Hands-on Demo – Deploy a Bicep file from Azure Pipelines

Hands-on Demo – Deploy a Bicep file from Azure Pipelines

In this demo, we'll show how to deploy an Azure resource using a Bicep file through Azure Pipelines. Azure Pipelines is a cloud service that automates the build and release process for your applications. By using a Bicep template, you can automate your infrastructure provisioning and deployments.

We'll set up a pipeline that:

1. Deploys an Azure Virtual Network and Subnet using a Bicep file.

2. Uses a Service Principal for authentication.

Steps Overview

1. Create the Bicep file in your repository.

2. Set up an Azure Service Principal for authentication.

3. Create an Azure Pipeline YAML file for deployment.

4. Run the pipeline to deploy the Bicep template to Azure.

1. Create the Bicep File in Your Repository

Create a simple Bicep file (main.bicep) in your repository to deploy a Virtual Network and Subnet.

Example: main.bicep

xxxxxxxxxx
30
1
// Parameters
2
param location string = 'East US'
3
param vnetName string = 'myVNet'
4
param subnetName string = 'mySubnet'
5
// Variables
6
var addressPrefix = '10.0.0.0/16'
7
var subnetPrefix = '10.0.1.0/24'
8
// Resource - Virtual Network
9
resource vnet 'Microsoft.Network/virtualNetworks@2020-05-01' = {
10
  name: vnetName
11
  location: location
12
  properties: {
13
    addressSpace: {
14
      addressPrefixes: [
15
        addressPrefix
16
      ]
17
    }
18
  }
19
}
20
// Resource - Subnet
21
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2020-05-01' = {
22
  name: '${vnetName}/${subnetName}'
23
  parent: vnet
24
  properties: {
25
    addressPrefix: subnetPrefix
26
  }
27
}
28
// Outputs
29
output vnetId string = vnet.id
30
output subnetId string = subnet.id

Commit this Bicep file to your Git repository.

2. Set Up the Azure Service Principal for Authentication

To deploy resources to Azure via Azure Pipelines, you need to authenticate using a Service Principal (SP). The Service Principal will allow Azure Pipelines to interact with your Azure resources securely.

Following are the steps to create an Azure Service Principal.

1. Log in to Azure CLI:

xxxxxxxxxx
1
1
az login

2. Create the Service Principal and assign it a role (e.g., Contributor):

xxxxxxxxxx
4
1
az ad sp create-for-rbac \
2
--name "AzurePipelinesSP" \
3
--role Contributor \
4
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}

This will output the following:

• appId: The client ID for the service principal.

• password: The client secret (you will need this).

• tenant: The tenant ID for your Azure Active Directory.

3. Save the following information (you will need it for the Azure Pipelines service connection):

   • AZURE_CLIENT_ID: appId from the output.

   • AZURE_CLIENT_SECRET: password from the output.

   • AZURE_TENANT_ID: tenant from the output.

   • AZURE_SUBSCRIPTION_ID: Your Azure subscription ID.

4. Create a Service Connection in Azure Pipelines:

   • Go to your Azure DevOps project.

   • Navigate to Project Settings → Service Connections.

   • Click New Service Connection → Azure Resource Manager.

   • Select Service Principal (Automatic), then provide the details for your Service Principal (Client ID, Client Secret, Tenant ID, and Subscription ID).

   • Click Verify and Save.

3. Create the Azure Pipeline YAML File

Now, let’s create an Azure Pipeline YAML file that will deploy the Bicep template to Azure.

Example: `azure-pipelines.yml

xxxxxxxxxx
50
1
trigger:
2
- main  # The pipeline will trigger on push to the main branch
3
pool:
4
  vmImage: 'ubuntu-latest'  # The pipeline will run on the latest Ubuntu image
5
variables:
6
  location: 'East US'
7
  vnetName: 'myVNet'
8
  subnetName: 'mySubnet'
9
  resourceGroupName: 'myResourceGroup'
10
jobs:
11
- job: DeployResources
12
  displayName: 'Deploy Resources to Azure'
13
  steps:
14
    # Step 1: Checkout the code from the repository
15
    - task: Checkout@2
16
      displayName: 'Checkout Code'
17
    # Step 2: Set up Azure CLI
18
    - task: UseAzureCLI@1
19
      displayName: 'Setup Azure CLI'
20
    # Step 3: Azure login using the Service Principal
21
    - task: AzureCLI@2
22
      displayName: 'Azure Login'
23
      inputs:
24
        azureSubscription: '<AzureServiceConnectionName>'
25
        scriptType: 'bash'
26
        scriptLocation: 'inlineScript'
27
        inlineScript: |
28
          echo "Logged in to Azure"
29
    # Step 4: Deploy the Bicep file using Azure CLI
30
    - task: AzureCLI@2
31
      displayName: 'Deploy Bicep Template'
32
      inputs:
33
        azureSubscription: '<AzureServiceConnectionName>'
34
        scriptType: 'bash'
35
        scriptLocation: 'inlineScript'
36
        inlineScript: |
37
          az deployment group create \
38
            --resource-group $(resourceGroupName) \
39
            --template-file main.bicep \
40
            --parameters location=$(location) vnetName=$(vnetName) subnetName=$(subnetName)
41
    # Optional Step: Show deployed resources in the output
42
    - task: AzureCLI@2
43
      displayName: 'Verify Deployment'
44
      inputs:
45
        azureSubscription: '<AzureServiceConnectionName>'
46
        scriptType: 'bash'
47
        scriptLocation: 'inlineScript'
48
        inlineScript: |
49
          az network vnet show --resource-group $(resourceGroupName) --name $(vnetName)
50
          az network vnet subnet show --resource-group $(resourceGroupName) --vnet-name $(vnetName) --name $(subnetName)

Explanation of the YAML file:

1. Trigger: This pipeline triggers whenever changes are pushed to the main branch.

2. Variables:

   • location: Defines the region where the resources will be deployed.

   • vnetName: Specifies the name of the Virtual Network.

   • subnetName: Specifies the name of the subnet.

   • resourceGroupName: Specifies the name of the resource group where resources will be deployed.

3. Steps:

   • Checkout: This step checks out the repository to get the latest code (including the Bicep file).

   • Setup Azure CLI: Installs and configures Azure CLI on the agent.

   • Azure Login: Logs into Azure using the Azure Service Connection created earlier.

   • Deploy Bicep Template: This step runs the Azure CLI command to deploy the Bicep template to the specified Azure resource group.

   • Verify Deployment (Optional): After deployment, it verifies the Virtual Network and Subnet in Azure.

4. Run the Pipeline

1. Commit the YAML file: Once the azure-pipelines.yml file is added, commit and push it to your repository.

   xxxxxxxxxx
   3
   1
   git add .azure-pipelines.yml
   2
   git commit -m "Add Azure Pipeline to deploy Bicep template"
   3
   git push origin main
   

2. Run the Pipeline:

   • Once you push your changes to the repository, the pipeline will automatically trigger.

   • Navigate to Azure DevOps → Pipelines → Select your pipeline → Run Pipeline.

3. Monitor the Pipeline:

   • You can see the progress of each step in the Azure DevOps UI.

   • If any step fails, the logs will help you debug the issue.

5. Verify the Deployment

After the pipeline runs successfully, verify the deployment either in the Azure Portal or by using the Azure CLI.

xxxxxxxxxx
8
1
az network vnet show \
2
--resource-group <your-resource-group> \
3
--name myVNet
4

5
az network vnet subnet show \
6
--resource-group <your-resource-group> \
7
--vnet-name myVNet \
8
--name mySubnet

Alternatively, you can check the Azure DevOps logs to verify that the deployment was successful.

6. Summary

With the steps above, you have successfully set up an Azure Pipeline to deploy a Bicep template to Azure.

The pipeline:

1. Automatically triggers on a push to the main branch.

2. Uses Azure CLI and a Service Principal to authenticate and deploy the resources.

3. Verifies the deployed resources.

This provides a robust CI/CD pipeline for deploying infrastructure as code with Bicep on Azure. You can extend this pipeline to support more complex deployments or integrate additional steps such as testing and approvals.