This project demonstrates a number of capabilities in GitHub and Microsoft Azure
MIT License
This project demonstrates a number of capabilities in GitHub and Microsoft Azure:
Export developer certificate:
New-Item -Path $env:USERPROFILE/.aspnet/https -ItemType Directory -Force
dotnet dev-certs https --trust
dotnet dev-certs https -ep "$env:USERPROFILE/.aspnet/https/aspnetapp.pfx" -p "<YourStrong@Passw0rd>"
$distro = (wsl -l -q | Select-Object -First 1) -Replace "`0", ""
$username = wsl --distribution $distro whoami
Copy-Item ~\.aspnet\https\ \\wsl.localhost\$distro\home\$username\.aspnet\https\ -Recurse
Create a Microsoft Entra application (SPN) and connect it to GitHub cf. https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure-openid-connect.
Create SQL admin group:
GROUP="GitHub Demo Movie Database Admins"
GROUP_MAIL_NICKNAME=github-demo-movie-database-admins
az ad group create --display-name "$GROUP" --mail-nickname $GROUP_MAIL_NICKNAME
Add yourself to the group:
ME=$(az ad signed-in-user show --query id --output tsv)
az ad group member add --group "$GROUP" --member-id $ME
Add the SPN to the group.
Update /infrastructure/main.bicepparam
.
Deploy the infrastructure pipeline
Execute scripts:
.\scripts\Grant-GraphPermissionToManagedIdentity.ps1 -TenantId "b461d90e-0c15-44ec-adc2-51d14f9f5731" -IdentityName "ondfisk-githubdemo-sql" -Permissions @("User.Read.All", "GroupMember.Read.All", "Application.Read.All")
Do not set the current user as Entra admin:
az webapp connection create sql --resource-group "GitHubDemo" --name "ondfisk-githubdemo-web" --slot "staging" --target-resource-group "GitHubDemo" --server "ondfisk-githubdemo-sql" --database "MoviesStaging" --system-identity --client-type dotnet --connection "MoviesStaging" --new
az webapp connection create sql --resource-group "GitHubDemo" --name "ondfisk-githubdemo-web" --target-resource-group "GitHubDemo" --server "ondfisk-githubdemo-sql" --database "Movies" --system-identity --client-type dotnet --connection "Movies" --new
Deploy the application pipeline
Run the app locally:
# Set development connection string:
dotnet user-secrets set "ConnectionStrings:Default" "Data Source=localhost,1433;Initial Catalog=Movies;User ID=sa;Password=<YourStrong@Passw0rd>;TrustServerCertificate=True" --project src/MovieApi/
# Update database:
dotnet ef database update --project src/MovieApi/
# Run
dotnet run --project src/MovieApi/
Build the container locally:
dotnet publish src/MovieApi/ /t:PublishContainer -p ContainerImageTags=latest
Run container locally (from WSL):
docker run -it --rm -p 8000:8000 -p 8001:8001 \
-e ASPNETCORE_HTTP_PORTS=8000 \
-e ASPNETCORE_HTTPS_PORTS=8001 \
-e AZURE_SQL_CONNECTIONSTRING="Data Source=host.docker.internal,1433;Initial Catalog=Movies;User ID=sa;Password=<YourStrong@Passw0rd>;TrustServerCertificate=True" \
-e ASPNETCORE_Kestrel__Certificates__Default__Password="<YourStrong@Passw0rd>" \
-e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx \
-v ~/.aspnet/https:/https ondfisk-githubdemo
To lint repository locally run (from WSL):
docker run -e DEFAULT_BRANCH=main -e RUN_LOCAL=true -e FIX_JSON_PRETTIER=true -e FIX_YAML_PRETTIER=true -e VALIDATE_CSHARP=false -e VALIDATE_DOTNET_SLN_FORMAT_ANALYZERS=false -e VALIDATE_DOTNET_SLN_FORMAT_STYLE=false -e VALIDATE_DOTNET_SLN_FORMAT_WHITESPACE=false -e VALIDATE_JSCPD=false -v .:/tmp/lint --rm ghcr.io/super-linter/super-linter:latest
You can find the Azure DevOps version here.