Use GitHub Actions to create an Azure API Management resource instance

[As of May 20, 2020]

Japanese edition is here.

Recently I wrote an entry about how to use Azure DevOps to create Azure API Management resource instances (sorry, this entry is written in Japanese).

Now I would like to create an Azure API Management resource instance using GitHub Actions. I used the same ARM template and template parameter file as in the previous entry.

The original ARM template and parameter file exist in Azure Quickstart Templates repository.

Azure Quickstart Templates
Azure API Management instance having an MSI Identity with api-version 2017–03–01

1) Which actions used?

In this case, I used the following action.

Azure Resource Manager (ARM) Template Deployment JS

This action depends upon the following actions.

Azure Login

2) Create a secret for Azure

The following command is executed in cloud shell in order to create service principal. This service principal is requires in Azure Login action. You can narrow or expand a scope for the service principal as you need.

After executing this command, you should see similar JSON output to the following. This is a secret for Azure Login action, so you have to copy this JSON and paste somewhere.

Now it is time to create a secret. Choose the “Settings” tab in the repository, click the “Secrets” appeared in left, and click the “New secret” appeared in right.

Paste JSON copied previously to the field of “Value”. In this case, this secret was named “AZURE_CREDENTIALS”. Click the “Add secret” to save this secret. You cannot see stored secret after pushing “Add secret”, but you can overwrite or remove it.

3) Create a workflow

Click the “Actions” tab in a repository to create a workflow YAML file.

In this case, I chose “Simple workflow” and clicked “Set up this workflow”.

Default file name is “blank.yml”, so you should rename the YAML file. In my case, I renamed it to “create-api-management-instance.yml”. This file is stored in .github/workflows of the repository.

a) Triggers

In the original YAML file (Simple workflow), when “push” or “pull request” to master branch occurs, this workflow starts.

In this case, I used this setting as it was, but you should modify triggers as you needed. For more details, please check the following passage.

Triggering a workflow with events

b) Environment variables

You can declare environment variables in several scopes. In this case, I declared variables available in whole YAML file. When using variables, you should specify the following syntax.

${{ env.variables }} (e.g. ${{ env.ResourceGroup }} )

For more details, please check the following document page.

Using environment variables

c) Jobs

I modified the YAML file as follows.

Configuration points are listed below.

  • Login via Az module (azure/login@v1)
    Login Azure.
  • Run Az CLI script
    Create resource group.
  • Create API Management Instance with ARM action (jswhiteducksoftware/azure-arm-action-js@v1)
    Create resources based on an ARM template and a template parameter file.

4) Test

Now it is time to do test! Committing the YAML file triggers the workflow described in the YAML file.

You can see status of the workflow.


I verified and confirmed that GitHub actions allowed us to create Azure API Management resource instance. Major differences between Azure DevOps and GitHub actions are listed below. On the premise that GitHub is the “single source of truth”, you should design a workflow.

  • While ARM template deployment task in Azure DevOps has “validation only” mode in deployment mode options, the similar task in GitHub Actions, which was used in this case, does not have such option.
  • While approval feature has not been implemented yet in GitHub Actions, Azure DevOps has such a feature. Sometimes we could take advantage of approval on pull request as a workaround.
  • While Azure DevOps allows us to override parameters in tasks, GitHub actions does not.

Cloud Solution Architect @Microsoft, focusing on Application Development. ❤️Java (JVM/GraalVM) and open source technologies. All views are my own. Ex-🥑.