Exercise - Use Bicep parameters with multiple environments
Now that your workflow deploys to both of your environments, you're ready to integrate with the third-party API for product reviews.
Your website team has provided you with the API keys and URLs that your website should use to access the service. There are different values for your test and production environments to use. In this unit, you'll update your workflow to configure each of your environments with the correct settings for the product review API.
During the process, you'll:
- Create secrets for the review API keys for each of your environments.
- Update the workflow with the correct input and secret values for each environment.
- Update your Bicep file to propagate the settings that you need for the product review API.
- Review the workflow results and the changes to your Azure environment.
Add secrets
You decide to store the API keys in GitHub secrets, to ensure they're protected appropriately.
In your browser, go to Settings > Secrets and variables > Actions.
Select the New repository secret button.
Enter REVIEW_API_KEY_TEST as the secret name, and sandboxsecretkey as the value.
Select Add secret.
Repeat the process to add another secret named REVIEW_API_KEY_PRODUCTION as the secret name, and productionsecretkey as the value. Select Add secret.
Update the deploy.yml file to use the new settings
In Visual Studio Code, open the deploy.yml file.
Update the workflow trigger to include new values for the
inputsandsecretssettings:on: workflow_call: inputs: environmentType: required: true type: string resourceGroupName: required: true type: string reviewApiUrl: required: true type: string secrets: AZURE_CLIENT_ID: required: true AZURE_TENANT_ID: required: true AZURE_SUBSCRIPTION_ID: required: true reviewApiKey: required: trueNotice that you include the API URLs as inputs because they aren't secret values.
In the
validatejob, update the steps to include the new deployment parameters:jobs: validate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: azure/login@v1 name: Sign in to Azure with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - if: inputs.environmentType != 'Production' uses: azure/arm-deploy@v1 name: Run preflight validation with: deploymentName: ${{ github.run_number }} resourceGroupName: ${{ inputs.resourceGroupName }} template: ./deploy/main.bicep parameters: > environmentType=${{ inputs.environmentType }} reviewApiUrl=${{ inputs.reviewApiUrl }} reviewApiKey=${{ secrets.reviewApiKey }} deploymentMode: Validate - if: inputs.environmentType == 'Production' uses: azure/arm-deploy@v1 name: Run what-if with: failOnStdErr: false resourceGroupName: ${{ inputs.resourceGroupName }} template: ./deploy/main.bicep parameters: > environmentType=${{ inputs.environmentType }} reviewApiUrl=${{ inputs.reviewApiUrl }} reviewApiKey=${{ secrets.reviewApiKey }} additionalArguments: --what-ifUpdate the
deployjob to include the new deployment parameters:deploy: needs: validate environment: ${{ inputs.environmentType }} runs-on: ubuntu-latest outputs: appServiceAppHostName: ${{ steps.deploy.outputs.appServiceAppHostName }} steps: - uses: actions/checkout@v3 - uses: azure/login@v1 name: Sign in to Azure with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - uses: azure/arm-deploy@v1 id: deploy name: Deploy Bicep file with: failOnStdErr: false deploymentName: ${{ github.run_number }} resourceGroupName: ${{ inputs.resourceGroupName }} template: ./deploy/main.bicep parameters: > environmentType=${{ inputs.environmentType }} reviewApiUrl=${{ inputs.reviewApiUrl }} reviewApiKey=${{ secrets.reviewApiKey }}Save your changes to the file.
Update the workflow.yml file to provide the new settings
In Visual Studio Code, open the workflow.yml file.
Add the
reviewApiUrlinputs, and thereviewApiKeysecrets, for each environment:name: deploy-toy-website-environments concurrency: toy-company on: push: branches: - main workflow_dispatch: permissions: id-token: write contents: read jobs: # Lint the Bicep file. lint: uses: ./.github/workflows/lint.yml # Deploy to the test environment. deploy-test: uses: ./.github/workflows/deploy.yml needs: lint with: environmentType: Test resourceGroupName: ToyWebsiteTest reviewApiUrl: https://sandbox.contoso.com/reviews secrets: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_TEST }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} reviewApiKey: ${{ secrets.REVIEW_API_KEY_TEST }} # Deploy to the production environment. deploy-production: uses: ./.github/workflows/deploy.yml needs: deploy-test with: environmentType: Production resourceGroupName: ToyWebsiteProduction reviewApiUrl: https://api.contoso.com/reviews secrets: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_PRODUCTION }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} reviewApiKey: ${{ secrets.REVIEW_API_KEY_PRODUCTION }}Save your changes to the file.
Update the Bicep file
Open the main.bicep file.
Below the parameters that are already in the file, add the following parameters for the new review API:
@description('The URL to the product review API.') param reviewApiUrl string @secure() @description('The API key to use when accessing the product review API.') param reviewApiKey stringUpdate the
appServiceAppresource definition to provide the review API URL and key to the application, so that your website's code can use them:resource appServiceApp 'Microsoft.Web/sites@2022-03-01' = { name: appServiceAppName location: location properties: { serverFarmId: appServicePlan.id httpsOnly: true siteConfig: { appSettings: [ { name: 'APPINSIGHTS_INSTRUMENTATIONKEY' value: applicationInsights.properties.InstrumentationKey } { name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' value: applicationInsights.properties.ConnectionString } { name: 'ReviewApiUrl' value: reviewApiUrl } { name: 'ReviewApiKey' value: reviewApiKey } ] } } }Save your changes to the file.
Commit and push your changes to your Git repository by using the following commands:
git add . git commit -m "Add new review API settings to Bicep file and workflow" git push
Review the deployment results
In your browser, go to your workflow runs.
Select the most recent run.
Select the most recent run of your workflow.
Wait for the workflow to pause before the deploy-production / deploy job. It might take a few minutes for the workflow to reach this point.
Approve the deployment to the production environment by selecting Review deployments, then selecting Production and selecting Approve and deploy.
Wait for the workflow to finish running.
Select Code and then select the Production environment.
Notice that you now see multiple deployments in the environment's history.
In your browser, go to the Azure portal.
Go to the ToyWebsiteProduction resource group.
In the list of resources, open the Azure App Service app.
Select Configuration.
Select Show values.
Notice that the values for the ReviewApiKey and ReviewApiUrl settings are set to the values that you configured for the production environment.
Compare the current values to the configuration settings for the App Service app in the ToyWebsiteTest resource group. Notice that the values are different.
Clean up the resources
Now that you've completed the exercise, you can remove the resources so you aren't billed for them.
In the Visual Studio Code terminal, run the following commands:
az group delete --resource-group ToyWebsiteTest --yes --no-wait
az group delete --resource-group ToyWebsiteProduction --yes --no-wait
The resource group is deleted in the background.
Remove-AzResourceGroup -Name ToyWebsiteTest -Force
Remove-AzResourceGroup -Name ToyWebsiteProduction -Force