test/hello-app:${{ github.sha }}", 107 | "targetPort": 5001, 108 | "isMain": false 109 | } 110 | ] 111 | 112 | # Following properties can be set for each container in the sitecontainers-config list. 113 | # SiteContainer 114 | # { 115 | # name: string, // mandatory 116 | # image: string, // mandatory 117 | # isMain: boolean, // mandatory 118 | # targetPort?: string, 119 | # startupCommand?: string, 120 | # authType?: AUTH_TYPE, 121 | # userName?: string, 122 | # passwordSecret?: string, 123 | # userManagedIdentityClientId?: string, 124 | # environmentVariables?: EnvironmentVariable[], 125 | # volumeMounts?: VolumeMount[], 126 | # inheritAppSettingsAndConnectionStrings?: boolean, 127 | # } 128 | 129 | # AUTH_TYPE is any of the following: 130 | # Anonymous, 131 | # UserCredentials, 132 | # SystemIdentity, 133 | # UserAssigned 134 | 135 | # type EnvironmentVariable { 136 | # name: string; // mandatory 137 | # value: string; // mandatory 138 | # } 139 | # type VolumeMount { 140 | # name: string; // mandatory 141 | # mountPath: string; // mandatory 142 | # readOnly?: boolean; 143 | # } -------------------------------------------------------------------------------- /PackageManagement/nuget.yml: -------------------------------------------------------------------------------- 1 | name: Push Nuget Package to Azure Artifacts or GitHub Package Registry 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | pull_request: 8 | branches: 9 | - '*' 10 | 11 | # CONFIGURATION 12 | # 13 | # 1. Set the environment variables for your Build Configuration (Release/Debug), .NET Version, 14 | # GitHub Package Registry URL and Azure Artifacts Feed URL as appropriate. 15 | # 16 | # 2. Ensure that your csproj file is configured correctly as outlined in the documentation below: 17 | # https://docs.github.com/en/free-pro-team@latest/packages/using-github-packages-with-your-projects-ecosystem/configuring-dotnet-cli-for-use-with-github-packages#publishing-a-package 18 | # 19 | # 3. Set up the following secrets in your repository: 20 | # AZURE_ARTIFACTS_PAT 21 | # 22 | # You can follow the below documentation to create a Personal Access Token (PAT) 23 | # https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page#create-a-pat 24 | # 25 | # You can find additional information on the scopes and associated permissions in the documentation below: 26 | # https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops#scopes 27 | # 28 | 29 | env: 30 | AZURE_ARTIFACTS_FEED_URL: https://pkgs.dev.azure.com/.../nuget/v3/index.json # set this to the registry url for your Azure Artifacts Feed, you will find this in Azure DevOps 31 | BUILD_CONFIGURATION: 'Release' # set this to the appropriate build configuration 32 | DOTNET_VERSION: '3.1.x' # set this to the dot net version to use 33 | GITHUB_PACKAGE_REGISTRY_URL: https://nuget.pkg.github.com/yourorganisation/index.json # set this to the registry url for your GitHub package registry 34 | 35 | # Learn about the artifact feed types at https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/project-scoped-feeds?view=azure-devops#understanding-the-difference-between-an-organization-scoped-feed-and-a-project-scoped-feed 36 | 37 | jobs: 38 | build: 39 | runs-on: ubuntu-latest 40 | steps: 41 | # Checkout the repo 42 | - uses: actions/checkout@v2 43 | 44 | # Setup .NET Core SDK 45 | - name: Setup .NET Core 46 | uses: actions/setup-dotnet@v1 47 | with: 48 | dotnet-version: ${{ env.DOTNET_VERSION }} 49 | 50 | # Run dotnet build and package 51 | - name: dotnet build and test 52 | run: | 53 | dotnet restore 54 | dotnet build --configuration '${{ env.BUILD_CONFIGURATION }}' 55 | dotnet test --configuration '${{ env.BUILD_CONFIGURATION }}' 56 | 57 | az-artifacts-build-and-deploy: 58 | needs: build 59 | runs-on: ubuntu-latest 60 | steps: 61 | # Checkout the repo 62 | - uses: actions/checkout@master 63 | 64 | # Setup .NET Core SDK 65 | - name: Setup .NET Core 66 | uses: actions/setup-dotnet@v1 67 | with: 68 | dotnet-version: ${{ env.DOTNET_VERSION }} 69 | source-url: ${{ env.AZURE_ARTIFACTS_FEED_URL }} 70 | env: 71 | NUGET_AUTH_TOKEN: ${{ secrets.AZURE_ARTIFACTS_PAT }} # Setup the .NET Core SDK with the appropriate auth token to access the GitHub Package Registry 72 | 73 | # Run dotnet build and package 74 | - name: dotnet build and publish 75 | run: | 76 | dotnet restore 77 | dotnet build --configuration '${{ env.BUILD_CONFIGURATION }}' 78 | dotnet pack -c '${{ env.BUILD_CONFIGURATION }}' 79 | 80 | # Publish the package to Azure Artifacts 81 | - name: 'dotnet publish' 82 | run: dotnet nuget push --api-key AzureArtifacts bin/Release/*.nupkg 83 | 84 | gpr-build-and-deploy: 85 | needs: build 86 | runs-on: ubuntu-latest 87 | steps: 88 | # Checkout the repo 89 | - uses: actions/checkout@master 90 | 91 | # Setup .NET Core SDK 92 | - name: Setup .NET Core 93 | uses: actions/setup-dotnet@v1 94 | with: 95 | dotnet-version: ${{ env.DOTNET_VERSION }} 96 | source-url: ${{ env.GITHUB_PACKAGE_REGISTRY_URL }} 97 | env: 98 | NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Setup the .NET Core SDK with the appropriate auth token to access the GitHub Package Registry 99 | 100 | # Run dotnet build and package 101 | - name: dotnet build and publish 102 | run: | 103 | dotnet restore 104 | dotnet build --configuration '${{ env.BUILD_CONFIGURATION }}' 105 | dotnet pack -c '${{ env.BUILD_CONFIGURATION }}' 106 | 107 | # Publish the package to GitHub Package Registry 108 | - name: 'dotnet publish' 109 | run: dotnet nuget push bin/Release/*.nupkg 110 | 111 | # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples 112 | -------------------------------------------------------------------------------- /AppService/node_express_sampleApp/nodejs-webapp-express.njsproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 14.0 5 | $(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion) 6 | nodejs-webapp-express 7 | nodejs-webapp-express 8 | 9 | 10 | 11 | Debug 12 | 2.0 13 | 9e362718-6538-43f7-bc4a-114f9e9c1f5a 14 | . 15 | app.js 16 | 17 | 18 | . 19 | . 20 | v4.0 21 | {3AF33F2E-1136-4D97-BBB7-1795711AC8B8};{349c5851-65df-11da-9384-00065b846f21};{9092AA53-FB77-4645-B42D-1CCCA6BD08BD} 22 | 1337 23 | true 24 | 25 | 26 | true 27 | 28 | 29 | true 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | False 67 | True 68 | 0 69 | / 70 | http://localhost:48022/ 71 | False 72 | True 73 | http://localhost:1337 74 | False 75 | 76 | 77 | 78 | 79 | 80 | 81 | CurrentPage 82 | True 83 | False 84 | False 85 | False 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | False 95 | False 96 | 97 | 98 | 99 | 100 | -------------------------------------------------------------------------------- /End-to-End/Serverless-web-application/functions-api-cicd.yml: -------------------------------------------------------------------------------- 1 | name: Build and publish .NET Functions 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | ENVIRONMENT_TYPE: 6 | description: 'Environment: dev, test, or prod' 7 | required: true 8 | default: 'dev' 9 | APP_NAME_PREFIX: 10 | description: 'Prefix to be used in naming Azure resources' 11 | required: true 12 | default: 'prefix' 13 | RESOURCE_GROUP_NAME: 14 | description: 'Resource Group to deploy Azure resources' 15 | required: true 16 | default: 'resource-group' 17 | API_NAME: 18 | description: 'API name' 19 | required: true 20 | default: '2do' 21 | API_DOCUMENT_URL: 22 | description: 'API definition URL' 23 | required: true 24 | default: 'https://.azurewebsites.net/api/swagger.json' 25 | APIM_NAME: 26 | description: 'APIM name' 27 | required: true 28 | default: 'apim-name' 29 | FUNCTION_NAME: 30 | description: 'Azure Functions name' 31 | required: true 32 | default: 'function-name' 33 | ORIGIN_URL: 34 | description: 'Client app URL' # This is CDN endpoint URL 35 | required: true 36 | default: 'https://.azureedge.net' 37 | 38 | # CONFIGURATION 39 | # For help, go to https://github.com/Azure/Actions 40 | # 41 | # 1. Set up the following secrets in your repository: 42 | # AZURE_CREDENTIALS 43 | # 44 | # 2. Change below variables for your configuration: 45 | env: 46 | ENVIRONMENT_TYPE: ${{ github.event.inputs.ENVIRONMENT_TYPE }} 47 | APP_NAME_PREFIX: ${{ github.event.inputs.APP_NAME_PREFIX }} 48 | RESOURCE_GROUP_NAME: ${{ github.event.inputs.RESOURCE_GROUP_NAME }} 49 | API_NAME: ${{ github.event.inputs.API_NAME }} 50 | API_DOCUMENT_URL: ${{ github.event.inputs.API_DOCUMENT_URL }} 51 | APIM_NAME: ${{ github.event.inputs.APIM_NAME }} 52 | FUNCTION_NAME: ${{ github.event.inputs.FUNCTION_NAME }} 53 | ORIGIN_URL: ${{ github.event.inputs.ORIGIN_URL }} 54 | APP_SOURCE_PATH: 'src' 55 | FUNCTIONAPP_PATH: 'api/dotnet/ToDoFunctionApp' 56 | DOTNET_VERSION: '3.1.410' 57 | BICEP_FILE_PATH: 'deploy' 58 | BICEP_FILE_NAME: 'api' 59 | 60 | jobs: 61 | function_cicd: 62 | runs-on: ubuntu-latest 63 | steps: 64 | # Authentication 65 | # Set up the following secrets in your repository: AZURE_CREDENTIALS 66 | # For details on usage of secrets, please refer https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 67 | - name: Azure Login 68 | uses: azure/login@v1 69 | with: 70 | creds: ${{ secrets.AZURE_CREDENTIALS }} 71 | 72 | # Checkout 73 | - name: Checkout 74 | uses: actions/checkout@v1 75 | 76 | # Setup .NET Core environment 77 | - name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment 78 | uses: actions/setup-dotnet@v1 79 | with: 80 | dotnet-version: ${{ env.DOTNET_VERSION }} 81 | 82 | # Build .NET application 83 | - name: 'Build .NET application' 84 | shell: bash 85 | run: | 86 | pushd ./${{ env.APP_SOURCE_PATH }}/${{ env.FUNCTIONAPP_PATH }} 87 | dotnet build --configuration Release --output ./outputs 88 | popd 89 | 90 | # Publish .NET application to Azure Function 91 | - name: Publish to Azure Functions to ${{ env.FUNCTION_NAME }} 92 | uses: Azure/functions-action@v1 93 | id: fa 94 | with: 95 | app-name: ${{ env.FUNCTION_NAME }} 96 | package: ./${{ env.APP_SOURCE_PATH }}/${{ env.FUNCTIONAPP_PATH }}/outputs 97 | 98 | # Validate and Build ARM Template from Bicep 99 | - name: Azure CLI - Validate Bicep file ${{ env.BICEP_FILE_PATH }}/${{ env.BICEP_FILE_NAME }}.bicep 100 | uses: Azure/cli@1.0.4 101 | with: 102 | # Azure CLI version to be used to execute the script. If not provided, latest version is used 103 | azcliversion: 2.27.2 104 | # Specify the script here 105 | inlineScript: | 106 | az deployment group validate -g ${{ env.RESOURCE_GROUP_NAME }} --template-file ./${{ env.BICEP_FILE_PATH }}/main.bicep 107 | az bicep upgrade 108 | az bicep build --file ./${{ env.BICEP_FILE_PATH }}/${{ env.BICEP_FILE_NAME }}.bicep 109 | 110 | # Deployment Bicep template for APIM API 111 | - name: Import ${{ env.ENVIRONMENT_TYPE }} environment API to ${{ env.APIM_NAME }} 112 | id: apiDeployment 113 | uses: azure/arm-deploy@v1 114 | with: 115 | deploymentName: '${{ github.run_number }}-api' 116 | resourceGroupName: ${{ env.RESOURCE_GROUP_NAME }} 117 | template: ./${{ env.BICEP_FILE_PATH }}/${{ env.BICEP_FILE_NAME }}.json # Set this to the location of your template file 118 | parameters: apimName=${{ env.APIM_NAME }} openApiUrl=${{ env.API_DOCUMENT_URL }} originUrl=${{ env.ORIGIN_URL }} apimApiName=${{ env.API_NAME }} 119 | 120 | # Azure logout 121 | - name: logout 122 | run: | 123 | az logout 124 | if: always() 125 | -------------------------------------------------------------------------------- /AppService/sitecontainers-webapp-on-azure.yml: -------------------------------------------------------------------------------- 1 | 2 | # This GitHub Actions workflow builds and deploys SiteContainers to an Azure Web App. 3 | # It builds two containers (router-app and hello-app) and pushes them to a container registry 4 | 5 | # Structure of the sample project, where router-app is the main container and hello-app is the sidecar container: 6 | # - router-app/ 7 | # - requirements.txt 8 | # - app.py 9 | # - Dockerfile 10 | # - hello-app/ 11 | # - Dockerfile 12 | # - app.py 13 | # - requirements.txt 14 | # - .github/workflows/sitecontainers-webapp-on-azure.yml 15 | 16 | name: Build and deploy SiteContainer app to Azure Web App 17 | on: 18 | push: 19 | branches: 20 | - main 21 | workflow_dispatch: 22 | 23 | env: 24 | AZURE_WEBAPP_NAME: 'your-web-app-name' # Replace with your Azure Web App name 25 | CONTAINER_REGISTRY: ${{ secrets.CONTAINER_REGISTRY }} # Set secret with Container Registry URL, example : xyz.azurecr.io 26 | AZURE_WEBAPP_SLOT_NAME: 'production' # Replace with your Azure Web App slot name, if applicable 27 | jobs: 28 | build: 29 | runs-on: ubuntu-latest 30 | permissions: 31 | contents: read #This is required for actions/checkout 32 | 33 | steps: 34 | - uses: actions/checkout@v4 35 | 36 | - name: Set up Docker Buildx 37 | uses: docker/setup-buildx-action@v2 38 | 39 | - name: Log in to container registry 40 | uses: docker/login-action@v2 41 | with: 42 | registry: ${{ env.CONTAINER_REGISTRY }} 43 | username: ${{ secrets.USERNAME }} 44 | password: ${{ secrets.PASSWORD }} 45 | 46 | # Mention all the containers one by one you want to build and push 47 | - name: Build and push container router-app image to registry # This is the first container (main container) 48 | uses: docker/build-push-action@v3 49 | with: 50 | context: ./router-app # Path to the context for container 1, in this case, router-app 51 | push: true 52 | tags: ${{ env.CONTAINER_REGISTRY }}/test/router-app:${{ github.sha }} # Use the sha of the commit as the tag, specify the image name 53 | file: ./router-app/Dockerfile # Path to the Dockerfile for container 1 54 | 55 | - name: Build and push container hello-app image to registry # This is the second container (secondary container) 56 | uses: docker/build-push-action@v3 57 | with: 58 | context: ./hello-app # Path to the context for container 2, in this case, hello-app 59 | push: true 60 | tags: ${{ env.CONTAINER_REGISTRY }}/test/hello-app:${{ github.sha }} # Use the sha of the commit as the tag, specify the image name 61 | file: ./hello-app/Dockerfile # Path to the Dockerfile for container 2 62 | 63 | deploy: 64 | runs-on: ubuntu-latest 65 | permissions: 66 | id-token: write #This is required for requesting the JWT 67 | contents: read #This is required for actions/checkout 68 | 69 | needs: build 70 | 71 | steps: 72 | 73 | - name: Login to Azure 74 | uses: azure/login@v2 75 | with: 76 | client-id: ${{ secrets.CLIENTID }} 77 | tenant-id: ${{ secrets.TENANTID }} 78 | subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID }} 79 | 80 | - name: