In this article, I will guide through the procedure of securely keeping Azure credentials in GitHub Actions Repository Secrets and using them to authenticate with Azure CLI commands. This enables the execution of GitHub Actions workflows, automating various tasks and deployments in Azure. By storing Azure credentials as secrets in GitHub,
You can Authenticate to Azure services using the Azure Identity library and Execute Azure CLI commands to manage resources and deployments
To create and store Azure credentials (client ID, client secret, tenant ID, and subscription ID) as secrets in your GitHub repository, Under settings create new repository secret. Add name AZURE_CREDENTIALS and int he Secret provide json format value for clientid, clientsecret, tenantid and subscriptionid inside curly braces block {}.
Check out these complete DevOps series
Part 1: Create GitHub repository and branches using Terraform
Part 2 Terraform modules using a github.com repository as a source
Part 3 Automating and Planning Azure Resources with Terraform and GitHub Actions
Part 4 GitHub Actions deploy azure resources with Terraform backend
Part 4.1 GitHub Actions deploy azure resources with PowerShell
Part 4.2 GitHub Actions manage Microsoft Azure Cloud with az CLI
Azure OIDC OpenID Connect password less with GitHub Actions
Below is my GitHub Actions workflow YAML file, which showcases the authentication process using the AZURE_CREDENTIALS secret. Specifically, I've defined the creds variable as creds: ${{ secrets.AZURE_CREDENTIALS }}, which enables secure authentication for the az login command.
Furthermore, I've added an additional job task to execute another command, retrieving the list of Resource Groups from Azure. This YAML file is strategically located in the .github/workflows folder, ensuring seamless integration with my GitHub Actions workflow.
This configuration empowers my workflow to authenticate with Azure and perform various tasks, such as listing Resource Groups, leveraging the power of Azure CLI and GitHub Actions.
# Name of the action that will trigger name: AzCLI # On push event occur on: push # Jobs section jobs: azcli: name: AzCLI runs-on: ubuntu-latest # OS where job will trigger #Use the bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest or windows-latest #Setting default bash shell defaults: run: shell: bash steps: # Checkout the repository to the GitHub Actions runner - name: Checkout uses: actions/checkout@v3 - name: Login to Azure uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - name: Execute Az CLI command run: | az group list --output table
Here my complete workflow project I pushed to GitHub.com. Yaml files mentioned inside folder workflows will auto trigger the jobs and task.
Below is the output of the the auto triggered job task of Az CLI command. Login is successful and also able to execute az commands.
Useful Articles
Part 1 Git version control integration in Visual Studio Code
Part 2 Git master branch source control integration in Visual Studio Code
Part 3 Git clone version control integration in Visual Studio Code
Remote: Permission to UserName/repo.git denied to OtherUserName fatal: unable to access 'https://github.com/UserName/repo.git/': The requested URL returned error: 403
Step by Step guide to push your first project to github.com
Running Your First PowerShell Scripts With Jenkins and Git
Git clone or push Missing or invalid credentials fatal authentication failed
PowerShell How to find file and folders in Azure Storage Account Blobs and Containers
DevOps Part 1.1 SCM Git - Create Resource Group in Microsoft Azure
DevOps Part 1.2 SCM Git - Create Virtual Network (vNET) in Microsoft Azure
Solved Visual studio Code make sure you configure your user.name and user.email in git
Logging and Working on BitBucket using Git SSH url