CI/CD Pipeline for Azure App Services using GitHub Actions and Terraform

1. Set up GitHub Repository

• Create a GitHub repository containing your application code.

2. Create Service Principal for Terraform

• Create a service principal with Contributor access to your Azure subscription.
• Note down the client_id, client_secret, subscription_id, and tenant_id from the output

az ad sp create-for-rbac --name "terraform-sp" --role contributor \
  --scopes /subscriptions/{subscription_id}

3. Configure GitHub Secrets

• In your GitHub repository, go to Settings -> Secrets and add the following secrets:

ARM_CLIENT_ID: Azure Service Principal client_id

ARM_CLIENT_SECRET: Azure Service Principal client_secret

ARM_SUBSCRIPTION_ID: Azure Subscription ID

ARM_TENANT_ID: Azure AD Tenant ID

4. Create GitHub Actions Workflow

• Create a .github/workflows/deploy.yml file in your repository with the following content:

name: Deploy to Azure App Service

on:
  push:
    branches:
      - main

jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: 1.1.0
          cli_config_credentials_token: ${{ secrets.ARM_CLIENT_SECRET }}

      - name: Terraform Init
        run: terraform init

      - name: Terraform Plan
        run: terraform plan

      - name: Terraform Apply
        run: terraform apply -auto-approve
        env:
          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
          ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}

5. Push Changes and Trigger Deployment

Push your changes to the main branch. This triggers the GitHub Actions workflow defined above, which in turn deploys your application to Azure App Services.