Skip to content

Bicep Private Module Registry Demo with GitHub Actions

License

Notifications You must be signed in to change notification settings

kevball2/bicep-registry-demo

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Bicep Registry Demo

Publish

This repo contains code to publish a Bicep module to a Private Module Registry.

Description

This demo will publish modules under the modules path to a Bicep registry as defined in bicepconfig.json. This is done using a GitHub Actions workflow and a wrapper script. The latest git tag will be used as the module version.

You will then be able to deploy a template that refers to this module from the registry 💪

diagram

Prerequisites

  • Azure CLI
  • Bicep (install with az bicep install - you will need v0.4.1008 or newer)
  • An Azure subscription with Owner permissions
  • Permission to create a service principal in Azure AD

Usage

1. Fork the repo

  1. Fork this repo by clicking Fork in the top-right corner

2. Create an Azure Container Registry instance with Azure CLI

  1. Create a resource group
az group create -n bicep-registry-demo -l westeurope
  1. Create an Azure Container Registry
az acr create -g bicep-registry-demo -l westeurope -n <registry name> --sku basic

❗ Make note of the registry name you choose. This name must be globally unique.

3. Set up your GitHub repo

  1. Set your registry in bicepconfig.json

    • Change the registryName for the alias demoRegistry to the unique name from the step above. The value should be <registry name>.azurecr.io.
    • Learn more about the Bicep configuration file here.
  2. Create service principal with AcrPush permissions to the container registry, and add a secret to your GitHub repository

# Get the id of your ACR
SCOPE=$(az acr show -n <registry name> -g <resource group> --query id -o tsv)
#! Replace the values for registry name and resource group

az ad sp create-for-rbac --name "bicep-registry-demo-ci" --role AcrPush \
                         --scopes $SCOPE --sdk-auth

# The command should output a JSON object similar to this:
{
  "clientId": "<GUID>",
  "clientSecret": "<GUID>",
  "subscriptionId": "<GUID>",
  "tenantId": "<GUID>",
  (...)
}

# Copy this and add as a repository secret named AZURE_CREDENTIALS

4. Publish a module using GitHub Actions

  1. Modify the template in modules/storage/main.bicep.
    • Example: Update the location parameter to restrict allowed values
@allowed([
  'northeurope'
  'westeurope'
])
param location string = 'westeurope'
  1. Commit, tag and push changes
git add modules/storage/main.bicep
git commit -m "set allowed locations"
git tag v1.1.0
git push # push the commit
git push --tags # push the commit with tags

This will trigger the bicep-publish workflow and publish the module to the registry.

❗ Note that each new tag pushed will trigger a new published version.

To see the published modules in the registry see this.

4. Deploy template using module from registry with Azure CLI

There is a demo template in demo/main.bicep which uses the module from the registry:

module storage 'br/demoRegistry:storage:v1.1.0' = {
    ...
}

Note that this module refers to version v1.1.0. If you have published another version than this, please update the value in the template.

  1. Deploy the template by running the following command:
az deployment group create -n registry-demo -g bicep-registry-demo -f ./demo/main.bicep

✔️ Congratulations! - you've successfully deployed a Bicep template that refers to a remote module in a private module registry!

Next steps

To build upon this you can try:

  • Adding another module in the modules directory. The name of the directory will be the module name and it must have a main.bicep file within it. The workflow will parse all modules in the odules directory. Note that currently all modules will be deployed with the same version (git tag).
  • Consuming the module from the registry in a another workflow to deploy resources
    • You will need to set up a service principal that have AcrPull permissions and permissions to deploy resources (Contributor or equivalent)
  • Add more robust versioning automation (e.g. always publish a latest version on push to main) and use GitHub Releases to publish specific versions, or add individual versioning of modules.

Cleanup

Delete the resource group and the resources in in by running:

az group delete -n bicep-registry-demo

Learn more

About

Bicep Private Module Registry Demo with GitHub Actions

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • PowerShell 57.8%
  • Bicep 25.8%
  • Shell 16.4%