Switc to using an RBAC SP to deploy to a dev environment

Author: russdaygh

.github/workflows/PocketDDDServerWebAPI2024.yml

@@ -12,7 +12,7 @@ env:
 
 jobs:
   build:
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
     - name: Setup .NET SDK
@@ -34,9 +34,14 @@ jobs:
         path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
 
   deploy:
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
+    environment: dev
     needs: build
     steps:
+    - name: Log in with Azure
+      uses: azure/login@v1
+      with:
+        creds: '${{ secrets.AZURE_CREDENTIALS }}'
     - name: Download artifact from build job
       uses: actions/download-artifact@v3
       with:
@@ -45,6 +50,5 @@ jobs:
     - name: Deploy to Azure WebApp
       uses: azure/webapps-deploy@v2
       with:
-        app-name: ${{ secrets.AZURE_WEBAPP_NAME }}
-        publish-profile: ${{ secrets.PocketDDDServerWebAPI2024_3A54 }}
+        app-name: pocketddd-dev-api-server
         package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}

terraform/database.tf

@@ -21,6 +21,6 @@ resource "azurerm_mssql_database" "sqldb" {
 
   # prevent the possibility of accidental data loss
   lifecycle {
-    prevent_destroy = true
+    prevent_destroy = false
   }
 }

terraform/image.png

@@ -22,7 +22,8 @@ resource "azurerm_key_vault" "key_vault" {
     secret_permissions = [
       "Get",
       "Set",
-      "List"
+      "List",
+      "Delete"
     ]
 
     storage_permissions = [

terraform/keyvault.tf

@@ -0,0 +1,3 @@
+output "api_server_url" {
+    value = azurerm_linux_web_app.api_server_web_app.default_hostname  
+}

terraform/outputs.tf

@@ -0,0 +1,6 @@
+Command to create a new deployment service principal
+```
+az ad sp create-for-rbac -n DevDeployment --role Contributor --scopes /subscriptions/<insert-subscription-id>
+```
+Add the JSON output as a secret named `AZURE_CREDENTIALS` to GitHub. I've added this as a secret specific to an environment
+![alt text](image.png)