GitHub Actions

As I’ve been working on my side project, I’ve been trying to work on my CI/CD skills and deploy all my resources through GitHub Actions. This project is made up of a couple of services, which each have their own infrastructure and application code. I’m deploying my resources to a single resource group in Azure. To deploy infrastructure to Azure via GitHub Actions, we need to authenticate to our Azure subscription. Via the command line, we can do this using PowerShell or the CLI, but that’s possible due to us being able to interact with the authentication process. ...

In my job, I build a lot of samples that I share with customers to show them how things work. A lot of my customers are interested in Azure Container Apps, so I want to be able to provide them with samples with pre-built container images, without having to share the entire application source code as well (especially if I’ve got a bunch of basic microservices, that don’t really need to be included in the sample). ...

Microsoft Defender for DevOps is a new capability in Defender for Cloud that provides visibility across multiple DevOps environments that you can use to centrally manage DevOps security, strengthen your infrastructure as code and help you prioritize critical issues in code across your pipeline and multiple cloud environments. This feature is currently in preview, and supports GitHub and AzureDevOps (with support for more platforms coming soon). As part of my job at Microsoft, I spend a lot of time helping engineers to use infrastructure as code to provision their resources to Azure, and help them to build pipelines that automates their deployments. In previous roles, I’ve used static code analysis within build pipelines to scan for vulnerabilities in my application code, so naturally I was keen to give this feature a try and apply it to my Bicep code. ...

In Azure, Managed Identities provide our Azure resources with an identity within Azure Active Directory. We can use this identity to authenticate with any service in Azure that supports Azure AD authentication without having to manage credentials. In Azure Cosmos DB, we can use managed identities to provide resources with the roles and permissions required to perform actions on our data (depending on what role we provide the identity) without having to use any connection strings or access keys to do so. ...

I’ve spent a lot of time with GitHub Actions lately and it’s been a lot of fun. I’ve had quite a bit of experience using Azure DevOps in my previous jobs and before GitHub Actions were a thing, I’d create Service Connections in Azure DevOps so that I could host my code in GitHub, but still run my build and deploy pipelines in Azure DevOps. This isn’t to say that GitHub Actions is better than Azure DevOps, nor vice-versa. This article is purely an informational piece on HOW you can use GitHub Actions to deploy your Functions to Azure. Specifically we’ll talk about: ...