From 7a49b4ec80874da6771a616c03cc899e7092fdf0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 5 Aug 2025 23:26:07 +0000
Subject: [PATCH 1/2] Initial plan


From a0499d79c700fbd06c6d7332eb710064808cc685 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 5 Aug 2025 23:30:32 +0000
Subject: [PATCH 2/2] Refactor CI/CD pipelines to separate IaC from deployment

Co-authored-by: lukecookssw <100659715+lukecookssw@users.noreply.github.com>
---
 .github/workflows/app-deploy.yml   | 39 +++++++++++++++++
 .github/workflows/infra-deploy.yml | 70 ++++++++++++++++++++++++++++++
 .github/workflows/main.yml         | 54 ++++++++++++++++++-----
 3 files changed, 151 insertions(+), 12 deletions(-)
 create mode 100644 .github/workflows/app-deploy.yml
 create mode 100644 .github/workflows/infra-deploy.yml

diff --git a/.github/workflows/app-deploy.yml b/.github/workflows/app-deploy.yml
new file mode 100644
index 0000000..fad78fa
--- /dev/null
+++ b/.github/workflows/app-deploy.yml
@@ -0,0 +1,39 @@
+name: Deploy Application
+
+on:
+  workflow_call:
+    inputs:
+      ENVIRONMENT:
+        required: true
+        type: string
+      APP_SERVICE_NAME:
+        required: true
+        type: string
+    secrets:
+      AZURE_CREDENTIALS:
+        required: true
+
+jobs:
+  deploy-application:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.ENVIRONMENT }}
+    steps:
+
+    # Download application artifacts from build
+    - name: Download Application Artifacts
+      uses: actions/download-artifact@v3
+      with:
+        name: api
+
+    # Log into Azure
+    - name: Login
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+    
+    # Deploy Web API
+    - name: Deploy API
+      uses: azure/webapps-deploy@v2
+      with: 
+        app-name: ${{ inputs.APP_SERVICE_NAME }}
+        package: './api.zip'
\ No newline at end of file
diff --git a/.github/workflows/infra-deploy.yml b/.github/workflows/infra-deploy.yml
new file mode 100644
index 0000000..d390420
--- /dev/null
+++ b/.github/workflows/infra-deploy.yml
@@ -0,0 +1,70 @@
+name: Deploy Infrastructure
+
+on:
+  workflow_call:
+    inputs:
+      ENVIRONMENT:
+        required: true
+        type: string
+      RESOURCE_GROUP:
+        required: true
+        type: string
+      APP_SERVICE_PLAN:
+        required: true
+        type: string
+      APP_SERVICE_PLAN_RESOURCE_GROUP:
+        required: true
+        type: string
+    secrets:
+      AZURE_CREDENTIALS:
+        required: true
+      SQL_ADMIN_GROUP:
+        required: true
+      SQL_ADMIN_GROUP_SID:
+        required: true
+    outputs:
+      appServiceName:
+        description: "The name of the created App Service"
+        value: ${{ jobs.deploy-infrastructure.outputs.appServiceName }}
+
+jobs:
+  deploy-infrastructure:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.ENVIRONMENT }}
+    outputs:
+      appServiceName: ${{ steps.bicep.outputs.appServiceName }}
+    steps:
+
+    # Download infrastructure artifacts from build
+    - name: Download Infrastructure Artifacts
+      uses: actions/download-artifact@v3
+      with:
+        name: infra
+
+    # Log into Azure
+    - name: Login
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+    
+    # Create Azure infrastructure
+    - name: Azure deploy
+      id: bicep
+      shell: pwsh
+      env:
+        sqlAdminGroup: ${{ secrets.SQL_ADMIN_GROUP }}
+        sqlAdminSid: ${{ secrets.SQL_ADMIN_GROUP_SID }}
+      run: | 
+        $out = az deployment group create `
+          --resource-group ${{ inputs.RESOURCE_GROUP }} `
+          --template-file .\main.bicep `
+          --parameters environment=${{ inputs.ENVIRONMENT }} `
+            appServicePlanName=${{ inputs.APP_SERVICE_PLAN }} `
+            appServicePlanResourceGroup=${{ inputs.APP_SERVICE_PLAN_RESOURCE_GROUP }} `
+            sqlAdministratorsLoginName=$env:sqlAdminGroup `
+            sqlAdministratorsObjectId=$env:sqlAdminSid `
+            | convertfrom-json | foreach properties | foreach outputs
+        $out | Get-Member -MemberType NoteProperty | ForEach-Object {
+            $keyname = $_.Name
+            $value = $out.$keyname.value
+            echo "::set-output name=$keyname::$value" }
\ No newline at end of file
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ed220c4..7fdcc75 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -10,10 +10,10 @@ jobs:
     name: Build and upload artifacts
     uses: ./.github/workflows/build.yml
   
