Enabling resilient DevOps practices with code to cloud automation

As digital transformation has evolved, so have customer expectations. Enterprises are expected to deliver continuous value by releasing frequent bug-proof updates with little to no disruption to their userbase. This is no small feat, as nations and governments roll out stringent new data and security measures.

So how are enterprises able to ship faster while maintaining governance, security, and compliance standards amidst a pandemic that has forced work to be remote?

Based on the Enterprise DevOps 2020-2021 report, 80 percent of top-performing enterprises surveyed say they have begun “shifting-left,” or automating governance, security, and compliance into the early stages of their software development lifecycles (SDLC). These enterprises are not only automating their build and release workflows, but they’re also adopting an “everything-as-code” mindset. This shift means that not just infrastructure configurations and release pipelines, but also compliance and security policies, are written “as code,” enabling continuous improvement, while promoting better re-use, resilience, and driving greater transparency.

It’s with all this in mind that we continue to refine, update, and add to our GitHub Actions portfolio. At Microsoft Ignite we announced new GitHub Actions for Azure, which we added to our growing catalogue of Azure and GitHub integrations, with more to come soon. GitHub Actions for Azure enables deployments to multiple Azure services—from web applications to serverless functions to Kubernetes, to Azure SQL and MySQL databases—ultimately helping enterprises stay resilient while giving the flexibility to build an automated workflow to manage your SDLC.

Manage Azure Policy as Code in GitHub

As you progress on your Cloud Governance journey, there is an increasing need to shift from manually managing each policy in the Azure portal to something more manageable, collaborative, and repeatable at enterprise scale. We are announcing that we made the integration between Azure Policy and GitHub even stronger to help you on this journey. You can now easily export Azure policies to a GitHub repository in just a few clicks. All exported policies will be stored as files in GitHub. You can then collaborate and track changes using version control and push policy file changes to Azure Policy using Manage Azure Policy action. 

Deploy ARM infrastructure as code

With the move to the cloud, many teams need to repeatedly deploy their solutions to the cloud and ensure their infrastructure is in a reliable state. To meet these challenges, you can automate deployments by defining the infrastructure that needs to be deployed as code with Azure Resource Management (ARM) templates.

To address this, we are releasing a Deploy Azure Resource Manager Template action. With this action you can automate your workflow to deploy ARM templates and manage Azure resources. This action can be used to deploy ARM templates at any deployment scope; resource group, subscription or at a management group scope. The output of this ARM deployment action can be used in subsequent actions within the workflow as well for further processing.

Build Azure Virtual Machine Images for immutable infrastructure

With the newly rolled out Build Azure Virtual Machine Image action, customizing, creating, and distributing virtual machine (VM) images just got easier. You can now use this action to create custom VM images that hold artifacts produced in your Continuous Delivery workflows, distribute them as a Shared Image Gallery version or a managed image or a virtual hard disk (VHD) and get complete traceability between the GitHub and Azure portal.

Trace Kubernetes changes from Azure portal to GitHub commits

Deploy to Kubernetes cluster action is now enhanced to enable a changelog view in the Azure portal to trace any deployment done on an Azure Kubernetes Service (AKS) cluster from the exact GitHub commits and issues that got deployed all the way to the specific GitHub workflow that was used to deploy the changes.

Scan container images as part of Pull Request workflows

You can now add the container scanning action to your workflows and add additional checks to secure the Docker images created as part of Continuous Integration (CI) or Pull Request (PR) workflows. This helps developers scan for a common vulnerabilities in their Docker images and gain confidence before pushing to a container registry or deploying to a containerized web app or a Kubernetes cluster.

Source: microsoft.com