0% found this document useful (0 votes)

6 views9 pages

CI CD GitHubActions Azure

CI_CD_GitHubActions_Azure

Uploaded by

Wahyu Cahyadi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

6 views9 pages

CI CD GitHubActions Azure

CI_CD_GitHubActions_Azure

Uploaded by

Wahyu Cahyadi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 9

Panduan CI/CD GitHub Actions untuk Microsoft Azure

Mencakup OIDC (Federated Credentials), build & push image ke Azure Container Registry (ACR), deploy
ke Azure Web App for Containers, AKS (Kubernetes), dan Azure Functions—plus best practices.
Pendahuluan & Prasyarat
Dokumen ini memandu pembuatan pipeline CI/CD di GitHub Actions yang melakukan: (1) build & test, (2)
build/push container ke Azure Container Registry (ACR), (3) deployment ke layanan Azure (Web App for
Containers, AKS, atau Functions). Kita menggunakan OIDC (Federated Credentials) sehingga runner
GitHub dapat mengakses Azure tanpa menyimpan secret client secret panjang.

Prasyarat singkat: Subscription Azure aktif, Resource Group, ACR, App Service/AKS/Function App;
buat Federated Credential di Entra ID untuk GitHub OIDC.
Diagram Alur Pipeline
Konfigurasi OIDC GitHub → Azure (Federated Credentials)
1) Di Microsoft Entra ID (Azure AD), buat App Registration untuk GitHub Actions (atau gunakan yang
ada).
2) Buat Federated credential bertipe GitHub OIDC; batasi subject (mis.
repo:org/repo:ref:refs/heads/main).
3) Beri peran ke App Registration (Service Principal) minimal: AcrPush pada ACR, Contributor/WebSite
Contributor untuk App Service, atau akses AKS melalui Azure RBAC for Kubernetes / kubeconfig; untuk
Functions berikan Contributor di Resource Group terkait.
4) Catat client-id, tenant-id, dan subscription-id; simpan sebagai unencrypted variables atau secrets di
GitHub.
Contoh 1 — CI Dasar ([Link]) + Build & Test
File: .github/workflows/[Link]
name: CI - Build & Test ([Link])
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

jobs:
build-test:
runs-on: ubuntu-latest
strategy:
matrix:
node: [18.x, 20.x]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ [Link] }}
cache: 'npm'
- name: Install deps
run: npm ci
- name: Lint
run: npm run lint --if-present
- name: Unit test
run: npm test -- --ci
- name: Upload coverage
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage-${{ [Link] }}
path: coverage/**
Contoh 2 — Build & Push ke ACR, Deploy ke Azure Web
App for Containers
File: .github/workflows/[Link]
name: CD - ACR + Azure Web App for Containers
on:
push:
branches: [ main ]
workflow_dispatch:

permissions:
contents: read
id-token: write

env:
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
ACR_NAME: myacrname
ACR_LOGIN_SERVER: [Link]
WEBAPP_NAME: my-webapp # Web App for Containers
IMAGE_NAME: my-app

jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Azure Login (OIDC)

uses: azure/login@v2
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: ACR Login

run: az acr login --name $ACR_NAME

- name: Build & Push Image

run: |
IMAGE_TAG=${{ [Link] }}
docker build -t $ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG .
docker push $ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG
echo "ACR_IMAGE=$ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG" >> $GITHUB_ENV

- name: Deploy to Web App for Containers

uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.WEBAPP_NAME }}
images: ${{ env.ACR_IMAGE }}
Contoh 3 — Build & Push ke ACR, Deploy ke AKS (kubectl)
File: .github/workflows/[Link]
name: CD - ACR + AKS
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:

permissions:
contents: read
id-token: write

env:
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
ACR_LOGIN_SERVER: [Link]
IMAGE_NAME: my-app
AKS_RG: my-aks-rg
AKS_CLUSTER: my-aks-cluster
K8S_NAMESPACE: default
K8S_DEPLOYMENT: app

jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Azure Login (OIDC)

uses: azure/login@v2
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: Build & Push Image to ACR

run: |
IMAGE_TAG=${{ github.ref_name }}
docker build -t $ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG .
az acr login --name $(echo $ACR_LOGIN_SERVER | cut -d'.' -f1)
docker push $ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG
echo "ACR_IMAGE=$ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG" >> $GITHUB_ENV

