Tools2023-04-27

CI/CD with Azure and GitHub Actions

Maximize developer team efficiency with Azure-GitHub Actions integration. Learn how to automate workflows, enhance security, and improve collaboration.
CI/CD with Azure and GitHub Actions

Azure is a popular cloud service provider owned and managed by Microsoft, it offers Platform and Infrastructure as a service for developers and software teams to build, test, manage, and deploy applications.

GitHub Actions is a powerful tool that allows developers to automate their workflows and improve productivity. GitHub Actions and Azure are two powerful tools that can greatly benefit developer teams. By connecting GitHub Actions to Azure, developer teams can automate their workflows and improve their productivity.

In this article, we will discuss how to connect GitHub Actions to Azure securely and provide some shortcuts that the GitHub guides don't show.

Benefits of integrating Azure with GitHub Actions

Find out the benefits of integrating the two CI/CD tools:

Workflow automation

One of the key benefits of GitHub Actions is the ability to automate workflows. Developer teams can create custom workflows that automate tasks such as building, testing, and deploying applications. These workflows can be triggered automatically based on specific events, such as code changes, pull requests, or releases.

By automating workflows, developer teams can save time and reduce errors. Manual tasks, such as building and deploying applications, can be time-consuming and error-prone. Automating these tasks with GitHub Actions can improve the speed and accuracy of the development process.

Integration with Azure

By integrating with Azure, developer teams can streamline their development process and improve their efficiency. They can take advantage of the many tools and services offered by Azure, without having to manage their own infrastructure. Get up to speed with the build process through repository monitoring for commits, or merges.

Improved Security

Another important benefit of connecting GitHub Actions to Azure that cannot be overlooked is improved security. GitHub Actions and Azure both provide a variety of security features that can help protect the application and data layer.

For example, GitHub Actions provides the ability to encrypt and store secrets securely. This helps to prevent unauthorized access to sensitive information, such as passwords and API keys.

Azure provides a variety of security features, such as network security groups, firewalls, and identity and access management. These features can help protect applications and data from external threats.

By using both GitHub Actions and Azure, developer teams can improve the security of their applications and data. They can take advantage of the many security features offered by these tools to help protect against unauthorized access and other security threats.

Managing Collaborations

GitHub Actions and Azure also provide powerful collaboration features that can benefit developer teams. By using these tools, developer teams can collaborate more effectively and efficiently.

For example, GitHub Actions provides the ability to create and share custom workflows with other team members. This can help to ensure that everyone is using the same processes and tools, which can improve the consistency and quality of the development process.

Azure provides a variety of collaboration features, such as role-based access control and team management. These features can help to ensure that team members have the appropriate access and permissions to perform their tasks.

By using both GitHub Actions and Azure, developer teams can collaborate more effectively and efficiently. They can take advantage of the many collaboration features offered by these tools to help ensure that everyone is working together effectively.

Setting Up Azure-GitHub Actions Integration

Follow the below steps to integrate the two:

Step 1: Create an Azure Service Principal

Before you can connect GitHub Actions to Azure, you need to create an Azure Service Principal. The Service Principal is a security principal that provides access to Azure resources. You can create a service principal with the Azure CLI (see the image attached below), Azure Powershell, or on the Azure portal. For the article, I’ll be using the Azure portal, the service principal created will authenticate and authorize GitHub Actions to access Azure resources.

Create an Azure Service Principal

This command creates a new Service Principal named "MyGitHubActionsApp" and assigns it the "contributor" role at the specified scope. It also generates an authentication key that can be used to authenticate with Azure.