Deploy to Azure Web App 81 | id: deploy-to-webapp 82 | uses: azure/webapps-deploy@v2 83 | with: 84 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 85 | slot-name: ${{ env.AZURE_WEBAPP_SLOT_NAME }} 86 | # Mention properties for the containers one by one in a list of json objects 87 | sitecontainers-config: >- 88 | [ 89 | { 90 | "name": "main", 91 | "image": "${{ env.CONTAINER_REGISTRY }}/test/router-app:${{ github.sha }}", 92 | "targetPort": 5000, 93 | "isMain": true, 94 | "environmentVariables": [{"name": "testing", "value": "TestEnv"}], 95 | "volumeMounts": [{"name": "abc", "mountPath": "xyz", "readOnly" : true}] 96 | }, 97 | { 98 | "name": "hello-app", 99 | "image": "${{ env.CONTAINER_REGISTRY }}/test/hello-app:${{ github.sha }}", 100 | "targetPort": 5001, 101 | "isMain": false 102 | } 103 | ] 104 | 105 | # Following properties can be set for each container in the sitecontainers-config list. 106 | # SiteContainer 107 | # { 108 | # name: string, // mandatory 109 | # image: string, // mandatory 110 | # isMain: boolean, // mandatory 111 | # targetPort?: string, 112 | # startupCommand?: string, 113 | # authType?: AUTH_TYPE, 114 | # userName?: string, 115 | # passwordSecret?: string, 116 | # userManagedIdentityClientId?: string, 117 | # environmentVariables?: EnvironmentVariable[], 118 | # volumeMounts?: VolumeMount[], 119 | # inheritAppSettingsAndConnectionStrings?: boolean, 120 | # } 121 | 122 | # AUTH_TYPE is any of the following: 123 | # Anonymous, 124 | # UserCredentials, 125 | # SystemIdentity, 126 | # UserAssigned 127 | 128 | # type EnvironmentVariable { 129 | # name: string; // mandatory 130 | # value: string; // mandatory 131 | # } 132 | # type VolumeMount { 133 | # name: string; // mandatory 134 | # mountPath: string; // mandatory 135 | # readOnly?: boolean; 136 | # } -------------------------------------------------------------------------------- /AppService/vsts-blessed-sitecontainers.yml: -------------------------------------------------------------------------------- 1 | # This is a sample Azure DevOps pipeline YAML file for deploying a multi-container Python web application to Azure App Service. 2 | # It builds one Site Container (hello-app) and deploys it as a sidecar container alongside the blessed app (router-app). 3 | 4 | # Structure of the sample project, where router-app is the blessed app and hello-app is the sidecar container: 5 | # - router-app/ 6 | # - requirements.txt 7 | # - app.py 8 | # - hello-app/ 9 | # - Dockerfile 10 | # - app.py 11 | # - requirements.txt 12 | 13 | trigger: 14 | branches: 15 | include: 16 | - test/sitecontainer # replace with your branch name to trigger the pipeline 17 | 18 | variables: 19 | # Azure Resource Manager connection 20 | azureServiceConnectionId: 'sitecontainers-sc' 21 | 22 | # Web app name 23 | webAppName: 'vsts-blessed-3' 24 | 25 | # Project root folder 26 | projectRoot: 'LinuxAppService/SiteContainers/test/samples' 27 | 28 | # Python version 29 | pythonVersion: '3.10' 30 | 31 | 32 | # Container Registry service connection 33 | dockerRegistryServiceConnection: 'sitecontainersampleacr-sc' 34 | 35 | # Container Registry name 36 | containerRegistry: 'sitecontainerssampleacr.azurecr.io' # replace with your ACR login server 37 | helloAppImageName: 'test/hello-app' 38 | 39 | # Agent VM image 40 | pool: 41 | vmImage: 'ubuntu-latest' 42 | 43 | stages: 44 | # Build stage. 45 | # Builds the blessed app and sidecar container images and pushes them to ACR. 46 | - stage: Build 47 | displayName: Build stage 48 | jobs: 49 | - job: BuildJob 50 | steps: 51 | - task: UsePythonVersion@0 52 | inputs: 53 | versionSpec: '$(pythonVersion)' 54 | displayName: 'Use Python $(pythonVersion)' 55 | 56 | - script: | 57 | python -m venv antenv 58 | source antenv/bin/activate 59 | python -m pip install --upgrade pip 60 | pip install -r requirements.txt 61 | workingDirectory: $(projectRoot)/router-app 62 | displayName: "Install requirements" 63 | 64 | - task: ArchiveFiles@2 65 | displayName: 'Archive files' 66 | inputs: 67 | rootFolderOrFile: $(projectRoot)/router-app 68 | includeRootFolder: false 69 | archiveType: zip 70 | archiveFile: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip 71 | replaceExistingArchive: true 72 | 73 | - publish: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip 74 | displayName: 'Publish package' 75 | artifact: drop 76 | 77 | # Build and Push Docker hello app Image to ACR. 78 | # Any additional sidecar containers can be built and pushed in a similar way. 79 | - task: Docker@2 80 | displayName: 'Build and Push Docker hello app Image to ACR' 81 | inputs: 82 | containerRegistry: $(dockerRegistryServiceConnection) 83 | repository: $(helloAppImageName) 84 | command: buildAndPush 85 | Dockerfile: $(projectRoot)/hello-app/Dockerfile 86 | buildContext: $(projectRoot)/hello-app 87 | tags: | 88 | $(Build.BuildId) 89 | 90 | # Deploy stage. 