-
Notifications
You must be signed in to change notification settings - Fork 166
GitHub Actions
github-actions edited this page Dec 27, 2022
·
16 revisions
Before you start, make sure you have followed the steps in the prerequisites article to configure the required permissions for AzOps.
If you are planning to use self-hosted runners, also verify that all required software is installed on your runners.
AzOps is supported with GitHub Enterprise Server version 3.4.0 or newer.
Links to documentation for further reading:
- Create the Service Principal
- Assign the permissions at the required scope (/)
- Assign the Directory role permissions
Repository | Description |
---|---|
AzOps-Accelerator | This template repository is for getting started with the AzOps integrated CI/CD solution. |
- Via GitHub portal
- Via command-line GitHub CLI
- Navigate to the AzOps-Accelerator repository and click on
Use this template
button to create new repository. If you are using GitHub Enterprise Server, you need to import the repository using the command-line. - Specify whether the new repository should be public or private.
- Review the information you entered, then click Begin import.
- Navigate to Settings -> Secrets -> Actions and create the required secrets as depicted below
- Untick
Allow merge commits
andAllow rebase merging
under Settings -> General -> Pull Requests - Under Settings -> Actions -> General -> Workflow permissions, grant the workflow
Read and write permissions
as well asAllow GitHub Actions to create and approve pull requests
- Navigate to Actions and run the
AzOps - Pull
workflow to create a representation of the existing Azure environment/scopes in the repository. The artifacts will by default be stored under theroot
folder.Note: All the configuration values can be modified through the
settings.json
file to change the default behavior of AzOps. The settings are documented under settings - The repository is now ready for use. Creating a Pull Request with changes to the
root
folder will trigger the validate pipeline. The validate pipeline will then perform a What-If deployment of the changes and post the results as a comment on the pull request.- Merging the pull request will rigger the push pipeline and deploy the changes to Azure.
- Create the repository from the predefined template
gh repo create '<Name>' --template azure/azops-accelerator --private --confirm
- Add the repository secrets
gh secret set 'ARM_TENANT_ID' -b "<Secret>"
gh secret set 'ARM_SUBSCRIPTION_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_ID' -b "<Secret>"
gh secret set 'ARM_CLIENT_SECRET' -b "<Secret>"
- Disable Allow Merge commits and Allow rebase merging
gh api -X PATCH /repos/{owner}/{repo} -f allow_rebase_merge=false
gh api -X PATCH /repos/{owner}/{repo} -f allow_merge_commit=false
- Grant workflow "Read and write permissions" and "Allow GitHub Actions to create and approve pull requests" permissions
gh api -X PUT /repos/{owner}/{repo}/actions/permissions/workflow -f default_workflow_permissions='write'
gh api -X PUT /repos/{owner}/{repo}/actions/permissions/workflow -F can_approve_pull_request_reviews=true
- Initiate the first Pull workflow
gh api -X POST /repos/{owner}/{repo}/dispatches -f event_type='Enterprise-Scale Deployment'