Deploying Azure Storage with Bicep and GitHub Actions (part 2)

by

Welcome to the second part of our series on deploying a storage account to Azure with Bicep and GitHub Actions. In this article, we will be discussing how to create a GitHub Actions pipeline to deploy our infrastructure to Azure.

Prerequisites

Before we begin, make sure you have the following:

  • An Azure account
  • A GitHub account
  • Basic knowledge of Bicep and GitHub Actions

Setting up the Pipeline

To set up the pipeline, we will be using the following GitHub Actions:

  • actions/checkout@main: This action checks out the code from the repository.
  • azure/login@v1: This action logs into Azure using the credentials stored in GitHub Secrets.
  • azure/arm-deploy@v1: This action deploys the Bicep file to Azure.

Here’s the YAML code for the pipeline:

on: [push]
name: Azure ARM
jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:

      # Checkout code
    - uses: actions/checkout@main

      # Log into Azure
    - uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}

      # Deploy Bicep file
    - name: deploy
      uses: azure/arm-deploy@v1
      with:
        subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }}
        resourceGroupName: ${{ secrets.AZURE_RG }}
        template: ./main.bicep
        parameters: 'storagePrefix=ops100 storageSKU=Standard_LRS'
        failOnStdErr: false

To deploy to Azure from GitHub Actions, you need to provide your Azure credentials to the pipeline. You can store your credentials as secrets in GitHub, which are encrypted and only accessible to authorized users. Here’s how you can set up your credentials:

  1. In the Azure portal, create a new service principal with the appropriate permissions to deploy resources to your subscription.
  2. In your GitHub repository, go to the Settings tab and click on Secrets.
  3. Click on New repository secret and enter the name and value of your Azure credentials.
  4. In your pipeline YAML file, reference the secret using ${{ secrets.<secret-name> }}.

Here’s an example of how to reference the AZURE_CREDENTIALS secret in your pipeline:

- uses: azure/login@v1
  with:
    creds: ${{ secrets.AZURE_CREDENTIALS }}

Conclusion

In this article, we discussed how to create a GitHub Actions pipeline to deploy a storage account to Azure using Bicep. We hope you found this article helpful.

Link: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-github-actions

Leave a comment