Sample: Azure function accessing an Azure Storage Blob with a Private Endpoint
This sample uses bicep to deploy and includes a github action as a buildndeploy.yml
Instructions:
-
Fork this repo.
-
Create an Azure resource group
az group create -n yourRG -l canadacentral
-
Create a Service Prinicpal for your Github Action as per this guide.
If you already have an existing service principal for Github Actions and you're using the OIDC method, then ensure the service principal the Contributor role with a minimun scope of the target resource group.
az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id $assigneeObjectId --assignee-principal-type ServicePrincipal --scopes /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName
Where the
$assignee-object-id
is the objectId of the service principal (found in Enterprise Apps) , and the$subscriptionId
,$resourceGroupName
are the subscription id and the target resource group name respectively. -
Create a new Environment called
sample
within your forked repo in GitHub. -
Manually trigger in Github to run the workflow.