91 | # Deploys the blessed app along with the sidecar container to Azure Web App. 92 | - stage: Deploy 93 | displayName: 'Deploy Web App' 94 | dependsOn: Build 95 | condition: succeeded() 96 | jobs: 97 | - job: DeployJob 98 | displayName: 'Deploy Job' 99 | steps: 100 | - download: current 101 | artifact: drop 102 | displayName: 'Download build artifact' 103 | 104 | - task: UsePythonVersion@0 105 | inputs: 106 | versionSpec: '$(pythonVersion)' 107 | displayName: 'Use Python $(pythonVersion)' 108 | 109 | - task: AzureWebApp@1 110 | displayName: 'Deploy Azure Web App : vsts-blessed-3' 111 | inputs: 112 | azureSubscription: $(azureServiceConnectionId) 113 | appName: $(webAppName) 114 | package: $(Pipeline.Workspace)/drop/$(Build.BuildId).zip 115 | # mention sidecar containers in sitecontainersConfig 116 | sitecontainersConfig: | 117 | [ 118 | { 119 | "name": "hello-app", 120 | "image": "$(containerRegistry)/$(helloAppImageName):$(Build.BuildId)", 121 | "targetPort": 5001, 122 | "isMain": false 123 | } 124 | ] 125 | 126 | # Following properties can be set for each container in the sitecontainersConfig list. 127 | # SiteContainer 128 | # { 129 | # name: string, // mandatory 130 | # image: string, // mandatory 131 | # isMain: boolean, // mandatory 132 | # targetPort?: string, 133 | # startupCommand?: string, 134 | # authType?: AUTH_TYPE, 135 | # userName?: string, 136 | # passwordSecret?: string, 137 | # userManagedIdentityClientId?: string, 138 | # environmentVariables?: EnvironmentVariable[], 139 | # volumeMounts?: VolumeMount[], 140 | # inheritAppSettingsAndConnectionStrings?: boolean, 141 | # } 142 | 143 | # AUTH_TYPE is any of the following: 144 | # Anonymous, 145 | # UserCredentials, 146 | # SystemIdentity, 147 | # UserAssigned 148 | 149 | # type EnvironmentVariable { 150 | # name: string; // mandatory 151 | # value: string; // mandatory 152 | # } 153 | # type VolumeMount { 154 | # name: string; // mandatory 155 | # mountPath: string; // mandatory 156 | # readOnly?: boolean; 157 | # } -------------------------------------------------------------------------------- /End-to-End/Serverless-web-application/spa-cicd.yml: -------------------------------------------------------------------------------- 1 | name: Build and publish Angular (SPA) 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | ENVIRONMENT_TYPE: 6 | description: 'Environment: dev, test, or prod' 7 | required: true 8 | default: 'dev' 9 | APP_NAME_PREFIX: 10 | description: 'Prefix to be used in naming Azure resources' 11 | required: true 12 | default: 'prefix' 13 | RESOURCE_GROUP_NAME: 14 | description: 'Resource Group to deploy Azure resources' 15 | required: true 16 | default: 'resource-group' 17 | CLIENT_URL: 18 | description: 'Client URL' 19 | required: true 20 | default: 'https://.azureedge.net' 21 | API_URL: 22 | description: 'API on APIM URL' 23 | required: true 24 | default: 'https://.azure-api.net/' 25 | AZURE_STORAGE_NAME: 26 | description: 'Azure storage account name' 27 | required: true 28 | default: 'storageaccountname' 29 | CDN_PROFILE_NAME: 30 | description: 'CDN profile name' 31 | required: true 32 | default: 'cdn-profile-name' 33 | CDN_ENDPOINT_NAME: 34 | description: 'CDN endpoint name' 35 | required: true 36 | default: 'cdn-endpoint-name' 37 | 38 | # CONFIGURATION 39 | # For help, go to https://github.com/Azure/Actions 40 | # 41 | # 1. Set up the following secrets in your repository: 42 | # AZURE_CREDENTIALS 43 | # 44 | # 2. Change below variables for your configuration: 45 | env: 46 | ENVIRONMENT_TYPE: ${{ github.event.inputs.ENVIRONMENT_TYPE }} 47 | APP_NAME_PREFIX: ${{ github.event.inputs.APP_NAME_PREFIX }} 48 | RESOURCE_GROUP_NAME: ${{ github.event.inputs.RESOURCE_GROUP_NAME }} 49 | CLIENT_URL: ${{ github.event.inputs.CLIENT_URL }} 50 | API_URL: ${{ github.event.inputs.API_URL }} 51 | AZURE_STORAGE_NAME: ${{ github.event.inputs.AZURE_STORAGE_NAME }} 52 | CDN_PROFILE_NAME: ${{ github.event.inputs.CDN_PROFILE_NAME }} 53 | CDN_ENDPOINT_NAME: ${{ github.event.inputs.CDN_ENDPOINT_NAME }} 54 | APP_SOURCE_PATH: 'src' 55 | ANGULAR_PATH: 'client/angular/ToDoSpa' 56 | NODE_VERSION: '14' 57 | BICEP_FILE_PATH: 'deploy' 58 | 59 | jobs: 60 | angular_cicd: 61 | runs-on: ubuntu-latest 62 | steps: 63 | # Authentication 64 | # Set up the following secrets in your repository: AZURE_CREDENTIALS 65 | # For details on usage of secrets, please refer https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 66 | - name: Azure Login 67 | uses: azure/login@v1 68 | with: 69 | creds: ${{ secrets.AZURE_CREDENTIALS }} 70 | 71 | # Checkout 72 | - name: Checkout 73 | uses: actions/checkout@v1 74 | 75 | # Run app registration against AAD using PowerShell script 76 | - name: 'App Registration' 77 | id: appRegistration 78 | continue-on-error: true 79 | shell: pwsh 80 | run: | 81 | .