azure-arm-action

README

GitHub Action for Azure Resource Manager (ARM) deployment

A GitHub Action to deploy ARM templates.

Dependencies

• Checkout To checks-out your repository so the workflow can access any specified ARM template.

Inputs

• creds Required
  Create Service Principal for Authentication

• templateLocation Required
  Specify the path to the Azure Resource Manager template.
  (See assets/json/template.json)

• resourceGroupName
  Provide the name of a resource group.
  If you dont pass a resource group name the template will be deployed at subscription scope

• deploymentMode
  Incremental (only add resources to resource group) or Complete (remove extra resources from resource group). Default: Incremental.

• deploymentName
  Specifies the name of the resource group deployment to create.

• parameters
  Specify the path to the Azure Resource Manager parameters file or pass them as space delimited Key-Value Pairs.
  (See examples/Advanced.md)

• overrideParameters
  Specify the path to the Azure Resource Manager override parameters file or pass them as space delimited Key-Value Pairs.
  (See examples/Advanced.md)

Outputs

Every template output will be exported as output. For example the output is called containerName then it will be available with ${{ steps.STEP.outputs.containerName }}
For more Information see examples/Advanced.md.
Additionally are the following outputs available:

• deploymentName Specifies the complete deployment name which has been generated

Usage

- uses: whiteducksoftware/azure-arm-action@master
  with:
    creds: ${{ secrets.AZURE_CREDENTIALS }}
    resourceGroupName: <YourResourceGroup>
    templateLocation: <path/to/azuredeploy.json>
    deploymentName: <Deployment base name>

Create Service Principal for Authentication

The Service Principal can be easily generated using the Azure CLI. Using the following command will create the SP in the supported structure.
At Subscription Scope: az ad sp create-for-rbac --name "azure-arm-action" --role contributor --scopes=/subscriptions/********-****-****-****-************/ --sdk-auth -o json
The JSON, which shall be used for authentication, should be in the following format:

{
  "clientId": "********-****-****-****-************",
  "clientSecret": "[*]",
  "subscriptionId": "********-****-****-****-************",
  "tenantId": "********-****-****-****-************",
  "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
  "resourceManagerEndpointUrl": "https://management.azure.com/",
  "activeDirectoryGraphResourceId": "https://graph.windows.net/",
  "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
  "galleryEndpointUrl": "https://gallery.azure.com/",
  "managementEndpointUrl": "https://management.core.windows.net/"
}

Example

on: [push]
name: ARMActionSample

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - uses: whiteducksoftware/azure-arm-action@master
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
        resourceGroupName: <YourResourceGroup>
        templateLocation: <path/to/azuredeploy.json>
        parameters: <path/to/parameters.json> OR <KEY=VALUE>
        deploymentName: <Deployment base name>

For more advanced workflows see examples/Advanced.md.

Documentation

Overview

Copyright (c) 2020 white duck Gesellschaft für Softwareentwicklung mbH

This code is licensed under MIT license (see LICENSE for details)