Blog / Using GitHub Actions to Publish Static Sites to Azure

November 17, 2021
in
Microsoft

This site is hosted on Microsoft Azure. Its source code is stored in GitHub on a free tier, which allows me to run GitHub actions to publish the site whenever I merge any code into my main branch. Last week I ran into an issue publishing Xenobell and wanted to share the solution I discovered.

What went wrong

The “latest” version of azcliversion had a bug (… and then today it didn’t)
Something happened with permissions such that the “Contributor” role didn’t cover blog storage and CDN

Generating credentials

This is the command I use in Azure Shell to generate credentials for the AZURE_CREDENTIALS_STORAGE secret. Replace the all-caps sections with your own subscription ID and resource name.

az ad sp create-for-rbac --name "GitHubStorage" --role "Storage Blob Data Contributor" --scopes /subscriptions/MY-SUBSCRIPTION-GUID/resourceGroups/MY-RESOURCE-GROUP --sdk-auth

Same here for the AZURE_CREDENTIALS_CDN secret.

az ad sp create-for-rbac --name "GitHubCDN" --role "CDN Endpoint Contributor" --scopes /subscriptions/MY-SUBSCRIPTION-GUID/resourceGroups/MY-RESOURCE-GROUP --sdk-auth

GitHub action

I know, I know, it’s terrible to delete all my content before uploading new stuff. I haven’t figured out how to delete only files older than X minutes. Plus, this site has very little traffic and I don’t publish that often.

Want to hear something funny? I was all set to publish this article, but it turns out the 2.29.2 version didn’t work today! After a few attempts I went back to the latest version and it’s working again! Ugh. Be careful with your azcliversion numbers, everyone.

# .github/workflows/actions.yml
on:
    push:
        branches:
            - main

jobs:
    upload:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout repository
              uses: actions/checkout@v2

            - name: Setup Node.js
              uses: actions/setup-node@v1
              with:
                  node-version: "12.x"

            - name: NPM install
              run: npm install

            - name: Build
              run: npm run build

            - name: Login to Azure Storage
              uses: Azure/login@v1
              with:
                  creds: ${{ secrets.AZURE_CREDENTIALS_STORAGE }}

            - name: Delete blob files
              uses: Azure/cli@v1
              with:
                  azcliversion: latest
                  inlineScript: |
                                            az storage blob delete-batch -s \$web --account-name ${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }} --auth-mode login

            - name: Upload to blob storage
              uses: Azure/cli@v1
              with:
                  azcliversion: latest
                  inlineScript: |
                                            az storage blob upload-batch -s $GITHUB_WORKSPACE/public -d \$web --account-name ${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }} --auth-mode login

            - name: Login to Azure CDN
              uses: Azure/login@v1
              with:
                  creds: ${{ secrets.AZURE_CREDENTIALS_CDN }}

            - name: Purge CDN
              uses: Azure/cli@v1
              with:
                  azcliversion: latest
                  inlinescript: |
                                            az cdn endpoint purge -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} -n ${{ secrets.AZURE_ENDPOINT_NAME }} --profile-name ${{ secrets.AZURE_CDN_NAME }} --content-paths '/*'