NGINX for Azure Deployment Action

This action supports managing the configuration of an NGINX for Azure deployment in a GitHub repository. It enables continuous deployment through GitHub workflows to automatically update the NGINX for Azure deployment when changes are made to the NGINX configuration files stored in the respository.

Connecting to Azure

This action leverages the Azure Login action for authenticating with Azure and performing update to an NGINX for Azure deployment. Two different ways of authentication are supported:

Service principal with secrets
OpenID Connect (OIDC) with an Azure service principal using a Federated Identity Credential

Sample workflow that authenticates with Azure using an Azure service principal with a secret

# File: .github/workflows/nginxForAzureDeploy.yml

name: Sync the NGINX configuration from the GitHub repository to an NGINX for Azure deployment
on:
  push:
    branches:
      - main
    paths:
      - config/**

jobs:
  Deploy-NGINX-Configuration:
    runs-on: ubuntu-latest
    steps:
    - name: 'Checkout repository'
      uses: actions/[email protected]

    - name: 'Run Azure Login using an Azure service principal with a secret'
      uses: azure/[email protected]
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}

    - name: 'Sync the NGINX configuration from the GitHub repository to the NGINX for Azure deployment'
      uses: nginxinc/[email protected]
      with:
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
        nginx-config-directory-path: config/
        nginx-root-config-file: nginx.conf
        transformed-nginx-config-directory-path: /etc/nginx/

Sample workflow that authenticates with Azure using OIDC

# File: .github/workflows/nginxForAzureDeploy.yml

name: Sync the NGINX configuration from the GitHub repository to an NGINX for Azure deployment
on:
  push:
    branches:
      - main
    paths:
      - config/**

permissions:
      id-token: write
      contents: read

jobs:
  Deploy-NGINX-Configuration:
    runs-on: ubuntu-latest
    steps:
    - name: 'Checkout repository'
      uses: actions/[email protected]

    - name: 'Run Azure Login using OIDC'
      uses: azure/[email protected]
      with:
        client-id: ${{ secrets.AZURE_CLIENT_ID }}
        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

    - name: 'Sync the NGINX configuration from the GitHub repository to the NGINX for Azure deployment'
      uses: nginxinc/[email protected]
      with:
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
        nginx-config-directory-path: config/
        nginx-root-config-file: nginx.conf
        transformed-nginx-config-directory-path: /etc/nginx/

Handling NGINX configuration file paths

To facilitate the migration of the existing NGINX configuration, NGINX for Azure supports multiple-files configuration with each file uniquely identified by a file path, just like how NGINX configuration files are created and used in a self-hosting machine. An NGINX configuration file can include another file using the include directive. The file path used in an include directive can either be an absolute path or a relative path to the prefix path.

The following example shows two NGINX configuration files inside the /etc/nginx directory on disk are copied and stored in a GitHub respository under its config directory.

File path on disk	File path in the respository
/etc/nginx/nginx.conf	/config/nginx.conf
/etc/nginx/sites-enabled/mysite.conf	/config/sites-enabled/mysite.conf

To use this action to sync the configuration files from this example, the directory path relative to the GitHub repository root config/ is set to the action's input nginx-config-directory-path for the action to find and package the configuration files. The root file nginx.conf is set to the input nginx-root-config-file.

    - name: 'Sync the NGINX configuration from the GitHub repository to the NGINX for Azure deployment'
      uses: nginxinc/[email protected]
      with:
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
        nginx-config-directory-path: config/
        nginx-root-config-file: nginx.conf

By default, the action uses a file's relative path to nginx-config-directory-path in the respository as the file path in the NGINX for Azure deployment.

File path on disk	File path in the respository	File path in the NGINX for Azure deployment
/etc/nginx/nginx.conf	/config/nginx.conf	nginx.conf
/etc/nginx/sites-enabled/mysite.conf	/config/sites-enabled/mysite.conf	sites-enabled/mysite.conf

The default file path handling works for the case of using relative paths in include directives, for example, if the root nginx.conf references mysite.conf using:

include sites-enabled/mysite.conf;

For the case of using absolute paths in include directives, for example, if the root nginx.conf references mysite.conf using:

include /etc/nginx/sites-enabled/mysite.conf;

The action supports an optional input transformed-nginx-config-directory-path to transform the absolute path of the configuration directory in the NGINX for Azure deployment. The absolute configuration directory path on disk /etc/nginx/ can be set to transformed-nginx-config-directory-path as follows to ensure the configuration files using absolute paths in include directives work as expected in the NGINX for Azure deployment.

    - name: 'Sync the NGINX configuration from the Git repository to the NGINX for Azure deployment'
      uses: nginxinc/[email protected]
      with:
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
        nginx-config-directory-path: config/
        nginx-root-config-file: nginx.conf
        transformed-nginx-config-directory-path: /etc/nginx/

The transformed paths of the two configuration files in the NGINX for Azure deployment are summarized in the following table

File path on disk	File path in the respository	File path in the NGINX for Azure deployment
/etc/nginx/nginx.conf	/config/nginx.conf	/etc/nginx/nginx.conf
/etc/nginx/sites-enabled/mysite.conf	/config/sites-enabled/mysite.conf	/etc/nginx/sites-enabled/mysite.conf

Download Source Code

Download ZIP

Github Actions to sync NGINX configs into the NGINX for Azure service.

NGINX for Azure Deployment Action

Connecting to Azure

Sample workflow that authenticates with Azure using an Azure service principal with a secret

Sample workflow that authenticates with Azure using OIDC

Handling NGINX configuration file paths

Download Source Code

Related

azure-keyvault - Makes using azure keyvaults less verbose from the cli.

azure-subscription - Displays information about the Azure current Subscription and tenant.

git-sync - A ZSH plugin to sync git repositories and clean them up.

htconvert - Convert .htaccess redirects to nginx.conf redirects.

Production repository for the all-new Advantage360 Professional using ZMK engine

dotfiles - Keep your dotfiles in sync across multiple machines using git.

declare-zsh - A parser for zinit commands in .zshrc. It allows to perform the following actions on .zshrc from the command-line - enable and disable plugins add or remove snippets.

redis - Will run redis-server pointing it to the redis.conf configuration file. This can be used with the zdharma/zredis plugin to share variables between shells.

zservice-py3http - Serve a given directory with Python 3's http server from the standard library.

rare - Real-time regex aggregation and analysis.