feat(infra): convert infrastructure to code (#311)

victorfrye · Feb 14, 2025 · 24372af · 24372af
1 parent 93d40c1
commit 24372af
Show file tree

Hide file tree

Showing 5 changed files with 278 additions and 3 deletions.
diff --git a/.github/workflows/azure-swa.yml b/.github/workflows/azure-swa.yml
@@ -3,9 +3,15 @@ name: Azure Static Web Apps CI/CD
 on:
   push:
     branches: ['main']
+    paths:
+      - 'src/WebClient/**'
+      - '.github/workflows/azure-swa.yml'
   pull_request:
     types: [opened, synchronize, reopened, closed]
     branches: ['main']
+    paths:
+      - 'src/WebClient/**'
+      - '.github/workflows/azure-swa.yml'
 
 permissions:
   contents: read
@@ -55,7 +61,7 @@ jobs:
 
       - name: Deploy static web app
         id: deploy
-        uses: Azure/static-web-apps-deploy@v1
+        uses: azure/static-web-apps-deploy@v1
         env:
           SKIP_DEPLOY_ON_MISSING_SECRETS: ${{ github.event_name == 'pull_request' }}
           IS_STATIC_EXPORT: true
@@ -76,7 +82,7 @@ jobs:
 
       - name: Close pull request
         id: closepullrequest
-        uses: Azure/static-web-apps-deploy@v1
+        uses: azure/static-web-apps-deploy@v1
         env:
           SKIP_DEPLOY_ON_MISSING_SECRETS: ${{ github.event_name == 'pull_request' }}
         with:

diff --git a/.github/workflows/bicep.yml b/.github/workflows/bicep.yml
@@ -0,0 +1,103 @@
+name: Bicep CI/CD
+
+on:
+  push:
+    branches: ['main']
+    paths:
+      - 'infra/**'
+      - '.github/workflows/bicep.yml'
+  pull_request:
+    types: [opened, synchronize, reopened, closed]
+    branches: ['main']
+    paths:
+      - 'infra/**'
+      - '.github/workflows/bicep.yml'
+
+permissions:
+  contents: read
+  pull-requests: write
+  id-token: write
+
+defaults:
+  run:
+    shell: pwsh
+
+jobs:
+  deploy:
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+    name: Deploy
+
+    environment: Production
+
+    concurrency:
+      group: ${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Create deployment
+        uses: azure/bicep-deploy@v2
+        with:
+          type: deployment
+          operation: create
+          name: Development
+          scope: resourceGroup
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          resource-group-name: ${{ vars.AZURE_RG }}
+          template-file: ./infra/main.bicep
+          parameters-file: ./infra/main.bicepparam
+          action-on-unmanage-resources: delete
+
+  validate:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    name: Validate
+
+    environment: Production
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Validate deployment
+        uses: azure/bicep-deploy@v2
+        with:
+          type: deployment
+          operation: validate
+          name: Development
+          scope: resourceGroup
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          resource-group-name: ${{ vars.AZURE_RG }}
+          template-file: ./infra/main.bicep
+          parameters-file: ./infra/main.bicepparam
+          action-on-unmanage-resources: delete
+
+      - name: Preview deployment
+        uses: azure/bicep-deploy@v2
+        with:
+          type: deployment
+          operation: whatIf
+          name: Development
+          scope: resourceGroup
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          resource-group-name: ${{ vars.AZURE_RG }}
+          template-file: ./infra/main.bicep
+          parameters-file: ./infra/main.bicepparam
+          action-on-unmanage-resources: delete
diff --git a/README.md b/README.md
@@ -2,7 +2,8 @@
 
 The virtual graveyard for remembering those killed by Microsoft
 
-[![Azure Static Web Apps CI/CD](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/azure-swa.yml/badge.svg)](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/azure-swa.yml)
+[![Azure Static Web Apps CI/CD](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/azure-swa.yml/badge.svg)](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/azure-swa.yml/badge.svg)
+[![Bicep CI/CD](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/bicep.yml/badge.svg)](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/bicep.yml/badge.svg)()
 [![CodeQL](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/victorfrye/microsoftgraveyard/actions/workflows/github-code-scanning/codeql)
 [![GitHub Issues](https://img.shields.io/github/issues/victorfrye/microsoftgraveyard)](https://github.com/victorfrye/microsoftgraveyard/issues)
 [![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/.github/CODE_OF_CONDUCT.md)

