Blazor WebAssembly website backed by a RESTful API for a generic online store.
This app is deployed via GitHub Actions using Terraform into Azure.
- Install terraform CLI (https://learn.hashicorp.com/tutorials/terraform/install-cli).
- Install Azure CLI (https://learn.hashicorp.com/tutorials/terraform/azure-build).
- (azure portal) Create a subscription called 'Online Store'.
- (powershell) Authenticate with Azure (
az login
). - (powershell) Run the contents of azure_setup_terraform_state.ps1 for each environment (local/test/prod), updating the value of
$CONTAINER_NAME
each time. - (powershell) Initialise terraform from the terraform directory (
terraform init -backend-config="backend.local.hcl"
).
The GitHub runner needs to connect to Azure Storage (Terraform state file) and other Azure services (app deployment) to execute this repositories Actions. Sensitive connection properties are stored in the repository secrets.
- (powershell) Authenticate with Azure (
az login
). - (powershell) Get your subscription id (
az account list
). - (powershell) Specify which subscription you want to use (
az account set --subscription="SUBSCRIPTION_ID"
). - (powershell) Create the service principal in the 'Online Store' subscription (
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID" --sdk-auth
). This will output some JSON that the runner will use to log into Azure (stored in repo secretAZURE_CREDENTIALS
). In addition, the following repository secrets should be extracted from this JSON (which are needed for terraform steps):- subscriptionId
- clientId -
TF_VAR_AGENT_CLIENT_ID
- clientSecret -
TF_VAR_AGENT_CLIENT_SECRET
- tenantId -
TF_VAR_TENANT_ID
For more information, read 'Azure Provider: Authenticating using a Service Principal with a Client Secret'.
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"
Name | Description | Example value |
---|---|---|
AZURE_CREDENTIALS |
The password of the service principal account. | { FULL JSON FROM SERVICE PRINCIPAL CREATE } |
TF_VAR_AGENT_CLIENT_ID |
The id of the service principal account. | 00000000-0000-0000-0000-000000000000 |
TF_VAR_AGENT_CLIENT_SECRET |
The password of the service principal account. | XXXXXXXXXXXXXXXXXXXXXXXXXXX-X-XXXX |
TF_VAR_SUBSCRIPTION_ID |
The id of the 'Online Store' subscription. | 00000000-0000-0000-0000-000000000000 |
TF_VAR_TENANT_ID |
The tenant that the service principal account belongs to. | 00000000-0000-0000-0000-000000000000 |