AzVmImageSnapshots/az-deploy-infra.yml at main · chuculain/AzVmImageSnapshots · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# Azure Pipeline for Deploying Bicep Infrastructure
# This pipeline deploys the resource group, compute gallery, and VM resources using tested Bicep files.

trigger:
- main

pool:
  vmImage: 'ubuntu-latest'

variables:
  azureSubscription: 'AzureRessourceManagement'
  location: 'canadacentral'
  resourceGroupName: 'dcacerg'
  galleryName: 'dcacecg'
  imageDefinitionName: 'dwinlatest'
  vmName: 'dcacevm1'
  vnetName: 'dcacevnet'
  subnetName: 'dcacesubnet'
  keyVaultName: 'dcacekv'

stages:
- stage: DeployInfra
  displayName: 'Deploy Infrastructure'
  jobs:
  - job: DeployRG
    displayName: 'Deploy Resource Group'
    steps:
    - task: AzureCLI@2
      displayName: 'Deploy Resource Group Bicep'
      inputs:
        azureSubscription: $(azureSubscription)
        scriptType: 'pscore'
        scriptLocation: 'inlineScript'
        inlineScript: |
          az deployment sub create `
            --location $(location) `
            --template-file infra/create-rg.bicep `
            --parameters resourceGroupName=$(resourceGroupName)

  - job: DeployGallery
    displayName: 'Deploy Compute Gallery, VNet, NSG'
    dependsOn: DeployRG
    steps:
    - task: AzureCLI@2
      displayName: 'Deploy Compute Gallery Bicep'
      inputs:
        azureSubscription: $(azureSubscription)
        scriptType: 'pscore'
        scriptLocation: 'inlineScript'
        inlineScript: |
          az deployment group create `
            --resource-group $(resourceGroupName) `
            --template-file infra/compute-gallery.bicep `
            --parameters galleryName=$(galleryName) keyVaultName=$(keyVaultName)

  - job: SetAdminPassword
    displayName: 'Generate and Store Admin Password in Key Vault'
    dependsOn: DeployGallery
    steps:
    - task: AzureCLI@2
      displayName: 'Generating key vault secret'
      inputs:
        azureSubscription: $(azureSubscription)
        scriptType: 'pscore'
        scriptLocation: 'inlineScript'
        inlineScript: |
          $secretId = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 20 | % {[char]$_})
          az keyvault secret set --vault-name $(keyVaultName) --name "secretId" --value $secretId
          echo "##vso[task.setvariable variable=secretId;issecret=true]$secretId"

  - job: DeployVM
    displayName: 'Deploy VM from Marketplace Image'
    dependsOn: SetAdminPassword
    steps:
    - task: AzureCLI@2
      displayName: 'Deploy VM Bicep'
      inputs:
        azureSubscription: $(azureSubscription)
        scriptType: 'pscore'
        scriptLocation: 'inlineScript'
        inlineScript: |
          az deployment group create `
            --resource-group $(resourceGroupName) `
            --template-file infra/vm-from-store.bicep `
            --parameters @infra/vm.parameters.json

# Secrets (adminUsername, adminPassword) should be set as pipeline variables or Azure Key Vault references.
# Update 'azureSubscription' with your Azure service connection name.
# Adjust parameters as needed for your environment.