Skip to content

GitHub Actions

Jump to bottom
github-actions edited this page Nov 21, 2023 · 16 revisions

AzOps Via GitHub

Prerequisites

Before you start, make sure you have followed the steps in the prerequisites article to configure the required permissions for AzOps.

If you are planning to use self-hosted runners, also verify that all required software is installed on your runners.

For those using GitHub Enterprise Server (GHES), AzOps is supported with GitHub Enterprise Server version 3.4.0 or newer.

Further reading

Links to documentation for further reading:

Important Repository link to refer

Repository Description
AzOps-Accelerator This template repository is for getting started with the AzOps integrated CI/CD solution.

Two ways to configure AzOps

Configure AzOps via Portal

  1. Navigate to the AzOps-Accelerator repository and click on Use this template button to create new repository. If you are using GitHub Enterprise Server, you need to import the repository using the command-line. Import-Git
  2. Specify whether the new repository should be public or private. GIT-Project
  3. Review the information you entered, then click Begin import. GIT-Repository
  4. Navigate to Settings -> Secrets -> Actions and create the required secrets as depicted below. Note that ARM_CLIENT_SECRET is not required when using federated credentials. GIT-Secret
  5. Untick Allow merge commits and Allow rebase merging under Settings -> General -> Pull Requests GIT-Merge
  6. Under Settings -> Actions -> General -> Workflow permissions, grant the workflow Read and write permissions as well as Allow GitHub Actions to create and approve pull requests GIT-Permissions
  7. Navigate to Actions and run the AzOps - Pull workflow to create a representation of the existing Azure environment/scopes in the repository. The artifacts will by default be stored under the root folder. Workflow Root-git

    Note: All the configuration values can be modified through the settings.json file to change the default behavior of AzOps. The settings are documented under settings

  8. The repository is now ready for use. Creating a Pull Request with changes to the root folder will trigger the validate pipeline. The validate pipeline will then perform a What-If deployment of the changes and post the results as a comment on the pull request.
    • Merging the pull request will rigger the push pipeline and deploy the changes to Azure.

Configure via command-line

  • Create the repository from the predefined template
gh repo create '<Name>' --template azure/azops-accelerator --private --confirm
  • Add the repository secrets
gh secret set 'ARM_TENANT_ID' -b "<Secret>"
gh secret set 'ARM_SUBSCRIPTION_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_SECRET' -b "<Secret>" # Not required when using federated credentials((https://github.com/azure/azops/wiki/oidc)
  • Disable Allow Merge commits and Allow rebase merging
gh api -X PATCH /repos/{owner}/{repo} -f allow_rebase_merge=false
gh api -X PATCH /repos/{owner}/{repo} -f allow_merge_commit=false
  • Grant workflow "Read and write permissions" and "Allow GitHub Actions to create and approve pull requests" permissions
gh api -X PUT /repos/{owner}/{repo}/actions/permissions/workflow -f default_workflow_permissions='write'
gh api -X PUT /repos/{owner}/{repo}/actions/permissions/workflow -F can_approve_pull_request_reviews=true
  • Initiate the first Pull workflow
gh api -X POST /repos/{owner}/{repo}/dispatches -f event_type='Enterprise-Scale Deployment'

This wiki is being actively developed
If you discover any documentation bugs or would like to request new content, please raise them as an issue.

Contributions to this wiki are done through the main repo under docs/wiki

Navigation

Getting started

Documentation

Contributing

Clone this wiki locally