This repository serves as a template for Azure Bicep Infrastructure as Code (IaC) deployments. It contains reusable workflows, configuration structures, and documentation to standardize infrastructure deployments across projects.
The Bicep Infrastructure project provides a structured approach to deploying Azure resources using Bicep templates. It includes:
- A configuration system with JSON schema validation
- Bicep modules for various Azure resources
- GitHub Actions workflows for deployment and teardown
- Environment-specific configuration management
- Deployment scripts and utilities
- Documentation and best practices
-
Clone the repository:
git clone https://github.com/jejernig/Bicep-Infrastructure.git cd Bicep-Infrastructure -
Install dependencies:
npm install
This repository is designed to be used as a template for all your Bicep infrastructure projects. Here's how to use it:
- Click the "Use this template" button in GitHub to create a new repository based on this template
- Clone your new repository
- Configure environment-specific settings in
config/environments/directory - Set up GitHub Environments and secrets (see GitHub Environments Setup)
- Customize Bicep templates as needed for your project
- Deploy using the provided GitHub Actions workflows
For detailed instructions, see the Template Repository Setup Guide.
-
Copy the following directories to your project:
.github/workflows/- Contains deployment and teardown workflowsconfig/environments/- For environment-specific configurationsdocs/- Documentation including GitHub Environments setup
-
Set up GitHub Environments and secrets as described in the documentation
-
Create environment-specific configuration files that conform to the provided schema (
config/environments/environment.schema.json)
For detailed instructions, see the Template Repository Setup Guide.
For each project using these workflows, you need to set up the following secrets:
AZURE_CLIENT_ID- Service Principal ID for Azure authenticationAZURE_TENANT_ID- Azure Tenant IDAZURE_SUBSCRIPTION_ID- Azure Subscription IDRESOURCE_GROUP_DEV- Resource group name for dev environmentRESOURCE_GROUP_QA- Resource group name for QA environmentRESOURCE_GROUP_PROD- Resource group name for production environment
This template includes two main GitHub Actions workflows for infrastructure management:
File: .github/workflows/deploy-infrastructure.yml
This workflow handles the deployment of Bicep infrastructure to Azure. Key features include:
- Environment-specific configuration loading from
config/environments/{environment}.json - Parameter preparation based on environment settings
- Validation of Bicep templates before deployment
- What-If analysis to preview changes
- Deployment with detailed output capturing
- Generation of deployment summaries and reports
- Storage of deployment history for auditing
Usage:
- Navigate to Actions > Deploy Infrastructure
- Select the environment (dev, qa, prod)
- Provide an optional configuration path if needed
- Run the workflow
File: .github/workflows/teardown-infrastructure.yml
This workflow safely tears down infrastructure in a specific environment. Key features include:
- Confirmation validation to prevent accidental deletions
- Additional protection for production environments
- Resource deletion in the correct dependency order
- Detailed teardown reporting
- History tracking of all teardown operations
Usage:
- Navigate to Actions > Teardown Infrastructure
- Select the environment (dev, qa, prod)
- Confirm by typing the environment name again
- Run the workflow
The configuration system uses a bicep.config.json file to define the parameters and settings for your infrastructure deployment. The file is validated against a JSON schema to ensure correctness.
The bicep.config.json file has the following structure:
{
"$schema": "./bicep.config.schema.json",
"metadata": {
"projectName": "yourproject",
"environment": "dev",
"location": "eastus"
},
"tags": {
"environment": "dev",
"project": "YourProject"
},
"featureToggles": {
"enableApiManagement": true,
"enableFunctionApp": true,
...
},
"moduleConfigurations": {
"apiManagement": { ... },
"functionApp": { ... },
...
},
"bicepSettings": {
"linterEnabled": true,
...
}
}- metadata: Core project information
- tags: Resource tags applied to all resources
- featureToggles: Enable/disable specific modules
- moduleConfigurations: Settings for each module
- bicepSettings: Bicep linter and formatting settings
To validate your configuration file:
npm run validateOr validate a specific configuration file:
node ./infrastructure/scripts/validate-config.js ./path/to/your/config.jsonExample configuration templates are available in the infrastructure/bicep/templates/ directory:
minimal-dev.json: Minimal configuration for development environmentsstandard-prod.json: Standard configuration for production environmentscomprehensive.json: Comprehensive configuration with all features enabled
To deploy the infrastructure using the default configuration:
az login
az account set --subscription <subscription-id>
az deployment sub create \
--location eastus \
--template-file infrastructure/bicep/main.bicep \
--parameters @infrastructure/bicep/bicep.config.jsonFor environment-specific deployments, create a configuration file for each environment and use it for deployment:
az deployment sub create \
--location eastus \
--template-file infrastructure/bicep/main.bicep \
--parameters @infrastructure/bicep/bicep.config.prod.json- API Management: API gateway for managing APIs
- Function App: Serverless compute service
- SignalR: Real-time web functionality
- Redis Cache: In-memory data store
- Key Vault: Secrets management
- OpenAI: AI services integration
- Container Registry: Docker image registry
- Storage Account: Cloud storage
- Container Instance: Containerized applications
- SQL Database: Relational database
Each module has specific configuration options available in the moduleConfigurations section of the configuration file. Refer to the schema file for detailed information on available options.
For naming conventions and best practices, see the Naming Conventions and Best Practices document.
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a new Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.