This article explains how to perform a discovery of your existing Azure environment. Then, as part of the discovery process, your GitHub will reflect your current Azure environment consisting of Management Group, Subscriptions, Policy Definitions and Policy Assignments.
Your repo should contain a GitHub Action .github/workflows/azops-pull.yml that can pull the current platform configuration state from Azure.
Before invoking this action, please ensure Actions are enabled for your repo.
AzOps is maintained at https://github.com/Azure/azops.
Depending on your preferred approach, there are a number of methods you can use to trigger the AzOps action in GitHub, including:
- Github Actions web page
- Github Cli
- PowerShell
- Bash
These are documented in the following section:
- Browse to the Actions tab of your repository at:
github.com/<github_username>/<repository_name>/actions
use this link to navigate to the workflow in this repository. - From the list of Workflow, select
AzOps-Pull
- Select
Run workflow
- Check the branch and trigger entries
- Click the
Run workflow
button
gh api -X POST repos/<github_username>/<repository_name>/dispatches --field event_type="GitHub CLI"
$GitHubUserName = "<github_username>"
$GitHubPAT = "<pat_token>"
$GitHubRepoName = "<repository_name>"
$uri = "https://api.github.com/repos/$GitHubUserName/$GitHubRepoName/dispatches"
$params = @{
Uri = $uri
Headers = @{
"Accept" = "application/vnd.github.everest-preview+json"
"Content-Type" = "application/json"
"Authorization" = "Basic $([Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $GitHubUserName,$GitHubPAT))))"
}
Body = @{
"event_type" = "PowerShell"
} | ConvertTo-Json
}
Invoke-RestMethod -Method "POST" @params
curl -u "<github_username>:<pat_token>" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/<github_username>/<repository_name>/dispatches --data '{"event_type": "Bash"}'
Please check progress in the GitHub repo in the Actions tab and wait for it complete.
The following steps will be executed automatically to ensure that the current Azure environment is represented in your GitHub repository:
- Current Management Group, Subscriptions, definitions and assignments are discovered and RESTful representation of the resources are saved as ARM template parameters file.
- If changes are detected which are not represented in your
main
branch, it will createsystem
branch representing your current configuration as ARM templates parameter file. - Create a Pull Request (PR) with the name
Azure Change Notification
(system
->main
)
Once the discovery process has completed, select the PR that was automatically created (Azure Change Notification
). Verify the changes discovered by clicking in the Files tab within the PR. In order to accept these changes into your main
branch:
- Squash & merge PR into
main
branch. - Delete
system
branch.
The current Azure environment is now represented in the azops
folder of the main branch. You can invoke this action at any time, when you want to retrieve current Azure configuration when you suspect configuration drift due to OOB changes in Azure.
Once GitHub will reflect your existing Azure environment, you can deploy a new Policy Assignment.