\${{ env.BICEP_FILE_PATH }}\scripts\appRegistrationAndPermission.ps1 ` 82 | -clientName ${{ env.APP_NAME_PREFIX }}${{ env.ENVIRONMENT_TYPE }} ` 83 | -apiName fn-${{ env.APP_NAME_PREFIX }}-${{ env.ENVIRONMENT_TYPE }} ` 84 | -resourceGroup ${{ env.APP_NAME_PREFIX }}-${{ env.ENVIRONMENT_TYPE }}-rg ` 85 | -staticWebURL https://${{ env.APP_NAME_PREFIX }}-${{ env.ENVIRONMENT_TYPE }}.azureedge.net 86 | 87 | # Set app configurations of Angular 88 | - name: 'Replace tokens' 89 | uses: cschleiden/replace-tokens@v1.0 90 | with: 91 | tokenPrefix: '__' 92 | tokenSuffix: '__' 93 | files: ${{ github.workspace }}/${{ env.APP_SOURCE_PATH }}/${{ env.ANGULAR_PATH }}/src/app/app-config.json 94 | env: 95 | clientAppId: ${{ steps.appRegistration.outputs.clientId }} 96 | clientAppURL: ${{ env.CLIENT_URL }} 97 | apimURL: ${{ env.API_URL }} 98 | backendAPIScope: ${{ steps.appRegistration.outputs.scope }} 99 | tenantDomainName: ${{ steps.appRegistration.outputs.tenantDomainName }} 100 | 101 | # Setup Node.js environment 102 | - name: Setup Node.js ${{ env.NODE_VERSION }} environment 103 | uses: actions/setup-node@v2 104 | with: 105 | node-version: ${{ env.NODE_VERSION }} 106 | 107 | # Build Angular application 108 | - name: Build Angular application 109 | run: | 110 | pushd ./${{ env.APP_SOURCE_PATH }}/${{ env.ANGULAR_PATH }} 111 | npm install 112 | npm install -g @angular/cli 113 | ng build -c=production --output-path=./dist 114 | popd 115 | 116 | # Deploy Angular application to Storage Account 117 | - name: Publish static website to Azure storage account ${{ env.AZURE_STORAGE_NAME }} 118 | uses: Azure/cli@1.0.4 119 | with: 120 | # Azure CLI version to be used to execute the script. If not provided, latest version is used 121 | azcliversion: 2.21.0 122 | # Specify the script here 123 | inlineScript: az storage blob upload-batch -s ./${{ env.APP_SOURCE_PATH }}/${{ env.ANGULAR_PATH }}/dist -d '$web' --account-name ${{ env.AZURE_STORAGE_NAME }} 124 | 125 | # Purge CDN endpoint 126 | - name: Purge CDN endpoint on ${{ env.CDN_ENDPOINT_NAME }} 127 | uses: Azure/cli@1.0.4 128 | with: 129 | azcliversion: 2.21.0 130 | inlineScript: | 131 | az cdn endpoint purge --content-paths "/*" --profile-name ${{ env.CDN_PROFILE_NAME }} --name ${{ env.CDN_ENDPOINT_NAME }} --resource-group ${{ env.RESOURCE_GROUP_NAME }} 132 | 133 | # Azure logout 134 | - name: logout 135 | run: | 136 | az logout 137 | if: always() 138 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Starter Action Workflows to deploy to Azure 2 | 3 | [GitHub Actions for Azure](https://github.com/Azure/actions) help you easily create workflows to build, test, package, release and deploy to Azure, following a push or pull request. 4 | 5 | You use Azure starter templates present in this repo to easily create GitHub CI/CD workflows targeting Azure, to deploy your apps created with popular languages and frameworks such as .NET, Node.js, Java, PHP, Ruby or Python, in containers or running on any operating system. 6 | 7 | ## Guidelines to select/author a new sample workflow 8 | 9 | **Folder Structure:** 10 | These workflow samples to automate your deployment workflows targeting various Azure services are organized under folders of same names. For example: `/AppService/asp.net-core-webapp-on-azure.yml` 11 | 12 | - [**/AppService** ](https://github.com/Azure/actions-workflow-samples/tree/master/AppService) Samples to configure and deploy web applications that scale with your business, to [Azure App Service](https://azure.microsoft.com/en-us/services/app-service/web/) 13 | 14 | - [**/AzureCLI**](https://github.com/Azure/actions-workflow-samples/tree/master/AzureCLI) Samples to run Azure CLI scripts to provision and manage Azure resources from a GitHub Action workflow 15 | 16 | - [**/ARM**](https://github.com/Azure/actions-workflow-samples/tree/master/ARM) Samples to deploy [Azure Resource Manager templates](https://docs.microsoft.com/bs-latn-ba/azure/azure-resource-manager/templates/) 17 | 18 | - [**/AzurePipelines**](https://github.com/Azure/actions-workflow-samples/tree/master/AzurePipelines) Samples to trigger a CD run in Azure Pipelines from a GitHub Action workflow 19 | 20 | - [**/Database**](https://github.com/Azure/actions-workflow-samples/tree/master/Database) Samples to deploy to a database on Azure, [Azure SQl database](https://azure.microsoft.com/en-us/services/sql-database/) or [Azure MySQL database](https://azure.microsoft.com/en-us/services/mysql/) 21 | 22 | - [**/FunctionApp**](https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp) Samples to build and deploy serverless apps to [Azure Functions](https://azure.microsoft.com/en-us/services/functions/) 23 | 24 | - [**/Kubernetes**](https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes) Samples to