Generate DB password and write it to keyVault. Use this value when build image for BE

.github/actions/CreateDockerImage/action.yaml

@@ -0,0 +1,62 @@
+name: Create Docker Image NSG
+description: |
+  'Builds a Docker image in the repository'
+inputs:
+  docker_password:
+    required: true
+    description: "Docker password"
+  docker_username:
+    required: true
+    description: "Docker username"
+  docker_owner:
+    required: true
+    description: "Docker owner"
+  docker_args:
+    description: "Docker build arguments" # e.g. "FOO=bar BAZ=qux"
+    required: false
+    default: ""
+  tag:
+    description: "v1.0.0"
+    required: false
+    default: "latest"
+  image_name:
+    description: "Name of the Docker image"
+    required: true
+  source_path:
+    description: "Path to the Dockerfile"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Build args function
+      shell: pwsh
+      id: build_args
+      run: |
+        echo "Building args for docker build"
+        $input_args = '${{ inputs.docker_args }}'  # e.g. "FOO=bar BAZ=qux"
+        $arr_ = @()
+        foreach ($input_arg in $input_args -split '\s+') { 
+          if (-not [string]::IsNullOrWhiteSpace($input_arg)) {
+            $arr_ += "--build-arg $input_arg"
+          }
+        }
+        $joinedArgs = $arr_ -join ' '  # single space-separated string
+        echo "args=$joinedArgs" >> $env:GITHUB_OUTPUT
+
+    - name: Build docker images and push it to GitHub Container Registry
+      shell: bash
+      run: |
+        echo "Log in to GitHub Container Registry"
+        echo "${{ inputs.docker_password }}" | docker login ghcr.io -u "${{ inputs.docker_username }}" --password-stdin
+        REPO_OWNER_LOWER=$(echo "${{ inputs.docker_owner }}" | tr '[:upper:]' '[:lower:]')
+
+        echo "Build ${{ inputs.image_name }} docker image"
+        docker build \
+          ${{ steps.build_args.outputs.args }} \
+          -t ghcr.io/$REPO_OWNER_LOWER/${{ inputs.image_name }}:${{ inputs.tag }} \
+          "${{ inputs.source_path }}"
+
+        echo "Docker image built successfully"
+        echo "Push ${{ inputs.image_name }} docker image to GitHub Container Registry"
+        docker push ghcr.io/$REPO_OWNER_LOWER/${{ inputs.image_name }}:${{ inputs.tag }}

.github/actions/CreateNSGRule/action.yaml

@@ -0,0 +1,89 @@
+name: Create NSG Rule
+
+inputs:
+  AZURE_RESOURCE_GROUP:
+    description: "Azure Resource Group Name"
+    required: true
+    type: string
+  AZURE_NSG_NAME:
+    description: "Azure NSG Name"
+    required: true
+    type: string
+  AZURE_LOCATION:
+    description: "Azure Location"
+    required: true
+    type: string
+  AZURE_VNET_NAME:
+    description: "Azure VNet Name"
+    required: true
+    type: string
+  AZURE_SUBNET_NAME:
+    description: "Azure Subnet Name"
+    required: true
+    type: string
+  NSG_RULE_NAME:
+    description: "Azure NSG Rule Name"
+    required: false
+    type: string
+    default: "AllowTraffic"
+  ALLOWED_PORTS:
+    description: "Comma-separated list of allowed ports"
+    required: false
+    type: string
+    default: ""
+
+runs:
+  using: composite
+  steps:
+    - name: Create ${{ inputs.AZURE_NSG_NAME }} NSG Rule Port
+      shell: bash
+      run: |
+        echo "Checking if '${{ inputs.AZURE_NSG_NAME }}' NSG for VNet exists..."
+        if az network nsg show --name ${{ inputs.AZURE_NSG_NAME }} --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }}; then
+          echo "NSG already exists."
+        else
+          echo "Creating NSG for VNet..."
+          az network nsg create \
+            --name ${{ inputs.AZURE_NSG_NAME }} \
+            --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} \
+            --location ${{ inputs.AZURE_LOCATION }}
+        fi
+
+        PORTS=$(echo ${{ inputs.ALLOWED_PORTS }} | tr ',' ' ')
+        PRIO=1000
+        for PORT in $PORTS; do
+          echo "Checking if NSG rule for port $PORT exists..."
+          if az network nsg rule show --nsg-name ${{ inputs.AZURE_NSG_NAME }} --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} --name "${{ inputs.NSG_RULE_NAME}}-$PORT-pr-$PRIO"; then
+            echo "NSG rule for port $PORT already exists."
+          else
+            echo "Creating NSG rule for port $PORT..."
+            az network nsg rule create \
+              --nsg-name ${{ inputs.AZURE_NSG_NAME }} \
+              --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} \
+              --name ${{ inputs.NSG_RULE_NAME}}-$PORT-pr-$PRIO \
+              --priority $PRIO \
+              --direction Inbound \
+              --access Allow \
+              --protocol Tcp \
+              --source-address-prefixes '*' \
+              --source-port-ranges '*' \
+              --destination-address-prefixes '*' \
+              --destination-port-ranges $PORT
+          fi
+          PRIO=$((PRIO + 100))
+        done
+
+    - name: Assign NSG to Subnet
+      shell: bash
+      run: |
+        echo "Checking if '${{ inputs.AZURE_NSG_NAME }}' NSG is linked to subnet..."
+        SUBNET_ID=$(az network vnet subnet show --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} --vnet-name ${{ inputs.AZURE_VNET_NAME }} --name ${{ inputs.AZURE_SUBNET_NAME }} --query id --output tsv)
+        if az network vnet subnet show --ids $SUBNET_ID --query networkSecurityGroup.id --output tsv | grep -q ${{ inputs.AZURE_NSG_NAME }}; then
+          echo "NSG is already linked to the subnet."
+        else
+          echo "Linking NSG to subnet..."
+          az network vnet subnet update \
+            --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} \
+            --ids $SUBNET_ID \
+            --network-security-group ${{ inputs.AZURE_NSG_NAME }}
+        fi

