Execute scripts against Azure from GitHub Actions

2 minute read

Within Azure DevOps service connections are used for the authentication against the Azure platform but in GitHub this works a little bit different. Let me explain how to setup a connection to your Azure Subscription to execute scripts.

GitHub Secret

The information for the authentication is saved within so called secrets that are encrypted within GitHub that are saved on the organization, repository or repository environment level. The credential information for the authentication against Azure is saved in a json object.

    "clientId": "[clientId]",
    "clientSecret": "[clientSecret]",
    "subscriptionId": "[subscription id]",
    "tenantId": "[Azure Active Directory Tenant Id]"

As you can see in the above snippet a Service Principal is used to authenticate against Azure. So to get started make sure you have a service principal or that you create one. Documentation about that can be found on docs.microsoft.com:

Follow the below steps to create a repository secret:

  1. Within the GitHub repository go to settings and then secrets.
GitHub Secrets
  1. Click on "new repository secret"
  2. Fill in a name for the secret and use the json object for the value of the secret.
GitHub Actions Secret

Use the Azure steps within GitHub Actions

With the secret in the repository the actions to communicate with Azure can be added to the workflow. First up is adding the Azure Login action.

GitHub Actions - Azure Login

In this action the secret needs to be referenced by "secrets.[Secret Name]". The action will make sure that you are loggedin.

- name: Azure Login	
  uses: Azure/login@v1
	creds: $

Note: If you want to make use of Azure PowerShell make sure to add the following property: "enable-AzPSSession: true"

Now that you are authenticated the script can be executed against Azure using the context that was initiated via the Azure Login action. There is no need for additional configuration of the context.

The following actions creates a Azure Template Spec for example.

- name: Azure CLI Action	
	uses: Azure/cli@1.0.4
	inlineScript: az ts create --name az-tempspec-bicepmodulestorage-github --version "1.0" 
    --resource-group sponsor-rg-templatespecs --location "westeurope" --template-file