Skip to content

Workflow file for this run

name: Run Azure Login with OIDC
on: [push]
permissions:
id-token: write
contents: read
jobs:
# build-and-deploy:
# runs-on: ubuntu-latest
# steps:
# - name: Azure login
# uses: azure/login@v2
# with:
# client-id: ${{ secrets.AZURE_CLIENT_ID }}
# tenant-id: ${{ secrets.AZURE_TENANT_ID }}
# subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# - name: Azure CLI script
# uses: azure/cli@v2
# with:
# azcliversion: latest
# inlineScript: |
# az login
# az account show
# test2:
# name: 'build'
# runs-on: ubuntu-latest
# steps:
# - uses: azure/login@v2
# with:
# creds: ${{ secrets.AZURE_CREDENTIALS }}
# - name: Azure CLI script
# uses: azure/cli@v2
# with:
# azcliversion: latest
# inlineScript: |
# az account show
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
#environment: dev
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure CLI script
uses: azure/cli@v2
with:
azcliversion: latest
inlineScript: |
az account show
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v4
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
run: terraform init
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
run: terraform fmt -check
# Generates an execution plan for Terraform
- name: Terraform Plan
run: terraform plan -input=false
# On push to "main", build or change infrastructure according to Terraform configuration files
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
- name: Terraform Apply
# if : github.ref == 'refs/heads/"main"' && github.event_name == 'push'
run: terraform apply -auto-approve -input=false
sql-scripts:
name: 'Run SQL Scripts'
needs: terraform
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Azure Login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Run SQL scripts
env:
SQL_SERVER: ${{ secrets.Azure_SQL_SERVER_instance }}
SQL_DATABASE: 'testdb1' # test only
SQL_USERNAME: ${{ secrets.SQL_USERNAME }}
SQL_PASSWORD: ${{ secrets.SQL_PASSWORD }}
run: |
for script in ./azTerraform/scripts/*.sql
do
echo "Running script: ${script}"
echo "${script:0:15}"
echo "Debug: will be removed , TODO"
echo "instance: ${{ secrets.Azure_SQL_SERVER_instance }}"
echo "username: ${{ secrets.SQL_USERNAME }}"
sqlcmd -S ${{ secrets.Azure_SQL_SERVER_instance }} -d testdb1 -U ${{ secrets.SQL_USERNAME }} -P ${{ secrets.SQL_PASSWORD }} -Q "select * from sys.tables"
# sqlcmd -S ${{ secrets.Azure_SQL_SERVER_instance }} -d testdb1 -U ${{ secrets.SQL_USERNAME }} -P ${{ secrets.SQL_PASSWORD }} -i "$script"
done
- name: Logout from Azure
run: |
az logout
az cache purge
az account clear