azureiacPractitioner

Automate Azure Deployments: Bicep Files with GitHub Actions

5 min read Microsoft LearnApr 27, 2026

Practitioner — Hands-on experience recommended

In the fast-paced world of cloud infrastructure, automating deployments is crucial. GitHub Actions allows you to integrate your CI/CD workflows directly with Azure, making it easier to manage resources using Bicep files. This approach not only saves time but also reduces the potential for human error during deployments.

To get started, you'll need to define your Bicep file parameters. For instance, the storagePrefix parameter must be between 3 to 11 characters, while the storageSKU parameter defaults to 'Standard_LRS'. The workflow uses GitHub Actions to log into Azure and deploy the Bicep file. You can set up your YAML workflow to include steps for checking out your code, logging into Azure, and deploying your resources. A typical deployment step might look like this: parameters: 'storagePrefix=mystore storageSKU=Standard_LRS'. This setup ensures that your Azure resources are provisioned consistently and reliably.

In production, remember to enhance your workflow security by using environment secrets instead of repository secrets, especially in public repositories. Also, always use GitHub Secrets for sensitive data to avoid exposing credentials in your workflows. The last update on this process was on October 30, 2025, so ensure your practices align with the latest recommendations.

Key takeaways

→Define `storagePrefix` between 3 to 11 characters for your Bicep file.
→Use `storageSKU` parameter with a default value of 'Standard_LRS'.
→Implement GitHub Actions to automate the deployment of Bicep files.
→Utilize environment secrets for enhanced security in public repositories.
→Always use GitHub Secrets for sensitive information in workflows.

Why it matters

Automating Azure deployments with GitHub Actions and Bicep files significantly reduces manual errors and accelerates your deployment process, leading to more reliable infrastructure management.

Code examples

Bicep

1@minLength(3)
2@maxLength(11)
3param storagePrefix string
4
5@allowed([
6  'Standard_LRS'
7  'Standard_GRS'
8  'Standard_RAGRS'
9  'Standard_ZRS'
10  'Premium_LRS'
11  'Premium_ZRS'
12  'Standard_GZRS'
13  'Standard_RAGZRS'
14])
15param storageSKU string = 'Standard_LRS'
16
17param location string = resourceGroup().location
18
19var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}'
20
21resource stg 'Microsoft.Storage/storageAccounts@2025-06-01' = {
22  name: uniqueStorageName
23  location: location
24  sku: {
25    name: storageSKU
26    kind: 'StorageV2'
27  }
28  properties: {
29    supportsHttpsTrafficOnly: true
30  }
31}
32
33output storageEndpoint object = stg.properties.primaryEndpoints

YAML

1name: Deploy Bicep file
2on: [push]
3jobs:
4  build-and-deploy:
5    runs-on: ubuntu-latest
6    steps:
7
8    - name: Checkout code
9      uses: actions/checkout@main
10
11    - name: Log into Azure
12      uses: azure/login@v2
13      with:
14        creds: ${{ secrets.AZURE_CREDENTIALS }}
15
16    - name: Deploy Bicep file
17      uses: azure/arm-deploy@v1
18      with:
19        subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }}
20        resourceGroupName: ${{ secrets.AZURE_RG }}
21        template: ./main.bicep
22        parameters: 'storagePrefix=mystore storageSKU=Standard_LRS'
23        failOnStdErr: false

CLI

az group create -n exampleRG -l westus

When NOT to use this

The official docs don't call out specific anti-patterns here. Use your judgment based on your scale and requirements.

Want the complete reference?

Read official docs

Test what you just learned

Quiz questions written from this article

Take the quiz →

Automate Azure Deployments: Bicep Files with GitHub Actions

Key takeaways

Why it matters

Code examples

When NOT to use this

More on this topic

Mastering Bicep Parameters Files for Efficient Deployments

Mastering Bicep Modules for Scalable Infrastructure

Bicep: The Future of Azure Resource Deployment