OpsCanary
azureiacPractitioner

Automate Azure Deployments: Bicep Files with GitHub Actions

5 min read Microsoft LearnApr 27, 2026Reviewed for accuracy
Share
PractitionerHands-on experience recommended

In the fast-paced world of cloud infrastructure, automating deployments is crucial. GitHub Actions allows you to integrate your CI/CD workflows directly with Azure, making it easier to manage resources using Bicep files. This approach not only saves time but also reduces the potential for human error during deployments.

To get started, you'll need to define your Bicep file parameters. For instance, the storagePrefix parameter must be between 3 to 11 characters, while the storageSKU parameter defaults to 'Standard_LRS'. The workflow uses GitHub Actions to log into Azure and deploy the Bicep file. You can set up your YAML workflow to include steps for checking out your code, logging into Azure, and deploying your resources. A typical deployment step might look like this: parameters: 'storagePrefix=mystore storageSKU=Standard_LRS'. This setup ensures that your Azure resources are provisioned consistently and reliably.

In production, remember to enhance your workflow security by using environment secrets instead of repository secrets, especially in public repositories. Also, always use GitHub Secrets for sensitive data to avoid exposing credentials in your workflows. The last update on this process was on October 30, 2025, so ensure your practices align with the latest recommendations.

Key takeaways

  • Define `storagePrefix` between 3 to 11 characters for your Bicep file.
  • Use `storageSKU` parameter with a default value of 'Standard_LRS'.
  • Implement GitHub Actions to automate the deployment of Bicep files.
  • Utilize environment secrets for enhanced security in public repositories.
  • Always use GitHub Secrets for sensitive information in workflows.

Why it matters

Automating Azure deployments with GitHub Actions and Bicep files significantly reduces manual errors and accelerates your deployment process, leading to more reliable infrastructure management.

Code examples

Bicep
1@minLength(3)
2@maxLength(11)
3param storagePrefix string
4
5@allowed([
6  'Standard_LRS'
7  'Standard_GRS'
8  'Standard_RAGRS'
9  'Standard_ZRS'
10  'Premium_LRS'
11  'Premium_ZRS'
12  'Standard_GZRS'
13  'Standard_RAGZRS'
14])
15param storageSKU string = 'Standard_LRS'
16
17param location string = resourceGroup().location
18
19var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}'
20
21resource stg 'Microsoft.Storage/storageAccounts@2025-06-01' = {
22  name: uniqueStorageName
23  location: location
24  sku: {
25    name: storageSKU
26    kind: 'StorageV2'
27  }
28  properties: {
29    supportsHttpsTrafficOnly: true
30  }
31}
32
33output storageEndpoint object = stg.properties.primaryEndpoints
YAML
1name: Deploy Bicep file
2on: [push]
3jobs:
4  build-and-deploy:
5    runs-on: ubuntu-latest
6    steps:
7
8    - name: Checkout code
9      uses: actions/checkout@main
10
11    - name: Log into Azure
12      uses: azure/login@v2
13      with:
14        creds: ${{ secrets.AZURE_CREDENTIALS }}
15
16    - name: Deploy Bicep file
17      uses: azure/arm-deploy@v1
18      with:
19        subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }}
20        resourceGroupName: ${{ secrets.AZURE_RG }}
21        template: ./main.bicep
22        parameters: 'storagePrefix=mystore storageSKU=Standard_LRS'
23        failOnStdErr: false
CLI
az group create -n exampleRG -l westus

When NOT to use this

The official docs don't call out specific anti-patterns here. Use your judgment based on your scale and requirements.

Want the complete reference?

Read official docs

Test what you just learned

Quiz questions written from this article

Take the quiz →
DigitalOceanSponsor

Simple, affordable cloud — VMs, Kubernetes, and managed databases in minutes. Trusted by 600,000+ developers. Spin up a Droplet in 60 seconds.

Try DigitalOcean →

More on this topic

See all →
azurePractitioner

Bicep Parameter Files: Streamlining Your Infrastructure as Code

Bicep parameter files are a game changer for managing parameter values in your infrastructure deployments. They allow you to define these values separately from your main Bicep file, enhancing flexibility and consistency. Discover how to leverage this feature effectively in your projects.

5 min readRead
azurePractitioner

Maximizing Performance: Deploying High-Performance Workloads on Azure IaaS

Unlock the full potential of Azure IaaS for your high-performance workloads. Understand how latency, throughput, and scalability come together to deliver a coordinated system that meets your demands.

5 min readRead
azurePractitioner

Mastering Azure IaaS: Defense in Depth for Secure Infrastructure

In a world where threats evolve daily, Azure IaaS offers a robust framework for securing your infrastructure through defense in depth. With features like Trusted Launch enabled by default for Gen2 VMs, you can architect security from the ground up, not as an afterthought.

5 min readRead

Get the daily digest

One email. 5 articles. Every morning.

No spam. Unsubscribe anytime.