Skip to content

GitHub Actions

Jump to bottom
github-actions edited this page Jan 13, 2022 · 16 revisions

AzOps Via GitHub

Prerequisites

Please check if the Az and AzureAD modules are installed locally before executing these scripts. Alternatively, these command can be run within a Cloud Shell instance.

Powershell command to create SPN:

Connect-AzAccount
$servicePrincipal = New-AzADServicePrincipal -Role Owner -Scope / -DisplayName AzOps
Write-Host "ARM_TENANT_ID: $((Get-AzContext).Tenant.Id)"
Write-Host "ARM_SUBSCRIPTION_ID: $((Get-AzContext).Subscription.Id)"
Write-Host "ARM_CLIENT_ID: $($servicePrincipal.ApplicationId)"
Write-Host "ARM_CLIENT_SECRET: $($servicePrincipal.Secret | ConvertFrom-SecureString -AsPlainText)"

Powershell command to assign the Directory role permissions

Install-Module -Name AzureAD
Connect-AzureAD
$servicePrincipal = Get-AzureADServicePrincipal -Filter "DisplayName eq 'AzOps'"
$directoryRole = Get-AzureADDirectoryRole -Filter "DisplayName eq 'Directory Readers'"
if ($directoryRole -eq $null) {
    Write-Warning "Directory Reader role not found"
}
else {
    Add-AzureADDirectoryRoleMember -ObjectId $directoryRole.ObjectId -RefObjectId $servicePrincipal.ObjectId
}

Important Repo Link to refer

Repo Description
AzOps Accelerator This template repository is for getting started with the AzOps integrated CI/CD solution.

Two ways to configure AzOps

  • via Portal
  • Via command line script

Configure AzOps via Portal

  • AzOps Accelerator is a template repository and repository can directly created using Use this template.Repo

    1. Click on Use this template Button to create new repository.

      Import-Git

    2. Specify whether the new repository should be public or private.

      GIT-Project

    3. Review the information you entered, then click Begin import.

      GIT-Repository

  • Create a service principal in Azure which will further be used for deployment via AzOps.

    1. Sign in to your Azure Account through the Azure portal.

    2. Select Azure Active Directory.

    3. Select App registrations.

    4. Name the application. Select a supported account type, which determines who can use the application. SPN

  • Assign a role to the SPN

    1. In the Azure portal, select the level of scope you wish to assign the application to. For example, to assign a role at the subscription scope, search for and select Subscriptions, or select Subscriptions on the Home page. Subscription

    2. Select the particular subscription to assign the application to. Subcription-2 If you don't see the subscription you're looking for, select global subscriptions filter. Make sure the subscription you want is selected for the portal.

    3. Select Access control (IAM).

    4. Select Select Add > Add role assignment to open the Add role assignment page.

    5. Select the role you wish to assign to the application. For example, to allow the application to execute actions like reboot, start and stop instances, select the Contributor role.

    Note: If this SPN is require to be used for assigning RBAC, then Owner access.

  • Configure the secrets: Navigate to settings on the newly created repository, select the Secrets section to create new secret.

    GIT-Secret

  • Select the Options sections, untick Merge commits and Rebase merging.

    GIT-Merge

  • All the configuration values can be modified within the settings.json file to change the default behavior of AzOps. The settings are documented in Settings chapter

  • Now, We are good to trigger pull to fetch the existing Azure environment. Navigate to Actions and run AzOps - Pull Workflow

  • Once, pull pipeline complete it will look like below screenshot. Root-git

  • This root folder contains existing state of Azure environment.

  • Now, start creating arm template to deployment more resources as shown in below screen shot. RG

Note: Please follow above naming convention for parameter file creation.

  • Run the Push pipeline to apply the update. Workflow

Configure via command line script

  • Create the repository from the pre-defined template
gh repo create '<Name>' --template azure/azops-accelerator --private --confirm
  • Add the repository secrets
gh secret set 'ARM_TENANT_ID' -b "<Secret>"
gh secret set 'ARM_SUBSCRIPTION_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_SECRET' -b "<Secret>"
  • Disable Allow Merge commits and Allow rebase merging
gh api -X PATCH /repos/{owner}/{repo} -f allow_rebase_merge=false
gh api -X PATCH /repos/{owner}/{repo} -f allow_merge_commit=false
  • Initiaite the first Pull workflow
gh api -X POST /repos/{owner}/{repo}/dispatches -f event_type='Enterprise-Scale Deployment'

This wiki is being actively developed
If you discover any documentation bugs or would like to request new content, please raise them as an issue.

Contributions to this wiki are done through the main repo under docs/wiki

Navigation

Getting started

Documentation

Contributing

Clone this wiki locally