To create an Azure Service Principal, follow these steps:

  • Log in to the Azure Portal (https://portal.azure.com/).
  • Click on the Azure Active Directory icon on the left-hand side of the screen.
Creating an Azure Service Principal for GitHub Actions
  • Click on the App Registrations option.
  • Click on the New Registration button.
Azure test tenant
  • Enter a name for the Service Principal.
  • Select "Accounts in this organizational directory only" as the Supported account type.
  • Set the Redirect URI to "https://localhost".
  • Click on the Register button.
  • On the Overview page, copy the Application (client) ID and Directory (tenant) ID. We will use these values later.
  • Click on the Certificates & Secrets option.
  • Click on the New client secret button.
Azure purview test
  • Enter a description for the secret.
  • Set the expiration date for the secret.
  • Click on the Add button.
  • Copy the value of the client secret. We will use this value later.

Step 2: Create a GitHub Secret

Now that we have created an Azure Service Principal, we need to create a GitHub secret that will store the Azure credentials securely. GitHub secrets are encrypted variables that can be used in GitHub Actions workflows. We will use the GitHub secret to store the service principal credentials.

To create a GitHub secret, follow these steps:

  • Open your GitHub repository in a browser.
  • Click on the Settings tab.
  • Click on the Secrets option.
  • Click on the new repository secret button.
  • Enter a name for the secret. For example, "AZURE_CREDENTIALS".
  • Copy the following code snippet into the Value field, replacing the placeholders with the actual values from your Service Principal
Create a GitHub Secret
  • Click on the Add secret button.

Step 3: Add Azure Login Action

Now that we have created an Azure Service Principal and a GitHub secret, we can add the Azure Login action to our GitHub Actions workflow. The Azure Login action will authenticate GitHub Actions to Azure using the Service Principal credentials.

To add the Azure Login action, follow these steps:

  • Create a new file in your GitHub repository under the .github/workflows directory. Name the file "azure.yml".
  • Copy the following code into the file:
 Add Azure Login Action
  • Commit the changes to your repository.
  • Use Azure Resource Manager (ARM) Templates to Deploy Infrastructure. The Azure resource manager templates are JSON files that define the resources to be deployed to Azure. Here's an example of how to use an ARM template in your workflow:
Azure Resource Manager (ARM) Templates

This action will deploy an Azure virtual machine (VM) using the specified ARM template. The "adminPassword" parameter is read from a GitHub Secret called "VM_PASSWORD".

The Azure Login action will run every time you push changes to your repository. It will authenticate GitHub Actions.

Finally, it's important to stay up to date with security practices to monitor and audit your GitHub Actions workflows and Azure resources for signs of any suspicious activity or security breaches. GitHub and Azure both provide various monitoring and logging tools that can be used for this purpose.

For example, you can use GitHub's audit log to track changes to your repository and monitor for any unusual activity. You can also use Azure Monitor to monitor your Azure resources and alert you to any security or performance issues.

Conclusion

In conclusion, connecting GitHub Actions to Azure can provide many benefits for developer teams. By automating workflows, integrating with Azure, improving security, and enhancing collaboration, developer teams can improve their productivity and efficiency. These tools can help to streamline the development process and ensure that everyone is working together effectively. If you're a developer or part of a developer team, consider connecting GitHub Actions to Azure to take advantage of these many benefits.

However, simply using Azure DevOps, might not be enough to get the best out of your project space, an engineering analytics tool can equip you with the data-driven insights you need to place your team on top. Hatica offers metrics across 13 dashboards, powered by CI/CD tools, JiraGitHub, Azure, CircleCI and GitLab. By collating tool activities at one place, Hatica helps teams streamline their workflow and improve productivity.

Subscribe to the Hatica blog today to read more about unblocking developers, and boosting productivity with engineering analytics. 

TL;DR

Subscribe to Hatica's blog

Get bi-weekly insights straight to your inbox

Share this article:
Table of Contents
  • Benefits of integrating Azure with GitHub Actions
  • Workflow automation
  • Integration with Azure
  • Improved Security
  • Managing Collaborations
  • Setting Up Azure-GitHub Actions Integration
  • Step 1: Create an Azure Service Principal
  • Step 2: Create a GitHub Secret
  • Step 3: Add Azure Login Action
  • Conclusion
  • TL;DR

Ready to dive in? Start your free trial today

Overview dashboard from Hatica