Use GitHub Actions to create an Azure API Management resource instance

1) Which actions used?

In this case, I used the following action.

2) Create a secret for Azure

The following command is executed in cloud shell in order to create service principal. This service principal is requires in Azure Login action. You can narrow or expand a scope for the service principal as you need.

az ad sp create-for-rbac --name <name> \
--role contributor
--scopes /subscriptions/{subscription ID} --sdk-auth
{
"clientId": "5bd0……..d12d",
"clientSecret": "265f……..5e40",
"subscriptionId": "subscription ID",
"tenantId": "tenant ID",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}

3) Create a workflow

Click the “Actions” tab in a repository to create a workflow YAML file.

a) Triggers

In the original YAML file (Simple workflow), when “push” or “pull request” to master branch occurs, this workflow starts.

b) Environment variables

You can declare environment variables in several scopes. In this case, I declared variables available in whole YAML file. When using variables, you should specify the following syntax.

c) Jobs

I modified the YAML file as follows.

  • Login via Az module (azure/login@v1)
    Login Azure.
  • Run Az CLI script
    Create resource group.
  • Create API Management Instance with ARM action (jswhiteducksoftware/azure-arm-action-js@v1)
    Create resources based on an ARM template and a template parameter file.

4) Test

Now it is time to do test! Committing the YAML file triggers the workflow described in the YAML file.

Conclusion

I verified and confirmed that GitHub actions allowed us to create Azure API Management resource instance. Major differences between Azure DevOps and GitHub actions are listed below. On the premise that GitHub is the “single source of truth”, you should design a workflow.

  • While ARM template deployment task in Azure DevOps has “validation only” mode in deployment mode options, the similar task in GitHub Actions, which was used in this case, does not have such option.
  • While approval feature has not been implemented yet in GitHub Actions, Azure DevOps has such a feature. Sometimes we could take advantage of approval on pull request as a workaround.
  • While Azure DevOps allows us to override parameters in tasks, GitHub actions does not.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akihiro Nishikawa

Akihiro Nishikawa

53 Followers

Cloud Solution Architect @ Microsoft. Passionate about Java (JVM/GraalVM) and open source technologies. All views are my own.