oliverscheer.tech

Schlagwort: Azure

  • Login to Azure in a GitHub Action

    I’m creating solutions on GitHub for Azure, aiming to deploy them easily via GitHub Actions. To achieve this, you need to authorize GitHub securely, and writing credentials directly in the pipeline is not recommended.

    A better approach is to use a Service Principal and store the credentials as a GitHub Secret.

    If you prefer using Managed Identities, this is also possible but requires your own build agents. The standard public build agents of GitHub do not support Managed Identities.

    Step 1 – Create a Service Principal with Azure CLI

    There are several ways to create a Service Principal, but my preferred method is using the Azure CLI tool `az`.

    $subscriptionId='<yoursubscriptionid>'
$appName='<yourAppName>'
$resourceGroup='<yourResourceGroupName>'

az login
az account set -s $subscriptionId
az ad app create --display-name $appName
az ad sp create-for-rbac --name $appName `
    --role contributor `
    --scopes /subscriptions/$subscriptionId//resourceGroups/$resourceGroup

    Save the result securely, you never get the `clientSecret` value again.

    {
  "clientId": "******",
  "clientSecret": "******",
  "subscriptionId": "******",
  "tenantId": "******",
  ...
}

    You need exactly these four values; you can remove all others.

    Next, add the contributor role to this Service Principal. This allows the principal to create resources in an Azure Resource Group.

    az role assignment create --role contributor `
    --subscription $subscriptionId `
    --assignee-object-id $clientId `
    --assignee-principal-type ServicePrincipal `
    --scope /subscriptions/$subscriptionId/resourceGroups/$resourceGroup

    Step 2 – Store Azure Credentials in GitHub Secrets

    Take the JSON with the four values and go to GitHub –> Settings –> Secrets and Variables –> Actions –> Repository Settings. Add a new secret named `AZURE_CREDENTIALS`.

    You won’t be able to see these values again, but you can completely overwrite them with new values if needed.

    Step 3 – Use the Settings in GitHub Actions

    Use this secret to login within your GitHub Action.

    ```yaml
    - name: Azure Login
      uses: Azure/login@v2.0.0
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
```

    More Information

    The GitHub Action for Login into Azure: https://github.com/Azure/login

    Dokumentation: https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure

    Azure CLI Script: https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-1?tabs=bash

  • Calling an Azure Functions from the command line

    Calling an Azure Functions from the command line

    The Problem

    During a recent project I developed a solution that contains Azure Functions, that are deployed through a Azure DevOps Pipeline right after the infrastructure is created with bicep. For the final test in an Azure DevOps Pipeline/GitHub Actions, I aim to execute one of the newly installed Azure Functions to validate the installed/updated solution. If it runs successful, the deployment is validated and the pipeline can continue to run. Because all names are dynamically created through bicep, the path/name of the functions and all keys are also dynamic and randomized, and only available as bicep outputs.

    The Solution

    To obtain the URL and key of the Azure Functions Methods for testing purposes, I need to utilize the Azure CLI. The process involves retrieving the URL and key of the specific function to be called.

    The following PowerShell script streamlines this task:

    [CmdletBinding()]
param (
    [Parameter(Mandatory=$true)]
    [Alias('g')]
    [string]$resourceGroup,

    [Parameter(Mandatory=$true)]
    [Alias('fan')]
    [string]$functionAppName,

    [Parameter(Mandatory=$true)]
    [Alias('fn')]
    [string]$functionName
)

Write-Host "Test Solution"
Write-Host "- resourceGroup         : $resourceGroup"
Write-Host "- functionAppName       : $functionAppName"
Write-Host "- functionName          : $functionName"

# Get Url
$jsonResponse=az functionapp function show `
    --name $functionAppName `
    --resource-group $resourceGroup `
    --function-name $functionName
$decodedObject = $jsonResponse | ConvertFrom-Json
$url = $decodedObject.invokeUrlTemplate

# Get Key
$jsonResponse=az functionapp function keys list `
    --name $functionAppName `
    --resource-group $resourceGroup `
    --function-name $functionName
$decodedObject = $jsonResponse | ConvertFrom-Json
$key = $decodedObject.default

# Invoke
$invokeUrl=$url+"?code="+$key

$response = Invoke-RestMethod -Uri $invokeUrl -Method Post
Write-Host $response
Write-Host $response.StatusCode

return $response

    Invoke this function in PowerShell using:

    .\Test-Azure-Function.ps1 `
    -resourceGroup <myresourcegroup> `
    -functionAppName <myfunctionapp> `
    -functionName <myfunction>

    `This script enables me to check the solution by calling the an Azure Function that runs some internal checks. Hope that helps you.