.github/actions/CreateWebAPP/action.yaml

@@ -0,0 +1,82 @@
+name: Create WebApp
+
+inputs:
+  WEBAPP_NAME:
+    description: "Name of the  web app"
+    required: true
+    type: string
+  AZURE_APP_SERVICE_PLAN_NAME:
+    description: "Azure App Service Plan name"
+    required: true
+    type: string
+  AZURE_RESOURCE_GROUP:
+    description: "Azure Resource Group Name"
+    required: true
+    type: string
+  WEBAPP_VNET_NAME:
+    description: "Azure Virtual Network Name"
+    required: true
+    type: string
+  WEBAPP_SUBNET:
+    description: "Azure Subnet Name for the web app"
+    required: true
+    type: string
+  CONTAINER_IMAGE_NAME:
+    description: "Container image name in GitHub Container Registry"
+    required: true
+    type: string
+  WEBAPP_SETTINGS:
+    description: "Environment variables for the web app in key=value format(space separated)"
+    required: false
+    type: string
+    default: ""
+  ENABLE_APP_IDENTITY:
+    description: Enable Managed Identity for the web app
+    required: false
+    type: boolean
+    default: false
+
+runs:
+  using: composite
+  steps:
+    - name: Create WebApp
+      shell: pwsh
+      run: |
+        $CONTAINER_IMAGE_NAME="${{ inputs.CONTAINER_IMAGE_NAME }}".tolower()
+        echo "Creating ${{ inputs.WEBAPP_NAME }} Web App..."
+        az webapp create `
+          --name ${{ inputs.WEBAPP_NAME }} `
+          --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} `
+          --plan ${{ inputs.AZURE_APP_SERVICE_PLAN_NAME }} `
+          --container-registry-url ghcr.io `
+          --container-image-name $CONTAINER_IMAGE_NAME
+
+        if ("${{ inputs.ENABLE_APP_IDENTITY }}" -eq "true") {
+          echo "Enable Managed Identity for ${{ inputs.WEBAPP_NAME }} web app"
+          az webapp identity assign `
+            --name ${{ inputs.WEBAPP_NAME }} `
+            --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }}
+        }
+
+        if ('${{ inputs.WEBAPP_SETTINGS }}' -match '^(\w+="[^"]+" ?)+$') {
+          echo "Set environment variables for ${{ inputs.WEBAPP_NAME }}"
+          az webapp config appsettings set `
+            --name ${{ inputs.WEBAPP_NAME }} `
+            --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} `
+            --settings ${{ inputs.WEBAPP_SETTINGS }}
+        } else {
+          echo "No environment variables to set."
+        }
+
+        echo "Enable logging for ${{ inputs.WEBAPP_NAME }} web app"
+        az webapp log config `
+          --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} `
+          --name ${{ inputs.WEBAPP_NAME }} `
+          --docker-container-logging filesystem
+
+        echo "VNet integration for ${{ inputs.WEBAPP_NAME }} web app"
+        az webapp vnet-integration add `
+          --name ${{ inputs.WEBAPP_NAME }} `
+          --resource-group ${{ inputs.AZURE_RESOURCE_GROUP }} `
+          --vnet "${{ inputs.WEBAPP_VNET_NAME }}" `
+          --subnet "${{ inputs.WEBAPP_SUBNET }}"