Deploying to Azure with GitHub Actions

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so welcome to this video on using github actions with Azure now we always think about github as a repository and get compatible so I can go and create various repositories I can use my code I can have local clones synchronize it fantastic solution but I want to focus on the github actions the ability to essentially create workflows pipelines that consist of one or more actions that does some step as part of my pipeline maybe it's logging into Azure maybe it's check out my code maybe it's deploy a template maybe it's build my application test my application now today github actions are great for the continuous integration the build of my code the test of my code for the continuous deployment part it's a bit weaker as your pipelines is still a lot stronger with gates and approvals and various types of check but what I'm gonna do is just walk through a basic set of github actions to authenticate to Asha get the contents of my repo and then deploy out an arm template now to do this to use github actions we need an organization now I can go ahead and create a new organization doesn't have to cost me anything if I go and look at my settings and I go ahead and look at my organization's I can go and create a new organization and it can be free so I can say hey join free give it a name contact email what account is linking to and I'll then have a github organization now I've already got one I'm going to use for this I'm going to switch over to my Sabol Tech organization and just like normal you're gonna have a repository now for the sake of this demonstration I'll create a new one so I'll go and add new repository I'm gonna put that in my Savage and I'm just gonna call this as a action demo deploy I'm gonna make it private and sure I have a readme and I'll create that repository so now you can see I've got my Savile Tech Azure action demo deploy if I go back to my org I now have two separate repositories now within this new repository you can see well I have my basic code this is what we're used to I can store my files you'll also see I have actions I don't have one yet I don't have a workflow I also have things like settings and settings are really useful for things like secrets I'm gonna need a secret to authenticate to Asia I don't want to put that in my code so I will actually go ahead and use a secret for my authentication to Asia and that secret is what I'll actually give various permissions to things within Asia in this case I'm gonna scope it just to a single resource group so I'm gonna create a principle within my Asia ad that just has rights on a single resource group then we're going to use for the testing as part of this video so I'm actually going to create this first so I'm actually gonna jump over super quick to the portal and then within the portal I'm just gonna open up a shell they can see here this is the resource group I'm gonna test with and it's currently empty now the reason I'm open in this shell is I'm going to create a new security principle and I'm gonna give it contributor on that resource group now I don't have to use the cloud shell it's just super easy to get access to the AZ commands so it would be an AZ ad so ad SP I'm gonna create a new service principle I'm gonna create it for role based access control a name now it's actually gonna correct me I should be like HTTP but it doesn't matter for this case and when I call it github action Asia and then I'm gonna give it a roll I'm gonna say it's a contributor and then I have to set the Scopes that is actually going to have those permissions on so I'm just going to cut and paste in my particular resource groups path so I'll paste this text and what I'm also going to do is it's gonna be SDK authentication so this command will create a new service principle in my Asha ad and then give it contributor on that resource group and it's gonna spit out some JSON which has a client secret and that's we're gonna use within that github as my secret so you can see that completed it actually changed as I mentioned my name from github Asia to the HTTP colon whack-whack and then it created the role assignment under my resource group then it's showing me the JSON so I'm gonna cut and paste that entire block of JSON note if I go and look at the access control of that resource group and the role assignments well we'll see that github action Asia service principle has been created and given that contributor right for this resource group back in my secrets area I can now say hey I'm gonna add a new secret and this is the name I will reference within my actual code so I'm gonna call it Asia underscore credentials that's what our reference in my code now the value is just that big block of JSON that was just generated so I'll paste that in and now I just click add secret to actually create it so now we have the secret ready and now we're ready to actually do our code so I'm going to jump over to code and notice I can do a clone or download so if I click this it will give me the URL that I care about so I'm going to copy that to my clipboard and now I'll jump over and in here I want to create a clone of this so I'll go to my documents projects my get folder and now I just wanna get clone of that and I'll create that to a folder as your action demo deploy so now if I go into that folder I just created I just had my readme but I now have a local clone of that project I can now actually go in and open the folder that I just created and now I can work with all of those various files that are part of my project now the other thing I'm gonna do super quickly is if I go to my actions I can say hey I want to create a new workflow so I'm just gonna say Paylor I'm gonna set up a workflow myself know it's got a name here that it kind of populated for me echo hello world kind of basic and it's just saving that as main Jemil but I can give that kind of any name I want in my case I'm gonna change that - azure armed deploy so I'm going to deploy and on fall to Azure and then I'm gonna leave that as is I actually don't want to edit it in here so I'm just gonna say start commit will say sure create initial yeah more so I do use yeah more files yet another markup language for github actions and I'll commit that in to the master branch so there's my new yeah more file that it creates under my github workflows folder so if I jump back over to my vs code if I go to my source control and I do a sync it will go and pull down the changes there's that github and there's the Yama file so I can edit it directly in here now the other thing I want is I want to store my arm template that I'm gonna deploy so I'm gonna create a new folder for my templates so I'll just call it arm templates and then what I'm gonna do is just create a new arm template under here so I'll create a new file and I'm just gonna call this storage account dot JSON so now I have a new template file and what I'm gonna do is cut and paste an existing template I have super simple it's just gonna create a storage account it's really just one parameter that you can pass the type and you can pass location but I'm going to grab that from the resource group by default so now I have a JSON file and what I want to do is I'm gonna start from scratch really for my actual deployment and walk through what it is I actually need so I'm just going to delete all of this so the first thing we have to have is what is the name for this so in my case is just that Asia arm deploy and then my workflow is gonna be made up