Using Workload Identities for Bicep Deployments in GitHub Actions
As I’ve been working on my side project, I’ve been trying to work on my CI/CD skills and deploy all my resources through GitHub Actions. This project is made up of a couple of services, which each have their own infrastructure and application code. I’m deploying my resources to a single resource group in Azure.
To deploy infrastructure to Azure via GitHub Actions, we need to authenticate to our Azure subscription....
Pushing container images to GitHub Container Registry
In my job, I build a lot of samples that I share with customers to show them how things work. A lot of my customers are interested in Azure Container Apps, so I want to be able to provide them with samples with pre-built container images, without having to share the entire application source code as well (especially if I’ve got a bunch of basic microservices, that don’t really need to be included in the sample)....
Configure Bicep code scanning in GitHub with Microsoft Defender for DevOps
Microsoft Defender for DevOps is a new capability in Defender for Cloud that provides visibility across multiple DevOps environments that you can use to centrally manage DevOps security, strengthen your infrastructure as code and help you prioritize critical issues in code across your pipeline and multiple cloud environments.
This feature is currently in preview, and supports GitHub and AzureDevOps (with support for more platforms coming soon). As part of my job at Microsoft, I spend a lot of time helping engineers to use infrastructure as code to provision their resources to Azure, and help them to build pipelines that automates their deployments....
Using Managed Identities to authenticate with Azure Cosmos DB
In Azure, Managed Identities provide our Azure resources with an identity within Azure Active Directory. We can use this identity to authenticate with any service in Azure that supports Azure AD authentication without having to manage credentials. In Azure Cosmos DB, we can use managed identities to provide resources with the roles and permissions required to perform actions on our data (depending on what role we provide the identity) without having to use any connection strings or access keys to do so....
Deploying C# Azure Functions via GitHub Actions
I’ve spent a lot of time with GitHub Actions lately and it’s been a lot of fun. I’ve had quite a bit of experience using Azure DevOps in my previous jobs and before GitHub Actions were a thing, I’d create Service Connections in Azure DevOps so that I could host my code in GitHub, but still run my build and deploy pipelines in Azure DevOps.
This isn’t to say that GitHub Actions is better than Azure DevOps, nor vice-versa....