Deploy using actions

.github/workflows/main_build_and_deploy_all.yml

@@ -0,0 +1,51 @@
+name: "Main: build and deploy all"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+
+env:
+  RESOURCE_GROUP_NAME: rg-policy-initiative-builder
+  BICEP_TEMPLATE: bicep/deploy.bicep
+  BICEP_DEPLOY_MODE: Incremental
+  ACR_SERVER: containerregistryexpecho
+  ACR_IMAGE: policyinitiativebuilder
+  DOCKER_FILE: ./src/PolicyInitiativeBuilder/Dockerfile
+  DOCKER_WORKING_DIRECTORY: ./src/PolicyInitiativeBuilder/
+
+permissions:
+  contents: read # Allow repo checkout
+  checks: write # Allow write check results (test reporter)
+  id-token: write # Allow requesting OIDC JWT
+
+jobs:
+  build-and-push-app:
+    name: Build Web App Docker image and push it to registry
+    uses: ./.github/workflows/reusable_docker_build_and_push_to_acr.yml
+    with:
+      docker-file: ${{ env.DOCKER_FILE }}
+      working-directory: ${{ env.DOCKER_WORKING_DIRECTORY }}
+      acr-name: ${{ env.ACR_SERVER }}
+      container-tags: |
+         ${{ env.ACR_SERVER }}.azurecr.io/${{ env.IMAGE }}:latest
+         ${{ env.ACR_SERVER }}.azurecr.io/${{ env.IMAGE }}:build-${{ github.run_number }}
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+
+  deploy-infra:
+    needs : build-and-push-app
+    name: Validate and deploy infrastructure
+    uses: ./.github/workflows/reusable_deploy_bicep_if_valid.yml
+    with:
+      resourceGroupName: ${{ env.RESOURCE_GROUP_NAME }}
+      template:  ${{ env.BICEP_TEMPLATE }}
+      parameters: cappImageName=${{ env.ACR_SERVER }}.azurecr.io/${{ env.IMAGE }}:build-${{ github.run_number }}
+      mode: ${{ env.BICEP_DEPLOY_MODE }}
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}      

.github/workflows/reusable_deploy_bicep_if_valid.yml

@@ -0,0 +1,75 @@
+name: "Deploy: infrastructure"
+
+on:
+  workflow_call:
+    inputs:
+      resourceGroupName:
+        description: "Name of the resource group"
+        required: true
+        type: string
+      location:
+        description: "Location of the resource group"
+        required: false
+        type: string
+        default: "West Europe"
+      tags:
+        description: "Space-separated tags for the resource group: key[=value] [key[=value] ...]"
+        required: true
+        type: string
+      template:
+        description: "Path to template file"
+        required: true
+        type: string
+      parameters:
+        description: "Path to parameters file"
+        required: true
+        type: string
+      mode:
+        description: "The deployment mode, accepted values: Complete, Incremental"
+        required: false
+        type: string
+        default: "Incremental"      
+
+    secrets:
+      AZURE_SUBSCRIPTION_ID:
+        required: true
+      AZURE_TENANT_ID:
+        required: true
+      AZURE_CLIENT_ID:
+        required: true
+
+jobs:
+  validate-infrastructure:
+    name: "Az deployment what-if "
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v3
+      - name: "Az CLI login"
+        uses: azure/login@v1
+        with:
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+      - name: "Az CLI what-if deployment"
+        run: |
+          az group create --name ${{ inputs.resourceGroupName }} --location '${{ inputs.location }}' --tags ${{ inputs.tags }}
+          az deployment group what-if --resource-group ${{ inputs.resourceGroupName }} --template-file ${{ inputs.template }} --parameters ${{ inputs.parameters }}
+
+  deploy-infrastructure-if:
+    name: "Az deployment"
+    needs: "validate-infrastructure"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v3
+      - name: "Az CLI login"
+        uses: azure/login@v1
+        with:
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+      - name: "Deploy to Azure"
+        run: |
+          az group create --name ${{ inputs.resourceGroupName }} --location '${{ inputs.location }}' --tags ${{inputs.tags}}
+          az deployment group create --resource-group ${{ inputs.resourceGroupName }} --template-file ${{ inputs.template }} --parameters ${{ inputs.parameters }} --mode ${{ inputs.mode }}

.github/workflows/reusable_docker_build_and_push_to_acr.yml

@@ -0,0 +1,60 @@
+name: "Docker: build container"
+
+on:
+  workflow_call:
+    inputs:
+      docker-file:
+        description: "Path to the docker file"
+        type: string
+        required: true
+      working-directory:
+        description: "Build context"
+        type: string
+        required: true
+      acr-name:
+        description: "Container registry name"
+        type: string
+        required: true
+      container-tags:
+        description: "Container tags"
+        type: string
+        required: true
+
+    secrets:
+      AZURE_SUBSCRIPTION_ID:
+        required: true
+      AZURE_TENANT_ID:
+        required: true
+      AZURE_CLIENT_ID:
+        required: true
+
+jobs:
+  build-and-push-container:
+    name: Docker build and push
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Az CLI login
+        uses: azure/login@v1
+        with:
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Login to container registry
+        run: |
+          az acr login --name ${{ inputs.acr-name }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          file: ${{ inputs.docker-file }}
+          context: ${{ inputs.working-directory }}
+          push: true
+          tags: ${{ inputs.container-tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/reusable_dotnet_build.yml

@@ -0,0 +1,49 @@
+name: "Build: dotnet"
+
+on:
+  workflow_call:
+    inputs:
+      dotnet-version:
+        description: ".NET cli version"
+        required: false
+        default: 9.0.x
+        type: string
+      project-folder:
+        description: "Path to the project"
+        required: true
+        type: string
+      publish-args:
+        description: "Arguments for dotnet publish, excluding --output"
+        required: false
+        default: -c Release --nologo
+        type: string
+      artifact-name:
+        description: "Name for the build artifact"
+        required: true
+        type: string
+
+env:
+  PUBLISH_FOLDER_NAME: pubDir
+
+jobs:
+  build:
+    name: "Build solution"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ inputs.project-folder }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: ${{ inputs.dotnet-version }}
+      - name: Publish
+        run: dotnet publish -o ${{ env.PUBLISH_FOLDER_NAME }} ${{ inputs.publish-args }}
+      - name: Upload Build Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ inputs.artifact-name }}
+          path: ${{ inputs.project-folder }}/${{ env.PUBLISH_FOLDER_NAME }}
+          retention-days: 30
+          if-no-files-found: error