The time has come, you have the code, but we need to also think about how to automate and execute it. For that, you will use GitHub Actions that allow you to create and perform any job such as Continuous Integration / Continuous Deployment (CI/CD) workflows that would be part of a completely customized and automated procedure.
In the previous steps, you have created several elements like the custom virtual machine image with the Azure Image Builder service, or a customized ARM template to deploy the infrastructure that your solution needs.
In this challenge, we ask you to build an automated CI/CD workflow that creates the image, compiles the bicep language to a template, and then deploys this template to your Azure subscription.
- You have created a new workflow that can be run automatically
- Inside the workflow, you have at least two differentiated blocks, one for CI and another one for CD
- You keep your sensitive data secure using environments and secrets
- The ARM Template is generated using bicep inside the workflow
- The Azure Image Builder Service is used to generate the image for each workflow run
- A manual review is needed to run the CD steps, to ensure that someone checks the build results before allowing the deployment in Azure.
Note: If you haven't already done it, register for a GitHub Account
A CI/CD workflow in GitHub Actions is defined in a YAML file inside a special directory with the name .github/workflows, and has a structure similar to this one:
name: my-first-workflow
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
- run: npm install
- ...
deploy:
runs-on: ubuntu-latest
needs: build
steps:
- name: Azure login
uses: Azure/[email protected]
with:
creds: ${{secrets.AZ_CREDENTIALS}}
- ...Every job represents a phase of the workflow, and can be run in parallel, or sequentially if you define a dependency (needs). Inside a job, you find the steps that will perform the tasks you need. There are a lot of already defined Actions that allow you to run complex tasks inside your job in only one simple parametrizable step.
Learn how to create your own workflow in the Quickstart for GitHub Actions.
The GitHub workflows can run under an environment where you can store secrets and enhance the protection level using features like the Required reviewers.
To connect to your Azure Account from GitHub Actions you will also need to provide the credentials for a Service Principal like indicated in the Deploy ARM with GitHub Actions guide.
- GitHub Actions
- GitHub Actions Quickstart
- Deploy ARM with GitHub Actions
- ARM deployment troubleshooting
- Image Builder Action
- Build custom VM with Actions
- GitHub Environments Protection
Once this section is completed, go back to the agenda.