Connect Microsoft Azure to GitHub Actions

This blog post will learn how to connect a Microsoft Azure account and tenant to the GitHub actions repository.

About GitHub Actions

GitHub Actions is GitHub’s CI/DC automation product that allows organisations to automate, build, test and deploy the application to Microsoft Azure and other cloud providers.

The unique selling point of GitHub Actions compared to Azure DevOps pipelines is that GitHub Actions workflows are made of YAML files only without any GUI interface.

Before we connect Azure and GitHub Actions, we need to follow a few configuration steps requiring us to create an App Registration in Azure AD and a Service Principal Account with contributor permission.

Create Azure Active Directory App Registration

The first step in our process starts with creating an Azure AD App Registration application that will allow our service principal account access to Azure. To create an App Registration log in to Azure using Azure and run the following command.

 az ad app create --display-name githubactions --homepage "http://localhost/githubactions"  --identifier-uris http://localhost/githubactions 

Create Azure Service Principles Account

After creating the Azure AD application, we need a service account, and we will create it with the following Azure CLI command.

az ad sp create-for-rbac --name "githubactions" --role contributor --sdk-auth

Copy output

The above command will create the following output. Copy it as it is as we will need it for out next step in GitHub.

Note: The output below is per repository, so if you plan to create multiple repositories with GitHub Actions, make sure you save it.

{
   "clientId": "0000-0de0-0000-0000-0000",
   "clientSecret": "0000000000000000000000000000",
   "subscriptionId": "0000000000000000000000000000",
   "tenantId": "000000000000000000000000",
   "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
   "resourceManagerEndpointUrl": "https://management.azure.com/",
   "activeDirectoryGraphResourceId": "https://graph.windows.net/",
   "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
   "galleryEndpointUrl": "https://gallery.azure.com/",
   "managementEndpointUrl": "https://management.core.windows.net/"
 }

Create Secret

In the final step of our configuration process, we will create a secret in the GitHub Repository. To create a secret from the repository menu, click on Settings, as shown below.

From the left side menu click on secrets.

Click on create a new secret and name the secret AZURE_CREDENTIALS (don’t use a different name). Paste the code from the Copy Output section of this blog post and click on Add secret.

At this stage, you are ready to use and the workflow code below. You can see how GitHub Actions will use the Azure credentials to log in to Azure.

on: [push]

 

name: AzureLoginSample

 

jobs:

  build-and-deploy:

    runs-on: ubuntu-latest

    steps:

      - name: Log in with Azure

        uses: azure/login@v1

        with:

          creds: '${{ secrets.AZURE_CREDENTIALS }}'

          enable-AzPSSession: true

      - name: Azure PowerShell Action

        uses: Azure/powershell@v1

        with:

          inlineScript: Get-AzVM -ResourceGroupName "ubuntu-resources"

          azPSVersion: 3.1.0

Processing…
Success! You're on the list.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.