Merge pull request #263668 from mumian/0119-github-action

prmerger-automator[bot] · web-flow · commit ea1ffa7184e1 · 2024-01-22T03:18:09.000Z
Refresh the Github action article
diff --git a/articles/azure-resource-manager/bicep/deploy-github-actions.md b/articles/azure-resource-manager/bicep/deploy-github-actions.md
@@ -1,18 +1,14 @@
 ---
 title: Deploy Bicep files by using GitHub Actions
 description: In this quickstart, you learn how to deploy Bicep files by using GitHub Actions.
-author: mumian
-ms.author: jgao
 ms.topic: conceptual
-ms.date: 08/22/2022
+ms.date: 01/19/2024
 ms.custom: github-actions-azure, devx-track-bicep
 ---
 
 # Quickstart: Deploy Bicep files by using GitHub Actions
 
-[GitHub Actions](https://docs.github.com/en/actions) is a suite of features in GitHub to automate your software development workflows.
-
-In this quickstart, you use the [GitHub Actions for Azure Resource Manager deployment](https://github.com/marketplace/actions/deploy-azure-resource-manager-arm-template) to automate deploying a Bicep file to Azure.
+[GitHub Actions](https://docs.github.com/en/actions) is a suite of features in GitHub to automate your software development workflows. In this quickstart, you use the [GitHub Actions for Azure Resource Manager deployment](https://github.com/marketplace/actions/deploy-azure-resource-manager-arm-template) to automate deploying a Bicep file to Azure.
 
 It provides a short introduction to GitHub actions and Bicep files. If you want more detailed steps on setting up the GitHub actions and project, see [Deploy Azure resources by using Bicep and GitHub Actions](/training/paths/bicep-github-actions).
 
@@ -26,38 +22,47 @@ It provides a short introduction to GitHub actions and Bicep files. If you want
 
 Create a resource group. Later in this quickstart, you'll deploy your Bicep file to this resource group.
 
+# [CLI](#tab/CLI)
+
 ```azurecli-interactive
 az group create -n exampleRG -l westus
 ```
 
+# [PowerShell](#tab/PowerShell)
+
+```azurepowershell-interactive
+New-AzResourceGroup -Name exampleRG -Location westus
+```
+
+---
+
 ## Generate deployment credentials
 
 # [Service principal](#tab/userlevel)
 
-Your GitHub Actions run under an identity. Use the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command to create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) for the identity.
-
-Replace the placeholder `myApp` with the name of your application. Replace `{subscription-id}` with your subscription ID.
+Your GitHub Actions run under an identity. Use the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command to create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) for the identity. Grant the service principal the contributor role for the resource group created in the previous session so that the GitHub action with the identity can create resources in this resource group. It is recommended that you grant minimum required access.
 
 ```azurecli-interactive
-az ad sp create-for-rbac --name myApp --role contributor --scopes /subscriptions/{subscription-id}/resourceGroups/exampleRG --sdk-auth
+az ad sp create-for-rbac --name {app-name} --role contributor --scopes /subscriptions/{subscription-id}/resourceGroups/exampleRG --json-auth
 ```
 
-> [!IMPORTANT]
-> The scope in the previous example is limited to the resource group. We recommend that you grant minimum required access.
+Replace the placeholder `{app-name}` with the name of your application. Replace `{subscription-id}` with your subscription ID.
 
-The output is a JSON object with the role assignment credentials that provide access to your App Service app similar to below. Copy this JSON object for later. You'll only need the sections with the `clientId`, `clientSecret`, `subscriptionId`, and `tenantId` values.
+The output is a JSON object with the role assignment credentials that provide access to your App Service app similar to below. 
 
 ```output
   {
     "clientId": "<GUID>",
     "clientSecret": "<GUID>",
     "subscriptionId": "<GUID>",
     "tenantId": "<GUID>",
-    (...)
+    ...
   }
 ```
-# [Open ID Connect](#tab/openid)
 
+Copy this JSON object for later. You'll only need the sections with the `clientId`, `clientSecret`, `subscriptionId`, and `tenantId` values. Make sure you don't have an extra comma at the end of the last line, for example, the `tenantId` line in the preceding example, or else it will result in an invalid JSON file. You will get an error during the deployment saying "Login failed with Error: Content is not a valid JSON object. Double check if the 'auth-type' is correct."
+
+# [Open ID Connect](#tab/openid)
 
 Open ID Connect is an authentication method that uses short-lived tokens. Setting up [OpenID Connect with GitHub Actions](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) is more complex process that offers hardened security.
 
@@ -107,7 +112,7 @@ Open ID Connect is an authentication method that uses short-lived tokens. Settin
 
 # [Service principal](#tab/userlevel)
 
-Create secrets for your Azure credentials, resource group, and subscriptions.
+Create secrets for your Azure credentials, resource group, and subscriptions. You will use these secrets in the [Create workflow](#create-workflow) section.
 
 1. In [GitHub](https://github.com/), navigate to your repository.
 
@@ -164,23 +169,22 @@ To create a workflow, take the following steps:
     # [Service principal](#tab/userlevel)
 
     ```yml
+    name: Deploy Bicep file
     on: [push]
-    name: Azure ARM
     jobs:
       build-and-deploy:
         runs-on: ubuntu-latest
         steps:
 
-          # Checkout code
-        - uses: actions/checkout@main
+        - name: Checkout code
+          uses: actions/checkout@main
 
-          # Log into Azure
-        - uses: azure/login@v1
+        - name: Log into Azure
+          uses: azure/login@v1
           with:
             creds: ${{ secrets.AZURE_CREDENTIALS }}
 
-          # Deploy Bicep file
-        - name: deploy
+        - name: Deploy Bicep file
           uses: azure/arm-deploy@v1
           with:
             subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }}
@@ -238,17 +242,16 @@ To create a workflow, take the following steps:
 
 
 
-1. Select **Start commit**.
+1. Select **Commit changes**.
 1. Select **Commit directly to the main branch**.
 1. Select **Commit new file** (or **Commit changes**).
 
 Updating either the workflow file or Bicep file triggers the workflow. The workflow starts right after you commit the changes.
 
 ## Check workflow status
 
-1. Select the **Actions** tab. You'll see a **Create deployStorageAccount.yml** workflow listed. It takes 1-2 minutes to run the workflow.
-1. Select the workflow to open it.
-1. Select **Run ARM deploy** from the menu to verify the deployment.
+1. Select the **Actions** tab. You'll see a **Create deployBicepFile.yml** workflow listed. It takes 1-2 minutes to run the workflow.
+1. Select the workflow to open it, and verify the `Status` is `Success`.
 
 ## Clean up resources
 