deploy to any Kubernetes cluster on-premise or any cloud including [Azure Kubernetes service](https://azure.microsoft.com/en-us/services/kubernetes-service/) 25 | 26 | - [**/MachineLearning**](https://github.com/Azure/actions-workflow-samples/tree/master/MachineLearning) Samples to build and deploy machine learning models using [Azure Machine Learning](https://docs.microsoft.com/en-us/azure/machine-learning/) 27 | 28 | - [**/Terraform**](https://github.com/Azure/actions-workflow-samples/tree/master/Terraform) Samples to deploy infrastructure to an Azure subscription using [Terraform Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html) 29 | 30 | - [**/AzurePolicy**](https://github.com/Azure/actions-workflow-samples/tree/master/AzurePolicy) Samples to trigger on-demand Azure Policy compliance scans from a GitHub Action workflow 31 | 32 | - [**/End-to-End/Serverless**](/End-to-End/Serverless-web-application) Sample to deploy and manage the lifecycle of a [serverless web application](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/serverless/web-app). The application serves static content from Azure Blob Storage, and implements an API using Azure Functions which is exposed through API Management. The API reads data from Cosmos DB and returns the results to the web app. 33 | 34 | **Naming Notation:** 35 | * `os-ecosystem-ServiceName-on-azure`: example, linux-container-functionapp-on-azure.yml 36 | * OS in the name is optional if the action workflow sample is OS agnostic and doesnt significantly change between OS (Linux/Windows) 37 | * Ecosystem can be a language (.NET, Nodejs, java, Python, Ruby etc.) or Docker/Container Or Database flavours like SQL/MySQL etc. 38 | 39 | **Workflow structure** 40 | * Include 'name' for every workflow to indicate the purpose of the workflow 41 | * Ensure that starter workflows run on: push by default. 42 | * For all secrets to be defined in the workflow, use UPPER_CASE with underscore delimiters instead of snake_case or camelCase. 43 | * Include a commented **Configuration section** which includes hyperlinks to documentation for the Actions used and other pre-reqs. 44 | * Define environment variables as part of configuration. We think this will help provide visibility into the things that need to be configured as part of te workflow. 45 | * Ensure all Azure actions referenced in the workflow are pointing to a released version of the action and not from the master. For list of all released GitHub actions for Azure, please refer to https://github.com/Azure/actions 46 | 47 | ## Contributing 48 | 49 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 50 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 51 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. 52 | 53 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide 54 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions 55 | provided by the bot. You will only need to do this once across all repos using our CLA. 56 | 57 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 58 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 59 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 60 | -------------------------------------------------------------------------------- /Kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # Deploy to Kubernetes using GitHub Actions 2 | 3 | We have released multiple actions to help you connect to a Kubernetes cluster running on-premises or on any cloud (including Azure Kubernetes Service – AKS), bake and deploy manifests, substitute artifacts, check rollout status, and handle secrets within the cluster. 4 | - [Kubectl tool installer](https://github.com/Azure/setup-kubectl)(`azure/setup-kubectl`): Installs a specific version of kubectl on the runner. 5 | - [Kubernetes set context](https://github.com/Azure/k8s-set-context)(`azure/k8s-set-context`): Used for setting the target Kubernetes cluster context which will be used by other actions or run any kubectl commands. 6 | - [AKS set context](https://github.com/Azure/aks-set-context)(`azure/aks-set-context`): Used for setting the target Azure Kubernetes Service cluster context . 7 | - [Kubernetes create secret](https://github.com/Azure/k8s-create-secret)(`azure/k8s-create-secret`): Create a generic secret or docker-registry secret in the Kubernetes cluster. 8 | - [Kubernetes deploy](https://github.com/Azure/k8s-deploy)(`azure/ k8s-deploy`): Use this to bake and deploy manifests to Kubernetes clusters. 9 | - [Setup Helm](https://github.com/Azure/setup-helm)(`azure/setup-helm`): Install a specific version of Helm binary on the runner. 10 | - [Kubernetes bake](https://github.com/Azure/k8s-bake)(`azure/k8s-bake`): Use this action to bake manifest file to be used for deployments using helm2, kustomize or kompose. 