- name: Set AKS context

uses: azure/aks-set-context@v4
with:
resource-group: ${{ env.AKS_RG }}
cluster-name: ${{ env.AKS_CLUSTER }}

- name: Deploy to AKS

run: |
kubectl -n $K8S_NAMESPACE set image deployment/$K8S_DEPLOYMENT app=$ACR_IMAGE
kubectl -n $K8S_NAMESPACE rollout status deployment/$K8S_DEPLOYMENT --timeout=180s
Contoh 4 — Deploy ke Azure Functions
File: .github/workflows/[Link]
name: CD - Azure Functions
on:
push:
branches: [ main ]

permissions:
contents: read
id-token: write

env:
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
FUNCTIONAPP_NAME: my-func-app
# untuk Python: python-version, untuk Node: node-version

jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Azure Login (OIDC)

uses: azure/login@v2
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}

- name: Setup Functions Core Tools (via npm)

run: |
npm install -g azure-functions-core-tools@4 --unsafe-perm true

- name: Build (opsional, tergantung bahasa)

run: echo "Run build/test sesuai stack."

- name: Deploy
run: |
func azure functionapp publish $FUNCTIONAPP_NAME --nozip
Best Practices Pipeline GitHub Actions di Azure
• Gunakan OIDC + Federated Credentials; hindari menyimpan client secret panjang.
• Pisahkan pipeline CI (lint/test/build) dengan CD (rilis/deploy) dan gunakan environments untuk
approval produksi.
• Terapkan least privilege untuk Service Principal (AcrPush, WebApp Contributor, AKS RBAC sesuai
kebutuhan).
• Manfaatkan cache & artifact; tagging image pakai sha atau semver yang konsisten.
• Tambahkan langkah security scan (Trivy/Snyk), SBOM, dan pengecekan infrastructure drift bila
memakai Bicep/Terraform.
• Monitoring & Observability: Application Insights, Azure Monitor, Log Analytics; aktifkan health probe dan
rollout/rollback terkontrol untuk AKS.

