Skip to content
play

GitHub Action

ARM Action

V6 Pre-release

ARM Action

play

ARM Action

Automate your GitHub workflows using Azure CLI scripts to deploy ARM Templates

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: ARM Action

              
  uses: apoorv33/azure-arm@V6
Learn more about this action in apoorv33/azure-arm

Choose a version

GitHub Action for Azure Resource Manager

With ARM GitHub Action, you can automate your workflow by executing Azure CLI commands to deploy ARM templates and manage Azure resources.

The action executes the Azure CLI Bash script on a user defined Azure CLI version. If the user does not specify a version, latest CLI version is used. Read more about various Azure CLI versions here.

  • azcliversionOptional Example: 2.0.72, Default: latest
  • locationRequired
  • resource-groupRequired
  • template-file or template-uriRequired Either the local template location or the template URI must be provided
  • parametersOptional

The definition of this GitHub Action is in action.yml. The action status is determined by the exit code returned by the script rather than StandardError stream.

Sample workflow

Dependencies on other GitHub Actions

  • Azure LoginRequired Login with your Azure credentials
  • CheckoutRequired To execute the scripts present in your repository

Workflow to execute an AZ CLI script for template deployment using template location

# File: .github/workflows/workflow.yml

on: [push]

name: AzureARMSample

jobs:

  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    
    - name: Azure Login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    - name: Checkout
      uses: actions/checkout@v1
      
    - name: Azure ARM Deployment
      uses: azure/ARM@v1
      with:
        azcliversion: 2.0.72
        inlineScript: |
          az group create --location $REPLACE_THIS_WITH_LOCATION --name $REPLACE_THIS_WITH_RESOURCE_GROUP
          az group deployment create --resource-group $REPLACE_THIS_WITH_RESOURCE_GROUP --template-file $REPLACE_THIS_WITH_TEMPLATE_FILE

Workflow to execute an AZ CLI script for template deployment using template URI

# File: .github/workflows/workflow.yml

on: [push]

name: AzureARMSample

jobs:

  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    
    - name: Azure Login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    - name: Checkout
      uses: actions/checkout@v1
      
    - name: Azure ARM Deployment
      uses: azure/ARM@v1
      with:
        azcliversion: 2.0.72
        inlineScript: |
          az group create --location $REPLACE_THIS_WITH_LOCATION --name $REPLACE_THIS_WITH_RESOURCE_GROUP
          az group deployment create --resource-group $REPLACE_THIS_WITH_RESOURCE_GROUP --template-uri REPLACE_THIS_WITH_TEMPLATE_URI

Workflow to execute an AZ CLI script for template deployment with parameter files

# File: .github/workflows/workflow.yml

on: [push]

name: AzureARMSample

jobs:

  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    
    - name: Azure Login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    - name: Checkout
      uses: actions/checkout@v1
      
    - name: Azure CLI script
      uses: azure/CLI@v1
      with:
        azcliversion: 2.0.72
        inlineScript: |
          az group create --location $REPLACE_THIS_WITH_LOCATION --name $REPLACE_THIS_WITH_RESOURCE_GROUP
          az group deployment create --resource-group $REPLACE_THIS_WITH_RESOURCE_GROUP --template-file REPLACE_THIS_WITH_TEMPLATE_FILE --parameters REPLACE_THIS_WITH_PARAMETER_JSON_FILE
  • GITHUB_WORKSPACE is the environment variable provided by GitHub which represents the root of your repository.

Configure Azure credentials as GitHub Secret:

To use any credentials like Azure Service Principal,add them as secrets in the GitHub repository and then use them in the workflow.

Follow the steps to configure the secret:

  • Define a new secret under your repository settings, Add secret menu
  • Store the output of the below az cli command as the value of secret variable 'AZURE_CREDENTIALS'
   az ad sp create-for-rbac --name "myApp" --role contributor \
                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
                            --sdk-auth
                            
  # Replace {subscription-id}, {resource-group} with the subscription, resource group details

  # The command should output a JSON object similar to this:

  {
    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",
    (...)
  }
  • Now in the workflow file in your branch: .github/workflows/workflow.yml replace the secret in Azure login action with your secret (Refer to the example above)

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.