diff --git a/.github/workflows/azure-bicep.yml b/.github/workflows/azure-bicep.yml
new file mode 100644
index 0000000..674c999
--- /dev/null
+++ b/.github/workflows/azure-bicep.yml
@@ -0,0 +1,43 @@
+# https://learn.microsoft.com/ja-jp/azure/azure-resource-manager/bicep/deploy-github-actions
+name: Azure Bicep
+
+on:
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy-bicep:
+    runs-on: ubuntu-latest
+    environment: Production
+    defaults:
+      run:
+        working-directory: 'bicep'
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Azure CLI
+      uses: azure/login@v2
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    - name: Create resource group
+      id: resourceGroup
+      run: |
+        RESOURCE_GROUP=rg-bicep-from-actions-$RANDOM
+        echo "group-name=$RESOURCE_GROUP" >> $GITHUB_OUTPUT
+        az group create --name $RESOURCE_GROUP --location japaneast
+
+    - name: Deploy Bicep
+      uses: azure/arm-deploy@v2
+      with:
+        scope: resource-group
+        subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }}
+        resourceGroupName: ${{ steps.resourceGroup.outputs.group-name }}
+        template: ./main.bicep
+        parameters: 'storagePrefix=yuta storageSKU=Standard_LRS'
+        failOnStdErr: false