Deploy a VM to Azure using GitHub Actions

hi everybody my name is Sarah lien and I McCloud advocate Microsoft I’ve been in the IT industry for a number of years now and I’m formally and that IT Pro or infrastructure engineer camp now I’m used to deploying servers physically so getting my hands dirty and actually install and service interact but over the years I’ve transitioned from doing that and to actually deploying servers via code and recently I’ve been looking at how I can automate deployment of virtual machines with an azure using github actions now I get hub actions is something that was launched at the end of 2019 and it was designed to help automate workflows in the same place that you store your cord and you collaborate with others so when the short video I’m going to take you through the code and the steps that I took in order to use github actions to deploy my agile virtual machine so here we are and my github repository and we have several files and folders within it we have the dog github slash workflows folder and we have the IAC or infrastructure as code slash is a CLI folder now and say these folders are several files and the workflows folder we have a file called what fluid dot yml the workflow fail is actually where we’d instruct the github action to carry out the steps for us and my easy CLI folder I have a file called VM creation dot ps1 and that’s a PowerShell script that runs the creation for the virtual machine and the associated resources at Rome de to be created with an azure see here we are in Visual Studio code on my laptop now I’ve cloned the github repo down onto my laptop so that I can work with it and the cord and in facial studio chord and you can see I have the same fails and the same folders that we we spoke about when we’re on and they get hub website so we take the VM creation drop PS one fail and have a look at it we can dissect it and understand it freely at the start I’ve declared a bunch of parameters and you can see these are things like service principle as your subscription name admin logon admin password and all of these parameters are mandatory all of the warmest parameters need to be there in order for the script to fully run and to be fully successful in its run when we scroll down we can see that there’s four different sections to their script there’s a section called logon as a section called subscription we’ve got creating resource group and we’ve also got create virtual machine so if we dive into each of those four sections and have a look at what they do the login section actually logs I sent or as your subscription and we’re using an azure service principle to do that and we’re doing that because it’s based practice we don’t want to be using our own username and password credentials here know the service principle has the right permissions within our Azure subscription to be able to deploy the necessary resource grip and resources the next section of the cord is pecking the Azure subscription we want to deploy these resources and because they flake me you have multiple subscriptions and access to those you want to make sure you’re actually deploying the rules while she’s in the race subscription the thaad section creates a resource group and it creates it based on the name parameter and the region parameter and we do this because the resource group has to exist before we actually create any new sources within it and the last section I should imagine is that actually the section that creates the virtual machine and it creates it within that resource group that we created and the step above now I’m creating a very simple as a virtual machine here I’m creating it based on default Windows image so using the Windows 2016 data center operating system image that has both built in to Asha and I’m just passing in the server name and the username and password for it as well you can obviously deploy virtual machines and a much more complex way but in terms of being able to work through github actions and learn from it we’re keeping it very simple in terms of what we’re deploying resource wise now let’s switch over and look at our workflow fail and what it actually does within the get up actions again within the script we have different sections so let’s break them all down and look at them individually and make sure we understand what it’s doing as it goes through so the first section is just the metadata but that’s where we call this workflow something the next section is declaring environment variables and we’re just declaring the output path that’s just really the working space the working directly for the skip hop action the next section is the trigger section and we’ve specified that when we push code to a github repo it triggers the github action and it works through that’s work for now you can change this you can do it to a pool you can do it to commit those various different triggers that you can use push again is just keeping it very basic that whenever we change the cord with a nugget hug brief oh that’s action triggers now the next section is called jobs and it breaks up into a couple a section itself so the first section is where we give this job a name so we’ve just called it deploy evm and we’ve said that we want to run this workflow on the windows latest platform now that’s basically just saying that we want a Windows environment and we execute all of our code within that Windows environment you could select Linux or you could even select microwaves for it as we have a per shell script windows makes the more sense for this example we then start to clear the steps that we actually want this workflow to catio so my first step is to check out the code from that repository and that’s basically taking the code from github and then putting into that workspace or working directory that we talked about earlier now my next section is to change my working directory so it’s it’s specifying we need to go and look for the PowerShell script and we’re just changing the working directory so we’re saying we’re in the default workspace but look for a folder called IEC and then look for a folder called easy CLI and that’s where our pearl shell script will be once it’s changed it’s working directory we want the workflow to actually run our script and we can see we’ve got different sections again and there step now we call it provision virtual machine and Azure then we declare some environment variables you can see here I’m declaring my resource name my resource group region that’ll be deployed in the virtual machine name and the admin login account name and then we say run Despero show command and you can see it’s quite a long per shell command that is actually running and it’s basically run PowerShell and run that PowerShell script that VM creation script that we looked at earlier and passing these fallen parameters the service principle the service principle Secret Service principle 1090 he has a subscription name the resource group name resource group name region the server name the admin logon an admin password now you’ll have noticed I only declared a four of my variables or parameters within a small section and plain text the rest are being pulled from somewhere called secrets and this is because those bits of information are really sensitive and I don’t want to be sharing them with the general public I’m happy to share my resource group name and my admin login name and those are just fairly innocuous bits of data but there are some things like my service principal ID Service principal secret I don’t want to be using and sharing with the public so we store them and the github actions secret repository if we switch over to the github website we can have a look at that so with then I’ll get probably purple we go into settings and then we click on secrets and we can see here that we have a bunch of secrets are very stored and they’re just the ones that we saw in the script so the admin password the service principal ID and these are all stored in an encrypted manner and that way that the github actions can actually pull out the secret information but no one else can see this data so when someone Forks our github repository they aren’t getting the secrets as with them so they’d have to clear their own secrets and say oh that one secret so if we switch back to our code if we want to trigger let’s get hub action and this workflow so I’m going to do is change the resource group region that I want there’s a virtual machine to be deployed in and I’m going to change it to the U key so I then use Visual Studio code to commit that change to my cord and then I push it up into the repository now if we switch back to get home we can go into the actions tab and we can start to see that workflow working and you can see it’s running here and it runs up it sets up the job it’s checked out the repo it’s looked for the PSone fail and I’ve sped this up a bit but eventually provisions the virtual machine and you can see the running times down the right-hand side so it took two minutes to create that virtual machine so if we switch over to her portal we can actually see that resource we can see that resource group we can see it being deployed to the UK so and we can see the virtual machine and the relative technologies around it being deployed as well and there you have it and a drive virtual machine deploy from cord that stored and github and then github actions actually implement in that cord now the way I’ve deployed my as a virtual machine isn’t the way I would recommend that you deploy virtual machines in a production environment but from my getting started point of view it’s a great use case example to be using now I’ll post a link in the description box to my code repository so you can give it a go yourself and please do try it out please though reach out as well to share your stories about github actions and how you’re using it within your environment to deploy your mpus torture thank you for watching you .