This repo is an overview/walkthrough on using GitHub Actions to deploy architecture and applications to Azure.
The end result is a secure Azure App Service that connects to an Azure SQL Database, with secrets from Azure Key Vault. The application is only accessible from a private virtual network and the ingress to that network is a public IP address that routes to an Azure Application Gateway with a Web Application Firewall.
The architecture is deployed using Azure Bicep and the application is deployed using GitHub Actions.
In the end, it is the hope of the authors that you would have enough information to create a solution using bicep and GitHub Actions to deploy your own architecture and applications.
You will need the following tools and services to complete this walkthrough:
- Git Download here
- GitHub Account Sign up here
- Azure Account Sign up here
- Visual Studio Code Download here
- Azure Bicep Extension for Visual Studio Code Download here
The walk-throughs are broken down into the following parts:
This solution is for demonstration purposes only. It is not intended for production use, as there are a number of security considerations that should be addressed before going live. For brevity, those resources and configurations are not included in this walkthrough.
For example, the following resources should be evaluated and considered (at least discussed, not necessarily deployed) for a production deployment:
- Firewall for routing traffic out of the network
- NAT Gateway for routing traffic out of the network
- Network Security Groups for controlling traffic within the network
- Azure Policy for enforcing compliance
- Additional logging and monitoring
- Disaster Recovery and Backup solutions
- Resiliency and High Availability solutions
- Route Tables for controlling traffic within the network
The slides and demonstrations for this workshop can be viewed here.
There is no guarantee that this solution will work for you. It is a demonstration and may require additional configuration or troubleshooting to work in your environment. It is recommended that you understand the solution and the components before deploying it.
By using this solution, you agree that the author is not responsible for any issues that may arise from the use of this solution, and you agree that you will not hold any contributors responsible for any issues that may arise from the use of this solution, nor will you have any rights to take legal action against any contributors to this solution.