CI CD Guide With GitHub Actions
No ratings yet
CI CD Guide With GitHub Actions
7 pages
CI CD GitHubActions GCP
No ratings yet
CI CD GitHubActions GCP
9 pages
CI CD GitHubActions AWS
No ratings yet
CI CD GitHubActions AWS
9 pages
I Have 4 Repositories in Github - 1. Frontend - Next
No ratings yet
I Have 4 Repositories in Github - 1. Frontend - Next
5 pages
Azure DevOps Document
No ratings yet
Azure DevOps Document
7 pages
Commands To Install Kubernets Master+Worker
No ratings yet
Commands To Install Kubernets Master+Worker
6 pages
CICD Pipelines For Different Deployment Stratgeies
100% (1)
CICD Pipelines For Different Deployment Stratgeies
12 pages
1750022699019
No ratings yet
1750022699019
8 pages
Multi-Stage Azure Deployment Workflow
No ratings yet
Multi-Stage Azure Deployment Workflow
2 pages
Azure
No ratings yet
Azure
58 pages
LAB 09b-Implement Azure Container Instances
No ratings yet
LAB 09b-Implement Azure Container Instances
3 pages
Azure COntainer Registry 01.2022
No ratings yet
Azure COntainer Registry 01.2022
486 pages
Cloud Run Deployment Guide
No ratings yet
Cloud Run Deployment Guide
3 pages
Deploying
No ratings yet
Deploying
6 pages
CI CD GitLab Guide
No ratings yet
CI CD GitLab Guide
8 pages
Deployment Steps
No ratings yet
Deployment Steps
17 pages
Azure DevOps Build and Release Pipelines 1
100% (1)
Azure DevOps Build and Release Pipelines 1
13 pages
Azure and GitHub Integration
No ratings yet
Azure and GitHub Integration
25 pages
What Is Azure Pipelines PDF
No ratings yet
What Is Azure Pipelines PDF
1,968 pages
3
No ratings yet
3
2 pages
AzurePipeline PDF
No ratings yet
AzurePipeline PDF
1,671 pages
Azure Web Apps & DevOps Lab Guide
No ratings yet
Azure Web Apps & DevOps Lab Guide
6 pages
2.1 Creating Container Apps Backend and Frontend Using Azure CLI
No ratings yet
2.1 Creating Container Apps Backend and Frontend Using Azure CLI
6 pages
Basic CI - CD Pipeline For Microservices-Based Application
100% (1)
Basic CI - CD Pipeline For Microservices-Based Application
14 pages
Streamlining E-Commerce Deployment
No ratings yet
Streamlining E-Commerce Deployment
6 pages
Docker 1
No ratings yet
Docker 1
5 pages
Monisha Phase3
No ratings yet
Monisha Phase3
5 pages
CI CD Pipeline With Terraform On Azure
No ratings yet
CI CD Pipeline With Terraform On Azure
9 pages
Assignment Submission Report PDF
No ratings yet
Assignment Submission Report PDF
8 pages
Https Bestdotnettraining - Azureedge.net Documents Kubernetes 9 Azure Kubernetes Service (AKS) 9 Azure Kubernetes Service (AKS)
No ratings yet
Https Bestdotnettraining - Azureedge.net Documents Kubernetes 9 Azure Kubernetes Service (AKS) 9 Azure Kubernetes Service (AKS)
12 pages
Kubernetes Canary Deployment Guide
No ratings yet
Kubernetes Canary Deployment Guide
12 pages
AI Agent Deployment Steps
No ratings yet
AI Agent Deployment Steps
3 pages
Module 8 Hometask
No ratings yet
Module 8 Hometask
6 pages
Workflow of Github
No ratings yet
Workflow of Github
2 pages
Automating Infrastructure Deployments in The Cloud With Terraform and Azure Pipelines - Azure DevOps Hands-On-Labs
No ratings yet
Automating Infrastructure Deployments in The Cloud With Terraform and Azure Pipelines - Azure DevOps Hands-On-Labs
11 pages
SCD Exam Guide
No ratings yet
SCD Exam Guide
15 pages
Azure Pipelines Guide: Setup & Deployment
No ratings yet
Azure Pipelines Guide: Setup & Deployment
2,106 pages
Front End
No ratings yet
Front End
2 pages
Azure Servicebus Functions Terraform
No ratings yet
Azure Servicebus Functions Terraform
9 pages
Automate Cloud Deployments with Terraform
No ratings yet
Automate Cloud Deployments with Terraform
12 pages
AWS EC2 Node Deployment Guide
No ratings yet
AWS EC2 Node Deployment Guide
12 pages
Azure Pipeline: Build & Deploy API
No ratings yet
Azure Pipeline: Build & Deploy API
3 pages
Ci Yaml
No ratings yet
Ci Yaml
2 pages
Week 4 CC
No ratings yet
Week 4 CC
7 pages
Azure DevOps Workflow
No ratings yet
Azure DevOps Workflow
5 pages
Deploy App to Amazon EKS via GitHub Actions
No ratings yet
Deploy App to Amazon EKS via GitHub Actions
51 pages
Client Recommended Approach Example
No ratings yet
Client Recommended Approach Example
12 pages
OpenShift GitOps Technical Deep Dive
