riosengineer/bicep-deploy.yaml

## bicep-deploy.yaml
trigger:
  branches:
    include:
    - main
  paths:
    include:
# amend folder name / structure path to suit your repository
    - Bicep/*

variables:
- name: subscription
  value: 'YOUR_SUB_GUID'
- name: azureServiceConnection
  value: 'YOUR_SERVICE_CONNECTION_NAME'
- name: region
  value: 'YOUR_AZURE_REGION'

pool:
  vmImage: 'ubuntu-latest'

stages:
- stage: Build
  displayName: Bicep Artifact
  jobs:
  - job: ArtifactDrop
    displayName: 🔨 Build Bicep artifact
    steps:
    - task: CopyFiles@2
      displayName: Copy files
      inputs:
        contents: '**'
        targetFolder: '$(Build.ArtifactStagingDirectory)'

    - publish: '$(Build.ArtifactStagingDirectory)'
      displayName: 'Publish files'
      artifact: drop

- stage: whatIf
  dependsOn: Build
  displayName: What if
  jobs:
   - job: whatIfBicep
     displayName: '🤔 What if'
     steps:
      - download: current
        artifact: drop
      - task: AzureCLI@2
        displayName: Bicep what if
        inputs:
          azureSubscription: $(azureServiceConnection)
          scriptType: 'bash'
          scriptLocation: 'inlineScript'
          workingDirectory: $(Pipeline.Workspace)/drop/Bicep
          inlineScript: |
            name=bicepDeploy$(date +%F_%H-%M-%S)
            az deployment sub what-if -l $(region) -n $name -f main.bicep -p main.bicepparam

   - job: waitForValidation
     dependsOn: whatIfBicep
     displayName: 👍 Wait for approval
     pool: server
     timeoutInMinutes: 60
     steps:
      - task: ManualValidation@0
        timeoutInMinutes: 60
        inputs:
          notifyUsers: |
               changeme@contoso.com
          instructions: 'Please validate the what-if output and resume'
          onTimeout: 'resume'

- stage: Deploy
  displayName: Bicep Deploy
  jobs:
  - deployment: deploy
    environment: 'production'
    displayName: 🚀 Deploy Prod
    strategy:
          runOnce:
            deploy:
              steps:
              - download: current
                artifact: drop
              - task: AzureCLI@2
                displayName: Deploy Bicep
                inputs:
                  azureSubscription: $(azureServiceConnection)
                  scriptType: 'bash'
                  scriptLocation: 'inlineScript'
                  workingDirectory: $(Pipeline.Workspace)/drop/Bicep
                  inlineScript: |
                    name=bicepDeploy$(date +%F_%H-%M-%S)
                    az account set --subscription $(subscription)
                    az deployment sub create -l $(region) -n $name -f main.bicep -p main.bicepparam
	trigger:
	branches:
	include:
	- main
	paths:
	include:
	# amend folder name / structure path to suit your repository
	- Bicep/*

	variables:
	- name: subscription
	value: 'YOUR_SUB_GUID'
	- name: azureServiceConnection
	value: 'YOUR_SERVICE_CONNECTION_NAME'
	- name: region
	value: 'YOUR_AZURE_REGION'

	pool:
	vmImage: 'ubuntu-latest'

	stages:
	- stage: Build
	displayName: Bicep Artifact
	jobs:
	- job: ArtifactDrop
	displayName: 🔨 Build Bicep artifact
	steps:
	- task: CopyFiles@2
	displayName: Copy files
	inputs:
	contents: '**'
	targetFolder: '$(Build.ArtifactStagingDirectory)'

	- publish: '$(Build.ArtifactStagingDirectory)'
	displayName: 'Publish files'
	artifact: drop

	- stage: whatIf
	dependsOn: Build
	displayName: What if
	jobs:
	- job: whatIfBicep
	displayName: '🤔 What if'
	steps:
	- download: current
	artifact: drop
	- task: AzureCLI@2
	displayName: Bicep what if
	inputs:
	azureSubscription: $(azureServiceConnection)
	scriptType: 'bash'
	scriptLocation: 'inlineScript'
	workingDirectory: $(Pipeline.Workspace)/drop/Bicep
	inlineScript: \|
	name=bicepDeploy$(date +%F_%H-%M-%S)
	az deployment sub what-if -l $(region) -n $name -f main.bicep -p main.bicepparam

	- job: waitForValidation
	dependsOn: whatIfBicep
	displayName: 👍 Wait for approval
	pool: server
	timeoutInMinutes: 60
	steps:
	- task: ManualValidation@0
	timeoutInMinutes: 60
	inputs:
	notifyUsers: \|
	changeme@contoso.com
	instructions: 'Please validate the what-if output and resume'
	onTimeout: 'resume'

	- stage: Deploy
	displayName: Bicep Deploy
	jobs:
	- deployment: deploy
	environment: 'production'
	displayName: 🚀 Deploy Prod
	strategy:
	runOnce:
	deploy:
	steps:
	- download: current
	artifact: drop
	- task: AzureCLI@2
	displayName: Deploy Bicep
	inputs:
	azureSubscription: $(azureServiceConnection)
	scriptType: 'bash'
	scriptLocation: 'inlineScript'
	workingDirectory: $(Pipeline.Workspace)/drop/Bicep
	inlineScript: \|
	name=bicepDeploy$(date +%F_%H-%M-%S)
	az account set --subscription $(subscription)
	az deployment sub create -l $(region) -n $name -f main.bicep -p main.bicepparam