| title | Quickstart - Automate Deployments |
|---|---|
| titleSuffix | Azure Spring Apps Enterprise plan |
| description | Explains how to automate deployments to the Azure Spring Apps Enterprise plan by using GitHub Actions and Terraform. |
| author | KarlErickson |
| ms.author | karler |
| ms.reviewer | asirveda |
| ms.service | azure-spring-apps |
| ms.topic | quickstart |
| ms.date | 08/19/2025 |
| ms.update-cycle | 1095-days |
| ms.custom | devx-track-java, devx-track-terraform |
[!INCLUDE deprecation-note]
This article applies to: ❎ Basic/Standard ✅ Enterprise
This quickstart shows you how to automate deployments to the Azure Spring Apps Enterprise plan by using GitHub Actions and Terraform.
- An Azure account with an active subscription. Create an account for free.
- The Azure CLI version 2.45.0 or higher.
- Git.
- jq
- [!INCLUDE install-enterprise-extension]
The automation associated with the sample application requires a Storage account for maintaining Terraform state. The following steps show you how to create a Storage Account for use with GitHub Actions and Terraform.
-
Use the following command to create a new resource group to contain the Storage Account:
az group create \ --name <storage-resource-group> \ --location <location> -
Use the following command to create a Storage Account:
az storage account create \ --resource-group <storage-resource-group> \ --name <storage-account-name> \ --location <location> \ --sku Standard_RAGRS \ --kind StorageV2 -
Use the following command to create a Storage Container within the Storage Account:
az storage container create \ --resource-group <storage-resource-group> \ --name terraform-state-container \ --account-name <storage-account-name> \ --auth-mode login -
Use the following commands to get an Azure credential. You need an Azure service principal credential to authorize Azure login action.
az login az ad sp create-for-rbac \ --role contributor \ --scopes /subscriptions/<SUBSCRIPTION_ID> \ --json-authThe command should output a JSON object:
{ "clientId": "<GUID>", "clientSecret": "<GUID>", "subscriptionId": "<GUID>", "tenantId": "<GUID>", ... } -
This example uses the fitness store sample on GitHub. Fork the sample, open the GitHub repository page, and then select the Settings tab. Open the Secrets menu, then select Add a new secret, as shown in the following screenshot.
:::image type="content" source="media/quickstart-automate-deployments-github-actions-enterprise/actions1.png" alt-text="Screenshot showing GitHub Settings Add new secret." lightbox="media/quickstart-automate-deployments-github-actions-enterprise/actions1.png":::
-
Set the secret name to
AZURE_CREDENTIALSand set its value to the JSON string that you found under the heading Set up your GitHub repository and authenticate.:::image type="content" source="media/quickstart-automate-deployments-github-actions-enterprise/actions2.png" alt-text="Screenshot showing GitHub Settings Set secret data." lightbox="media/quickstart-automate-deployments-github-actions-enterprise/actions2.png":::
-
Add the following secrets to GitHub Actions:
TF_PROJECT_NAME: Use a value of your choosing. This value will be the name of your Terraform Project.AZURE_LOCATION: The Azure Region your resources will be created in.OIDC_JWK_SET_URI: Use theJWK_SET_URIdefined in Quickstart: Configure single sign-on for applications using the Azure Spring Apps Enterprise plan.OIDC_CLIENT_ID: Use theCLIENT_IDdefined in Quickstart: Configure single sign-on for applications using the Azure Spring Apps Enterprise plan.OIDC_CLIENT_SECRET: Use theCLIENT_SECRETdefined in Quickstart: Configure single sign-on for applications using the Azure Spring Apps Enterprise plan.OIDC_ISSUER_URI: Use theISSUER_URIdefined in Quickstart: Configure single sign-on for applications using the Azure Spring Apps Enterprise plan.
-
Add the secret
TF_BACKEND_CONFIGto GitHub Actions with the following value:resource_group_name = "<storage-resource-group>" storage_account_name = "<storage-account-name>" container_name = "terraform-state-container" key = "dev.terraform.tfstate"
Now you can run GitHub Actions in your repository. The provision workflow provisions all resources necessary to run the example application. The following screenshot shows an example run:
:::image type="content" source="media/quickstart-automate-deployments-github-actions-enterprise/provision.png" alt-text="Screenshot of GitHub showing output from the provision workflow." lightbox="media/quickstart-automate-deployments-github-actions-enterprise/provision.png":::
Each application has a deploy workflow that will redeploy the application when changes are made to that application. The following screenshot shows some example output from the catalog service:
:::image type="content" source="media/quickstart-automate-deployments-github-actions-enterprise/deploy-catalog.png" alt-text="Screenshot of GitHub showing output from the Deploy Catalog workflow." lightbox="media/quickstart-automate-deployments-github-actions-enterprise/deploy-catalog.png":::
The cleanup workflow can be manually run to delete all resources created by the provision workflow. The following screenshot shows the output:
:::image type="content" source="media/quickstart-automate-deployments-github-actions-enterprise/cleanup.png" alt-text="Screenshot of GitHub showing output from the cleanup workflow." lightbox="media/quickstart-automate-deployments-github-actions-enterprise/cleanup.png":::
If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resource group, which deletes the resources in the resource group. To delete the resource group by using Azure CLI, use the following commands:
echo "Enter the Resource Group name:" &&
read resourceGroupName &&
az group delete --name $resourceGroupName &&
echo "Press [ENTER] to continue ..."
Continue on to any of the following optional quickstarts: