Saturday, 1 January 2022

Executing Azure CLI Commands with GitHub Actions

 Azure CLI is very powerful in deploying or managing Azure resources programmatically. Generally Azure CLI is used in cloud shell or in PowerShell scripts to deploy and manage resources in Azure. We can use Azure CLI commands in PowerShell script tasks with GitHub Actions to automate resource deployments to Azure. Let's explore the steps required.

As the first step of executing Azure CLI commands in GitHub Actions you will have to execute a az login command, to authenticate with Azure. az login can be done with a service principal credentials instead of a user for this purpose. Creating a service principal (SPN) in Azure is explained here. For security purpose we should be storing the service principal information as a secret in GitHub repo to use for az login action.

With service principal information create a json string as shown below.


    "clientId": "appregistrationidguid",

    "clientSecret": "appregistrationpasswordguid",

    "subscriptionId": "subscriptionidguid",

    "tenantId": "tenantidguid"


Then this string can be saved in GitHub repo settings as a secret which we will be using later to authenticate for az login. Let's create a secret named AZURE_CREDENTIALS with SPN details.

 As the next step you can create following workflow in the GitHub. In the azure/login@v1 task we can supply the repo secret AZURE_CREDENTIALS we created, as creds. Then we can use a pwsh task in ubuntu runner to run any command as we have logged in using the SPN details to Azure. As an example we are listing the resource groups to a table.

name: Azure CLI

    runs-on: ubuntu-latest
      - name: 'Az CLI login'
        uses: azure/login@v1
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: 'Run az commands'
        shell: pwsh
        run: |
          az group list --out table

Once you run the workflow you can see the resource groups are listed after successful login to Azure.

No comments:

Popular Posts