of one or more jobs so I'm gonna have my jobs and firstly I'm gonna have a job that does my deployment now it's going to run on something so it's gonna run on my a bun to latest and then this particular job has a series of steps so I can say well my steps then I can have well my first step is gonna be login to Asha and what I'm going to use is a particular github action there's actually an azure log in action if I go to github.com slash are slash actions I can actually see the various actions that are available to me so when goes through and look at all of these see the first one is as your login so if I select that well I can go ahead and see well right okay yet their runs on a bunch of latest my steps use his asha slash login at v1 you see in there examples actually use the creds and actually forgot this little - when I was typing this in so what we do is we'll take this and I will cut and paste that into my file so he rather than typing all that in there so we're gonna use the log in github action we're going to use that secret and I did call it as a underscore credentials I don't have to change that so that will authenticate now the next thing I'm actually going to do is get out my source code otherwise it's not going to be available to me so what I'll do over here is my next step I'm gonna say well my name I'm gonna say check out a source code and what I'm going to do for this one is it's using just actions check out and it's v2 so that's just a standard github action and I actually have missed a name up here that should be named log into Azure there we go so I'm logging in and then I'm checking out my source code now the next thing I want to do is do that deployment so my name is deploy arm template now if we look at the example they used they just use run : and I can absolutely just use run : that essentially just is like sitting at the console of the job that it's spinning up that console and typing in the commands I'm gonna use the AZ deployment you don't get as much feedback if there are problems using that I prefer to actually use the AZ CLI github action if there's an error you actually get more feedback on the problem so I'm actually gonna take the azure CLI and use that github action so now I'll paste that in just take that name out my own one so I'm going to use the azure CLI v1 with and what I'm gonna do here is I'm gonna use an inline script just get my indentation right so I'm going to use inline script and then I'm just gonna run a series of steps now I'm not gonna type all of this in I'm just gonna do an AZ deployment so doing an AZ deployment to a resource group my name is a storage account deployment to that resource group that I showed you that was empty passing in the template file arm templates slash storage account JSON notice it starts from the root of the path I am checking out the code so arm templates is a root level folder and then the file in that folder and I'm passing in a parameter now the only other thing I have to add in this is we'll notice it's got my name as your arm template but I have to tell it well when should it actually call this so I'm gonna say look whenever there is a push so when I push my code to the repository it's gonna call this template so I can say this so I've got my when it runs on push my name as your arm template the jobs I have one job called deploy it's gonna run on the abun to latest I have a series of steps log into Azure using the azure log in github action with the credentials from my repository then I'm going to make sure I check out the source code so I can use the files in the repository as part of this workflow my pipeline I'm going to deploy an arm template using this inline script so I've saved this file and now what I need to do is obviously check these things in so I click Add I'm gonna say populate repo commit se4all now remember that just saved it to my copy of the repo I've not actually pushed anything as yet to the actual main repo that remote origin so what I do is with envy as code I want to say sync so now if I jump over remember my resource group is empty and what it's now doing is updating this so if I actually go ahead for example now look at my actions you can see actually is doing something though is that populate repo that commit I just did was actually fired off the action because remember what was it it was on push well I just push the code so it's actually making it run so if we go and look at it for example I can see there's a job in process it's currently doing that deployment this company's doing that login to Asha then it will go and check out the source code and deploy the arm template as you can see the login worked it's checked out the source code now it's trying to deploy the arm template and then I don't really do anything to clean it up because that worker that's running this will just get deleted so that check out the code will just get deleted as well so I can see it finished so that deployment is good I can go back one job completed I can see the actual file that it used as part of that and if I actually go and look at my resource group this is normally a little bit slow but there it is it did that deployment meeting my specification and that's good I have actions again we're using vs code to actually do the editing I don't have to I could use other tools but it was really super simple we have well when should this workflow this pipeline get triggered when I do a push to the repo a set of steps that are part of my job login using that secret so the secrets not just in plain text in a file somewhere I checked out my source code super-important if I want to use the source code in the steps then I used the azure CLI to actually run an inline script do the deployment and just to give you an example if I come and look at my ivory PO this was when I was learning experimenting with various things I had lots of failures as you typically do when you're learning something and you can see here lots of times things wasn't working and if I go and look at this if you look at the workflow file in this version i just used run i wasn't using the AZ CLI and the deployment was failing when I look at the deployment failing I just get kind of this block of code there were errors there was a kind of error object but didn't really give me anything useful to work out well why was it failing he just said it's not valid well then I went back and I'm a version again and I changed it to use the azure CLI still failed but in this version instead of run I'm using that outer CLI this time in the deployment I get the actual reasons for the failure in this case you can see kind of this message account name invalid it was basically too long so it's just for me the azure CLI is far more useful when I'm doing things like a template deployment because I get the full arrow back rather than just saying hey it failed so that was it github actions deploying to Azure and as always if you look in the description of this video I'll put this kind of sample yam all up in my kind of general github repository which is the one that I've been using over here so you can just go and see my random stuff and that's where that's posted I hope this was useful please like share comment subscribe until next video take care
Info
Channel: John Savill's Technical Training
Views: 20,612
Rating: undefined out of 5
Keywords: Azure, GitHub, GitHub Actions, ARM Template, Azure Deployment, DevOps
Id: FeSMRFkaRIU
Channel Id: undefined
Length: 21min 40sec (1300 seconds)
Published: Tue May 12 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.