Overview

This project uses GitHub Actions, Bicep, and Azure CLI to deploy a static web app and dynamic assets stored in blob storage.

DevOps Practices

Infrastructure as Code (IaC)

Infrastructure for the project is managed using Azure Bicep files located under the infra directory.

// Example from backend.bicep
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
  name: storageAccountName
  location: location
  ...
}

Continuous Integration/Continuous Deployment (CI/CD)

CI/CD is managed using GitHub Actions. The workflow is defined in the .github/workflows/build-and-deploy-to-azure.yml file.

name: Build and Deploy to Azure

on:
  push:
    branches:
      - main
      ...

Version Control

Git is used for version control with meaningful commit messages.

File Structure

├── .github
│ └── workflows
│ └── build-and-deploy-to-azure.yml
├── assets
│ ├── Kenneth-Carnes-Resume.pdf
│ └── Photo.jpg
├── infra
│ ├── backend.bicep
│ ├── frontend.bicep
│ └── main.bicep
├── scripts
│ └── update-placeholders.py
└── src
├── index.html
└── css
└── styles.css

Azure Role-Based Access Control (RBAC) Setup

This guide walks you through the process of setting up Azure RBAC using Azure CLI commands.

Prerequisites

Make sure you have Azure CLI installed and you're logged in to your Azure account.

1. Create an Azure Active Directory Application

az ad app create --display-name "display-name"

2. Create a service principal for the Azure AD application

Replace <App ID> with the ID of the Azure AD application you created in Step 1.

az ad sp create --id "<App ID>"

3. Create a Resource Group

az group create --name "rg-name-prod-001" --location "eastus2"

4. Assign Roles

Replace <Subscription ID> and <Object ID> with your Azure Subscription ID and the Object ID of the service principal you created in Step 2. Assign contributor role to the service principal for a specific resource group

az role assignment create --role "contributor" --subscription "<Subscription ID>" --assignee-object-id "<Object ID>" --assignee-principal-type "ServicePrincipal" --scope "/subscriptions/<Subscription ID>/resourceGroups/rg-name-prod-001"

5. Create Service Principal for RBAC

Replace <App ID> and <Subscription ID> with your Azure Application ID and Subscription ID, respectively. Create a service principal and assign it contributor role within the scope of the specific resource group.

az ad sp create-for-rbac --name "kc-app-github-azure-swa" --role "contributor" --scopes "/subscriptions/<Subscription ID>/resourceGroups/rg-name-prod-001" --sdk-auth

TODO: Future Enhancements

• Multi-environment Support: Implement a multi-environment deployment strategy (dev, staging, prod) using the following techniques:

  • GitHub Secrets: Set up environment-specific secrets for resource names, configurations, etc.
  • Workflow Branching: Modify the GitHub Actions workflow to conditionally deploy to different environments based on the branch (e.g., main triggers production deployment, develop to dev environment).
  • Bicep Parameterization: Ensure Bicep files are generic and use parameters to pass in environment-specific values.

• Automated Testing: Add testing steps to the GitHub Actions workflow to validate Bicep templates and infrastructure deployments.