GitHub Actions
- Prerequisites
- Two ways to configure AzOps
- Configure AzOps via Portal
- Configure via command-line script
Before you start, make sure you have followed the steps in the prerequisites article to configure the required permissions for AzOps.
Links to documentation for further reading:
- Create the Service Principal
- Assign the permissions at the required scope (/)
- Assign the Directory role permissions
| Repository | Description |
|---|---|
| AzOps Accelerator | This template repository is for getting started with the AzOps integrated CI/CD solution. |
- via GitHub portal
- Via command-line script (GitHub )
-
AzOps Accelerator is a template repository and repository can directly created using
Use this template.Repository-
Click on
Use this templateButton to create new repository.
-
Specify whether the new repository should be public or private.
-
Review the information you entered, then click Begin import.
-
-
Create a service principal in Azure which will further be used for deployment via AzOps.
-
Sign in to your Azure Account through the Azure portal.
-
Select Azure Active Directory.
-
Select App registrations.
-
Name the application. Select a supported account type, which determines who can use the application.
-
-
Assign a role to the SPN
-
In the Azure portal, select the level of scope you wish to assign the application to. For example, to assign a role at the subscription scope, search for and select Subscriptions, or select Subscriptions on the Home page.
-
Select the particular subscription to assign the application to.
If you don't see the subscription you're looking for, select global subscriptions filter. Make sure the subscription you want is selected for the portal. -
Select Access control (IAM).
-
Select Select Add > Add role assignment to open the Add role assignment page.
-
Select the role you wish to assign to the application. For example, to allow the application to execute actions like reboot, start and stop instances, select the Contributor role.
Note: If this SPN is require to be used for assigning RBAC, then Owner access.
-
-
Navigate to Settings -> Secrets -> Actions and create the required secrets as depicted below
-
Untick
Allow merge commitsandAllow rebase mergingunder Settings -> General -> Pull Requests
-
Under Settings -> Actions -> General -> Workflow permissions, grant the workflow
Read and write permissionsas well asAllow GitHub Actions to create and approve pull requests
-
All the configuration values can be modified within the
settings.jsonfile to change the default behavior of AzOps. The settings are documented in Settings chapter -
Now, We are good to trigger pull to fetch the existing Azure environment. Navigate to Actions and run
AzOps - Pull
-
Once, pull pipeline complete it will look like below screenshot.
-
This
rootfolder contains existing state of Azure environment. -
Now, start creating arm template to deployment more resources as shown in below screenshot.
Note: Please follow above naming convention for parameter file creation.
- Run the Push pipeline to apply the update.
- Create the repository from the predefined template
gh repo create '<Name>' --template azure/azops-accelerator --private --confirm
- Add the repository secrets
gh secret set 'ARM_TENANT_ID' -b "<Secret>"
gh secret set 'ARM_SUBSCRIPTION_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_SECRET' -b "<Secret>"
- Disable Allow Merge commits and Allow rebase merging
gh api -X PATCH /repos/{owner}/{repo} -f allow_rebase_merge=false
gh api -X PATCH /repos/{owner}/{repo} -f allow_merge_commit=false
- Grant workflow "Read and write permissions" and "Allow GitHub Actions to create and approve pull requests" permissions
gh api -X PUT /repos/{owner}/{repo}/actions/permissions/workflow -f default_workflow_permissions='write'
gh api -X PUT /repos/{owner}/{repo}/actions/permissions/workflow -f can_approve_pull_request_reviews=true
- Initiate the first Pull workflow
gh api -X POST /repos/{owner}/{repo}/dispatches -f event_type='Enterprise-Scale Deployment'