Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Part 4.2 GitHub Actions manage Microsoft Azure Cloud with az CLI

In this article, I will guide through the procedure of securely keeping Azure credentials in GitHub Actions Repository Secrets and using them to authenticate with Azure CLI commands. This enables the execution of GitHub Actions workflows, automating various tasks and deployments in Azure. By storing Azure credentials as secrets in GitHub, 
You can Authenticate to Azure services using the Azure Identity library and Execute Azure CLI commands to manage resources and deployments

To create and store Azure credentials (client ID, client secret, tenant ID, and subscription ID) as secrets in your GitHub repository, Under settings create new repository secret. Add name AZURE_CREDENTIALS and int he Secret provide json format value for clientid, clientsecret, tenantid and subscriptionid inside curly braces block {}.

Check out these complete DevOps series
Part 1: Create GitHub repository and branches using Terraform
Part 2 Terraform modules using a github.com repository as a source
Part 3 Automating and Planning Azure Resources with Terraform and GitHub Actions
Part 4 GitHub Actions deploy azure resources with Terraform backend
Part 4.1 GitHub Actions deploy azure resources with PowerShell
Part 4.2 GitHub Actions manage Microsoft Azure Cloud with az CLI
Azure OIDC OpenID Connect password less with GitHub Actions

Github actions azurecli az cli clientid clientsecret subscription id tenantid git repository branches add secrest codespace AZURE_CREDENTIALS settings automation devops pull request security insights rules tags environement variable.png

Below is my GitHub Actions workflow YAML file, which showcases the authentication process using the AZURE_CREDENTIALS secret. Specifically, I've defined the creds variable as creds: ${{ secrets.AZURE_CREDENTIALS }}, which enables secure authentication for the az login command.

Furthermore, I've added an additional job task to execute another command, retrieving the list of Resource Groups from Azure. This YAML file is strategically located in the .github/workflows folder, ensuring seamless integration with my GitHub Actions workflow.

This configuration empowers my workflow to authenticate with Azure and perform various tasks, such as listing Resource Groups, leveraging the power of Azure CLI and GitHub Actions.

# Name of the action that will trigger
name: AzCLI

# On push event occur
on: push

# Jobs section
jobs:
  azcli:
    name: AzCLI
    runs-on: ubuntu-latest # OS where job will trigger
    #Use the bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest or windows-latest
    #Setting default bash shell
    defaults:
      run:
        shell: bash
    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v3

    - name: Login to Azure
      uses: azure/login@v2
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}

    - name: Execute Az CLI command
      run: |
        az group list --output table

Here my complete workflow project I pushed to GitHub.com. Yaml files mentioned inside folder workflows will auto trigger the jobs and task.

PowerShell git push commit add configuration github actions secrets and variable setup credentials subscription id tenant id client id secret secure login devops ci cd source control versioning.png

Below is the output of the the auto triggered job task of Az CLI command. Login is successful and also able to execute az commands.

Azure cli az cli login to microsoft azure execute az cli command run az grouplist output table github action devops cicd pipeline powershell configuration credentials oidc conguration management setup automation.png

Useful Articles
Part 1 Git version control integration in Visual Studio Code
Part 2 Git master branch source control integration in Visual Studio Code
Part 3 Git clone version control integration in Visual Studio Code
Remote: Permission to UserName/repo.git denied to OtherUserName fatal: unable to access 'https://github.com/UserName/repo.git/': The requested URL returned error: 403
Step by Step guide to push your first project to github.com
Running Your First PowerShell Scripts With Jenkins and Git
Git clone or push Missing or invalid credentials fatal authentication failed
PowerShell How to find file and folders in Azure Storage Account Blobs and Containers
DevOps Part 1.1 SCM Git - Create Resource Group in Microsoft Azure
DevOps Part 1.2 SCM Git - Create Virtual Network (vNET) in Microsoft Azure
Solved Visual studio Code make sure you configure your user.name and user.email in git
Logging and Working on BitBucket using Git SSH url

Go Back

Comment

Blog Search

Page Views

12086155

Follow me on Blogarama