-  deploy_dev:
+  deploy_infra_dev:
     needs: build
-    name: Deploy dev
-    uses: ./.github/workflows/az-deploy.yml
+    name: Deploy dev infrastructure
+    uses: ./.github/workflows/infra-deploy.yml
     with:
       ENVIRONMENT: dev
       RESOURCE_GROUP: LC.API.Dev
@@ -24,10 +24,20 @@ jobs:
       SQL_ADMIN_GROUP: ${{ secrets.SQL_ADMIN_GROUP }}
       SQL_ADMIN_GROUP_SID: ${{ secrets.SQL_ADMIN_GROUP_SID }}
 
-  deploy_staging:
-    needs: deploy_dev
-    name: Deploy staging
-    uses: ./.github/workflows/az-deploy.yml
+  deploy_app_dev:
+    needs: deploy_infra_dev
+    name: Deploy dev application
+    uses: ./.github/workflows/app-deploy.yml
+    with:
+      ENVIRONMENT: dev
+      APP_SERVICE_NAME: ${{ needs.deploy_infra_dev.outputs.appServiceName }}
+    secrets:
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+
+  deploy_infra_staging:
+    needs: deploy_app_dev
+    name: Deploy staging infrastructure
+    uses: ./.github/workflows/infra-deploy.yml
     with:
       ENVIRONMENT: staging
       RESOURCE_GROUP: LC.API.Staging
@@ -38,10 +48,20 @@ jobs:
       SQL_ADMIN_GROUP: ${{ secrets.SQL_ADMIN_GROUP }}
       SQL_ADMIN_GROUP_SID: ${{ secrets.SQL_ADMIN_GROUP_SID }}
 
-  deploy_prod:
-    needs: deploy_staging
-    name: Deploy prod
-    uses: ./.github/workflows/az-deploy.yml
+  deploy_app_staging:
+    needs: deploy_infra_staging
+    name: Deploy staging application
+    uses: ./.github/workflows/app-deploy.yml
+    with:
+      ENVIRONMENT: staging
+      APP_SERVICE_NAME: ${{ needs.deploy_infra_staging.outputs.appServiceName }}
+    secrets:
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+
+  deploy_infra_prod:
+    needs: deploy_app_staging
+    name: Deploy prod infrastructure
+    uses: ./.github/workflows/infra-deploy.yml
     with:
       ENVIRONMENT: prod
       RESOURCE_GROUP: LC.API.Production
@@ -50,4 +70,14 @@ jobs:
     secrets:
       AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
       SQL_ADMIN_GROUP: ${{ secrets.SQL_ADMIN_GROUP }}
-      SQL_ADMIN_GROUP_SID: ${{ secrets.SQL_ADMIN_GROUP_SID }}
\ No newline at end of file
+      SQL_ADMIN_GROUP_SID: ${{ secrets.SQL_ADMIN_GROUP_SID }}
+
+  deploy_app_prod:
+    needs: deploy_infra_prod
+    name: Deploy prod application
+    uses: ./.github/workflows/app-deploy.yml
+    with:
+      ENVIRONMENT: prod
+      APP_SERVICE_NAME: ${{ needs.deploy_infra_prod.outputs.appServiceName }}
+    secrets:
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
\ No newline at end of file