diff --git a/infra/main.bicep b/infra/main.bicep
@@ -0,0 +1,152 @@
+param projectName string
+param appName string
+param domainName string
+param appRepo string
+
+param googleVerificationCode string
+param bingVerificationCode string
+
+param location string = resourceGroup().location
+
+// MARK: Static Web App
+
+resource swaApp 'Microsoft.Web/staticSites@2024-04-01' = {
+  name: 'stapp-${appName}'
+  location: location
+  sku: {
+    name: 'Free'
+    tier: 'Free'
+  }
+  tags: {
+    Project: projectName
+  }
+  properties: {
+    repositoryUrl: 'https://github.com/${appRepo}'
+    branch: 'main'
+    stagingEnvironmentPolicy: 'Enabled'
+    allowConfigFileUpdates: true
+    provider: 'GitHub'
+    enterpriseGradeCdnStatus: 'Disabled'
+  }
+}
+
+resource swaBasicAuth 'Microsoft.Web/staticSites/basicAuth@2024-04-01' = {
+  parent: swaApp
+  name: 'default'
+  properties: {
+    applicableEnvironmentsMode: 'SpecifiedEnvironments'
+  }
+}
+
+resource swaApexDomain 'Microsoft.Web/staticSites/customDomains@2024-04-01' = {
+  parent: swaApp
+  name: domainName
+  properties: {
+    expiresOn: true
+  }
+}
+
+resource swaWwwDomain 'Microsoft.Web/staticSites/customDomains@2024-04-01' = {
+  parent: swaApp
+  name: 'www.${domainName}'
+}
+
+// MARK: Domain Name System
+
+resource dnsZone 'Microsoft.Network/dnszones@2023-07-01-preview' = {
+  name: domainName
+  location: 'global'
+  tags: {
+    Project: projectName
+  }
+  properties: {
+    zoneType: 'Public'
+  }
+}
+
+resource dnsNameServers 'Microsoft.Network/dnszones/NS@2023-07-01-preview' = {
+  parent: dnsZone
+  name: '@'
+  properties: {
+    TTL: 172800
+    NSRecords: [
+      {
+        nsdname: 'ns1-33.azure-dns.com.'
+      }
+      {
+        nsdname: 'ns2-33.azure-dns.net.'
+      }
+      {
+        nsdname: 'ns3-33.azure-dns.org.'
+      }
+      {
+        nsdname: 'ns4-33.azure-dns.info.'
+      }
+    ]
+  }
+}
+
+resource dnsStartOfAuthority 'Microsoft.Network/dnszones/SOA@2023-07-01-preview' = {
+  parent: dnsZone
+  name: '@'
+  properties: {
+    TTL: 3600
+    SOARecord: {
+      email: 'azuredns-hostmaster.microsoft.com'
+      expireTime: 2419200
+      host: 'ns1-33.azure-dns.com.'
+      minimumTTL: 300
+      refreshTime: 3600
+      retryTime: 300
+      serialNumber: 1
+    }
+  }
+}
+
+resource dnsAddress 'Microsoft.Network/dnszones/A@2023-07-01-preview' = {
+  parent: dnsZone
+  name: '@'
+  properties: {
+    TTL: 3600
+    targetResource: {
+      id: swaApp.id
+    }
+  }
+}
+
+resource dnsText 'Microsoft.Network/dnszones/TXT@2023-07-01-preview' = {
+  parent: dnsZone
+  name: '@'
+  properties: {
+    TTL: 3600
+    TXTRecords: [
+      {
+        value: [
+          'google-site-verification=${googleVerificationCode}'
+        ]
+      }
+    ]
+  }
+}
+
+resource dnsWwwCname 'Microsoft.Network/dnszones/CNAME@2023-07-01-preview' = {
+  parent: dnsZone
+  name: 'www'
+  properties: {
+    TTL: 3600
+    CNAMERecord: {
+      cname: swaApp.properties.defaultHostname
+    }
+  }
+}
+
+resource dnsBingVerification 'Microsoft.Network/dnszones/CNAME@2023-07-01-preview' = {
+  parent: dnsZone
+  name: bingVerificationCode
+  properties: {
+    TTL: 3600
+    CNAMERecord: {
+      cname: 'verify.bing.com'
+    }
+  }
+}
diff --git a/infra/main.bicepparam b/infra/main.bicepparam
@@ -0,0 +1,13 @@
+using 'main.bicep'
+
+param projectName = 'Microsoft Graveyard'
+
+param appName = 'graveyard'
+
+param appRepo = 'victorfrye/microsoftgraveyard'
+
+param domainName = 'microsoftgraveyard.com'
+
+param googleVerificationCode = 'ECVTPtgPN_gypG-dufpg8O0wFn7J_meWFqwqu99Oxno'
+
+param bingVerificationCode = 'd84e48dba14561f02127fe2a992c4268'