100% (1)
OpenShift GitOps Technical Deep Dive
51 pages
CI/CD Pipeline Automation Guide
No ratings yet
CI/CD Pipeline Automation Guide
11 pages
CI and CD
No ratings yet
CI and CD
12 pages
Name
No ratings yet
Name
6 pages
100 Azure DevOps Interview Questions by DevOps Shack
No ratings yet
100 Azure DevOps Interview Questions by DevOps Shack
35 pages
Cicdpieplinegithubtovmusingzipfilear
No ratings yet
Cicdpieplinegithubtovmusingzipfilear
33 pages
Kubernetes CI/CD Deployment Guide
No ratings yet
Kubernetes CI/CD Deployment Guide
44 pages
AzureDEVOPS Pipeline
100% (4)
AzureDEVOPS Pipeline
1,055 pages
Phase 2
No ratings yet
Phase 2
8 pages
Hamza Phase 4
No ratings yet
Hamza Phase 4
7 pages
Ai - Unit 5 - PPT - MMB
No ratings yet
Ai - Unit 5 - PPT - MMB
36 pages
Nadir Exploration v1
No ratings yet
Nadir Exploration v1
12 pages
TE Mini Project Report Format
No ratings yet
TE Mini Project Report Format
5 pages
Power Platform Developer
No ratings yet
Power Platform Developer
7 pages
Amazon Business Analysis and Strategy
No ratings yet
Amazon Business Analysis and Strategy
11 pages
Create Reports in ArcGIS Pro Guide
No ratings yet
Create Reports in ArcGIS Pro Guide
5 pages
College Algebra Review For Final
No ratings yet
College Algebra Review For Final
6 pages
Artificial Intelligence PB-I Blue Print (AI) 2024-25
No ratings yet
Artificial Intelligence PB-I Blue Print (AI) 2024-25
2 pages
SC Series - SC3020 Replacement-Hard Drives
No ratings yet
SC Series - SC3020 Replacement-Hard Drives
5 pages
Simplifying NAC for CISOs
No ratings yet
Simplifying NAC for CISOs
23 pages
R Programming Experment For Data Science
No ratings yet
R Programming Experment For Data Science
12 pages
Directions: Find The Domain and Range For Each Function
No ratings yet
Directions: Find The Domain and Range For Each Function
3 pages
Emission Tomography 510(k) Guidance
No ratings yet
Emission Tomography 510(k) Guidance
25 pages
Advanced Rudolf Digital Power Analyzer
No ratings yet
Advanced Rudolf Digital Power Analyzer
8 pages
How To Disable Shift Key MS-Access
No ratings yet
How To Disable Shift Key MS-Access
3 pages
License & Registration Details - Parivahan Sewa - Ministry of Road Transport & Highways, Government of India
No ratings yet
License & Registration Details - Parivahan Sewa - Ministry of Road Transport & Highways, Government of India
2 pages
ICT-Gr9-Worksheet 03
No ratings yet
ICT-Gr9-Worksheet 03
6 pages
What Is CPRI & eCPRI?
0% (1)
What Is CPRI & eCPRI?
4 pages
C Programming New Nba Format
No ratings yet
C Programming New Nba Format
13 pages
Tic Tac Toe Game A Major Project Report: Post Graduate Government College For Girls Sector-11, Chandigarh Affiliated To
No ratings yet
Tic Tac Toe Game A Major Project Report: Post Graduate Government College For Girls Sector-11, Chandigarh Affiliated To
6 pages
Class 6
No ratings yet
Class 6
53 pages
Marsaglia 1964
No ratings yet
Marsaglia 1964
5 pages
BTC Wallet Private Keys
No ratings yet
BTC Wallet Private Keys
223 pages
Cloud-Based Building Data Integration
No ratings yet
Cloud-Based Building Data Integration
14 pages
Introducing Apple Watch Series 9 and Apple Watch Ultra 2
No ratings yet
Introducing Apple Watch Series 9 and Apple Watch Ultra 2
9 pages
Index: (You Can Jump To The Question by Clicking On It)
No ratings yet
Index: (You Can Jump To The Question by Clicking On It)
29 pages
Notes - 1056 - Unit I
No ratings yet
Notes - 1056 - Unit I
54 pages
GR QR Code Printing Debugging
No ratings yet
GR QR Code Printing Debugging
18 pages
Understanding AI Technology
No ratings yet
Understanding AI Technology
20 pages
Cyber Clauses Update 5 March 2024
No ratings yet
Cyber Clauses Update 5 March 2024
7 pages

CI CD GitHubActions Azure

Uploaded by

CI CD GitHubActions Azure

Uploaded by

Panduan CI/CD GitHub Actions untuk Microsoft Azure

- name: Azure Login (OIDC)

- name: ACR Login

- name: Build & Push Image

- name: Deploy to Web App for Containers

- name: Azure Login (OIDC)

- name: Build & Push Image to ACR

- name: Set AKS context

- name: Deploy to AKS

- name: Azure Login (OIDC)

- name: Setup Functions Core Tools (via npm)

- name: Build (opsional, tergantung bahasa)

You might also like