CI/CD Integration
GitHub Actions — Documentation Site
Section titled “GitHub Actions — Documentation Site”The documentation site is deployed automatically via GitHub Actions:
Workflow: .github/workflows/deploy-docs.yml
| Setting | Value |
|---|---|
| Trigger | Push to main (paths: site/**, docs/**, workflow file) + workflow_dispatch |
| Runner | ubuntu-latest |
| Node version | 24 |
| Build command | npm ci --prefix site && npm run build --prefix site |
| Deploy target | GitHub Pages via actions/deploy-pages@v4 |
GitHub Actions — Infrastructure (Planned)
Section titled “GitHub Actions — Infrastructure (Planned)”Key requirements for an infrastructure deployment workflow:
- Use federated identity credentials (OIDC) — no stored secrets
- Run
azd auth loginwith service principal - Set environment variables via
azd env set - Run
azd up --no-prompt - Require manual approval for production deployments
- Pin
azdversion once Terraform alpha support reaches GA
Recommended Workflow Structure
Section titled “Recommended Workflow Structure”# .github/workflows/deploy-infra.yml (planned)on: workflow_dispatch: inputs: scenario: type: choice options: [baseline, firewall, vpn, full] environment: type: choice options: [dev, staging, prod]
permissions: id-token: write contents: read
jobs: deploy: runs-on: ubuntu-latest environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v4 - name: Azure Login (OIDC) uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Deploy run: | azd env set SCENARIO ${{ inputs.scenario }} azd up --no-promptAzure DevOps (Planned)
Section titled “Azure DevOps (Planned)”Key requirements for an Azure DevOps pipeline:
- Use Workload Identity Federation service connection
- Stage-gated deployment (dev → staging → prod)
- Run
azd up --no-promptin each stage - Artifact publishing for deployment logs
Manual Deployment (Current)
Section titled “Manual Deployment (Current)”Until infrastructure pipelines are available, deploy manually:
cd infra/bicep/smb-ready-foundation # or infra/terraform/smb-ready-foundationazd env select my-environmentazd upSee the Step-by-Step Walkthrough for the full deployment guide.
Validation in CI
Section titled “Validation in CI”All pull requests should run these checks:
# Markdown lintingnpm run lint:md
# Bicep validationbicep build infra/bicep/smb-ready-foundation/main.bicepbicep lint infra/bicep/smb-ready-foundation/main.bicep
# Terraform validationcd infra/terraform/smb-ready-foundationterraform fmt -check -recursiveterraform init -backend=false && terraform validate
# Full validation suitenpm run validate:all Contributing Branch naming, commit conventions, and PR process