Part 3: Create GitHub Actions Workflow for CI/CD
ferozekhan
Step 1: Add Secrets to GitHub
Go to your GitHub Project Repository → Settings → Secrets → Actions:
Add GitHub secrets:
Go to your GitHub repo > Settings > Secrets > Actions
Add these secrets that will be consumed when the GitHub Actions CI/CD pipeline runs:
AZURE_CLIENT_ID: Enter the Application (Client) ID that you have captured in Part 2 of the seriesAZURE_TENANT_ID: Your Azure AD Tenant IDAZURE_SUBSCRIPTION_ID: Your Azure Subscription ID
AZURE_TENANT_ID: To find the Azure Tenant ID run the below Azure CLI command
az account show --query tenantId -o tsv
AZURE_SUBSCRIPTION_ID: To find the Azure Subscription ID run the below Azure CLI command
az account show --query id -o tsv
Step 2: Add GitHub Actions Workflow and commit to the Repository
Create .github/workflows/main_webappdemo267.yml:
# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy ASP.Net Core app to Azure Web App - webappdemo267
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: windows-latest
permissions:
contents: read #This is required for actions/checkout
steps:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
- name: Build with dotnet
run: dotnet build --configuration Release
- name: dotnet publish
run: dotnet publish -c Release -o "${{env.DOTNET_ROOT}}/myapp"
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v4
with:
name: .net-app
path: ${{env.DOTNET_ROOT}}/myapp
deploy:
runs-on: windows-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
permissions:
id-token: write #This is required for requesting the JWT
contents: read #This is required for actions/checkout
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v4
with:
name: .net-app
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: 'webappdemo267'
slot-name: 'Production'
package: .
Step 3: Verify the Setup
Once the GitHub Actions workflow file has been pushed to the GitHub repository, this should automatically execute the Deployment Pipeline as part of GitHub workflow
Check Azure Portal Activity Log to verify the deployment was successful
You may now commit changes to the Web App as described HERE and push the changes to the GitHub repository, the changes will be automatically deployed to the Azure App Service Resources as part of the GitHub Action pipeline.
I will now make changes to the Home components in order to modify the Homepage for my Web App
Commit and push the changes to your GitHub repository
This has now triggered an automated deployment to Azure Web App as part of the CI-CD Pipeline
Let us now Browse our Web App on Azure to ensure that the changes have been deployment to our Azure Web App
Optional: Fine-Tuning Access
For more granular access:
Instead of Contributor role, assign specific roles needed
Limit scope to specific resource groups if not at the Web App level
Final Outcome
You have a working Blazor app hosted on Azure App Service
Secure GitHub OIDC integration (no client secrets)
Automated deployment via GitHub Actions
If you wish to read the Part 1 of this 3 Part Series, please refer HERE
If you wish to read the Part 2 of this 3 Part Series, please refer HERE
Subscribe to my newsletter
Read articles from ferozekhan directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by