11 | 12 | # Action Samples for deploying to to Kubernetes 13 | 14 | Refer to [starter templates](https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes) to easily get started: 15 | - [Deploy to AKS using Manifest files](https://github.com/Azure/actions-workflow-samples/blob/master/Kubernetes/build-and-deploy-docker-image-aks-using-manifests.yml) to build & a container image to ACR (Azure Container Registry) and deploy to AKS. 16 | - [Deploy to AKS using Helm](https://github.com/Azure/actions-workflow-samples/blob/master/Kubernetes/build-and-deploy-docker-image-to-aks-using-helm.yml) to build & a container image to ACR (Azure Container Registry) and deploy to AKS. 17 | 18 | The workflows contain primarily the below sections: 19 | 20 | | Section | Actions | 21 | |------------|---------| 22 | | Authentication | Login to a private container registry (ACR) | 23 | | Build | Build & push the container image | 24 | | Deploy | Set the target cluster context ; Create a generic/docker-registry secret in Kubernetes cluster ; Deploy to the Kubernetes cluster| 25 | 26 | # Build & Push container images 27 | For containerized apps (single- or multi-containers) to create a complete workflow 28 | - use [Docker login](https://github.com/Azure/docker-login)(`azure/docker-login`) for authentication 29 | And then run docker commands to build container images, push to the container registry (Docker Hub or Azure Container Registry) and then deploy the images to a Azure Web App or Azure Function for Containers, or to Kubernetes. 30 | 31 | # Deploy to Azure Kubernetes Service (AKS) 32 | 33 | To deploy to a cluster on Azure Kubernetes Service, you could use [`azure/aks-set-context`](https://github.com/Azure/aks-set-context/) to communicate with the AKS cluster using Azure credentials, 34 | and then use `azure/k8s-create-secret` to create a pull image secret and finally use the `azure/k8s-deploy` to deploy the manifest files. 35 | 36 | ## Configure Azure credentials: 37 | 38 | To fetch the credentials required to authenticate with Azure, run the following command: 39 | 40 | ```sh 41 | az ad sp create-for-rbac --name "myApp" --role contributor \ 42 | --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \ 43 | --sdk-auth 44 | 45 | # Replace {subscription-id}, {resource-group} with the subscription, resource group details 46 | 47 | # The command should output a JSON object similar to this: 48 | 49 | { 50 | "clientId": "", 51 | "clientSecret": "", 52 | "subscriptionId": "", 53 | "tenantId": "", 54 | (...) 55 | } 56 | ``` 57 | Add the json output as [a secret](https://developer.github.com/actions/managing-workflows/storing-secrets/) (let's say with the name `AZURE_CREDENTIALS`) in the GitHub repository. 58 | 59 | 60 | # Deploy to any Kubernetes cluster (On-Prem/ Any cloud) 61 | To connect to a cluster on any Kubernetes cluster, you could use [`azure/k8s-set-context`](https://github.com/Azure/k8s-set-context/); 62 | and then use [`azure/k8s-create-secret`](https://github.com/Azure/k8s-create-secret/tree/master) or [`azure/k8s-deploy`](https://github.com/Azure/k8s-deploy/tree/master), or run any kubectl commands. 63 | 64 | Use secret (https://developer.github.com/actions/managing-workflows/storing-secrets/) in workflow for kubeconfig or k8s-values. 65 | 66 | PS: `kubeconfig` takes precedence (i.e. kubeconfig would be created using the value supplied in kubeconfig) 67 | 68 | ## Steps to get Kubeconfig of a K8s cluster: 69 | 70 | ### For AKS 71 | ```sh 72 | az aks get-credentials --name 73 | --resource-group 74 | [--admin] 75 | [--file] 76 | [--overwrite-existing] 77 | [--subscription] 78 | ``` 79 | Refer to https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-get-credentials 80 | 81 | ### For any K8s cluster 82 | Please refer to https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/ 83 | 84 | 85 | ## Steps to get Service account: 86 | 87 | #### k8s-url: Run in your local shell to get server K8s URL 88 | ```sh 89 | kubectl config view --minify -o jsonpath={.clusters[0].cluster.server} 90 | ``` 91 | #### k8s-secret: Run following sequential commands to get the secret value: 92 | Get service account secret names by running 93 | ```sh 94 | kubectl get sa -n -o=jsonpath={.secrets[*].name} 95 | ``` 96 | 97 | Use the output of the above command 98 | ```sh 99 | kubectl get secret -n -o json 100 | ``` 101 | ## Using secret for Kubeconfig or Service Account 102 | Now add the values as [a secret](https://developer.github.com/actions/managing-workflows/storing-secrets/) in the GitHub repository. In the example below the secret name is `KUBE_CONFIG` and it can be used in the workflow by using the following syntax: 103 | ```yaml 104 | - uses: azure/k8s-set-context@v1 105 | with: 106 | kubeconfig: ${{ secrets.KUBE_CONFIG }} 107 | ``` 108 | --------------------------------------------------------------------------------