Azure
diff --git a/‎.github/workflows/aro-hcp-cd.yml
+177 b/‎.github/workflows/aro-hcp-cd.yml
+177
@@ -0,0 +1,177 @@
+---
+  name: ARO HCP Continuous Deployment
+  env:
+    DEPLOY_ENV: dev
+    SKIP_CONFIRM: true
+  on:
+    workflow_dispatch:
+    pull_request:
+      branches:
+        - main
+      paths:
+        - '.github/workflows/aro-hcp-dev-env-cd.yml'
+        - 'dev-infrastructure/**/*.bicep'
+        - 'dev-infrastructure/**/*.bicepparam'
+        - 'dev-infrastructure/configurations/*'
+        - 'frontend/**'
+        - 'backend/**'
+        - 'cluster-service/**'
+        - 'internal/**'
+        - 'maestro/**'
+        - 'pko/**'
+        - 'acm/**'
+        - 'hypershiftoperator/**'
+        - 'image-sync/**/'
+        - 'tooling/image-sync/**'
+        - 'tooling/templatize/**'
+        - 'config/*'
+      types:
+        - opened
+        - synchronize
+        - reopened
+        - closed
+
+  concurrency:
+    group: ${{ github.workflow }}
+    cancel-in-progress: false
+
+  jobs:
+    is_running_on_fork:
+      name: 'Ensure PR is submitted from Azure/ARO-HCP'
+      if: github.event_name != 'workflow_dispatch'
+      runs-on: ubuntu-latest
+      steps:
+        - name: Fail if PR submitted from fork
+          if: ${{ github.event.pull_request.head.repo.full_name != 'Azure/ARO-HCP' }}
+          run: core.setFailed('Expected source repository to be Azure/ARO-HCP, re-create PR as a branch of Azure/ARO-HCP')
+
+    deploy_global_rg:
+      name: 'Deploy global resources'
+      # if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+      permissions:
+        id-token: 'write'
+        contents: 'read'
+      env:
+        DEPLOY_ENV: dev
+      runs-on: 'ubuntu-latest'
+      steps:
+        - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+          with:
+            fetch-depth: 1
+
+        - name: 'Az CLI login'
+          uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+          with:
+              client-id: ${{ secrets.AZURE_CLIENT_ID }}
+              tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+              subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+        - name: "install azure-cli"
+          uses: "Azure/ARO-HCP@main"
+
+        - name: 'Deploy'
+          run: |
+            cd dev-infrastructure/
+
+            # Manage ACR
+            make acr acr-svc acr-ocp
+
+    deploy_image_sync_rg:
+      name: 'Deploy Image Sync'
+      #if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+      needs:
+        - deploy_global_rg
+      permissions:
+        id-token: 'write'
+        contents: 'read'
+      env:
+        DEPLOY_ENV: dev
+      runs-on: 'ubuntu-latest'
+      steps:
+        - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+          with:
+            fetch-depth: 1
+
+        - name: 'Az CLI login'
+          uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+          with:
+              client-id: ${{ secrets.AZURE_CLIENT_ID }}
+              tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+              subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+        - name: "install azure-cli"
+          uses: "Azure/ARO-HCP@main"
+
+        - name: 'Deploy'
+          run: |
+            cd dev-infrastructure/
+            make imagesync
+
+    service_ci:
+      name: 'Build service images'
+      permissions:
+        id-token: 'write'
+        contents: 'read'
+      secrets: inherit
+      uses: ./.github/workflows/services-ci.yml
+      with:
+        push: ${{ github.event.pull_request.merged == true }}
+
+    deploy_dev_environment_infra:
+      name: 'Deploy integrated DEV infrastructure'
+      # if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+      needs:
+        - deploy_global_rg
+      permissions:
+        id-token: 'write'
+        contents: 'read'
+      secrets: inherit
+      uses: ./.github/workflows/environment-infra-cd.yml
+      with:
+        deploy_env: dev
+
+    deploy_dev_environment_services:
+      name: 'Deploy services to integrated DEV'
+      # if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+      needs:
+        - service_ci
+        - deploy_dev_environment_infra
+      permissions:
+        id-token: 'write'
+        contents: 'read'
+      secrets: inherit
+      uses: ./.github/workflows/services-cd.yml
+      with:
+        deploy_env: dev
+
+    #
+    # # CS PR env deployment disabled during testing
+    #
+    # deploy_cs_pr_environment_infra:
+    #   name: 'Deploy CS PR infrastructure'
+    #   # if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+    #   needs:
+    #     - deploy_global_rg
+    #   permissions:
+    #     id-token: 'write'
+    #     contents: 'read'
+    #   secrets: inherit
+    #   uses: ./.github/workflows/environment-infra-cd.yml
+    #   with:
+    #     deploy_env: cs-pr
+    #     deploy_cs_pr_check_deps: true
+
+    # deploy_cs_pr_environment_services:
+    #   name: 'Deploy services to CS PR'
+    #   # if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
+    #   needs:
+    #     - service_ci
+    #     - deploy_cs_pr_environment_infra
+    #   permissions:
+    #     id-token: 'write'
+    #     contents: 'read'
+    #   secrets: inherit
+    #   uses: ./.github/workflows/services-cd.yml
+    #   with:
+    #     deploy_env: cs-pr
+    #     deploy_cs_pr_check_deps: true