Articles

Deploy to Azure from GitHub Actions (2026)

April 16, 2026 3 min read

GitHub Actions can deploy to Azure, but it’s not just about pushing code; it’s about orchestrating a secure and repeatable deployment pipeline.

Here’s a simplified Azure deployment workflow using GitHub Actions:

name: Deploy to Azure

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Set up Node.js
      uses: actions/setup-node@v3
      with:
        node-version: '18'
    - name: npm install, build, and test
      run: |
        npm install
        npm run build --if-present
        npm test
    - name: Azure WebApp Deploy
      uses: azure/webapps-deploy@v2
      with:
        app-name: 'my-azure-webapp-name'
        package: '.'
        slot-name: 'production'
      env:

        AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}

This workflow checks out your code, sets up Node.js, runs your build and test commands, and then deploys to an Azure Web App. The AZURE_CREDENTIALS secret is crucial for authentication.

Let’s break down the mental model of how this works.

The Problem Solved: Automating Deployments

Manually deploying applications is tedious, error-prone, and time-consuming. You have to:

  • Build your application code.
  • Package it for deployment.
  • Transfer the package to the hosting environment.
  • Configure the hosting environment.
  • Restart services if necessary.

GitHub Actions automates these steps, creating a Continuous Integration/Continuous Deployment (CI/CD) pipeline. When you push code to your repository, the workflow triggers, performing all the necessary actions to get your updated application running on Azure.

How it Works Internally: The Workflow Execution

  1. Trigger: The on: push: branches: - main line tells GitHub Actions to start this workflow whenever code is pushed to the main branch.
  2. Runner: runs-on: ubuntu-latest specifies that the job will execute on a fresh Ubuntu virtual machine hosted by GitHub.
  3. Steps: Each steps: block is a command or action executed sequentially.
    • actions/checkout@v3: This action downloads your repository’s code onto the runner.
    • actions/setup-node@v3: This action installs the specified Node.js version (18 in this case) on the runner, making npm commands available.
    • run: | ...: This executes shell commands. npm install installs dependencies, npm run build compiles your application (if a build script exists in package.json), and npm test runs your unit tests.
    • azure/webapps-deploy@v2: This is a pre-built GitHub Action specifically for deploying to Azure App Services.
      • app-name: Identifies your Azure Web App.
      • package: Specifies the directory containing your built application artifacts. . means the root of your repository after checkout.
      • slot-name: Allows deployment to specific deployment slots (like staging or production) within your Web App.
      • env: AZURE_CREDENTIALS: This is where authentication happens. The AZURE_CREDENTIALS secret, stored securely in your GitHub repository settings, contains the service principal credentials needed to authenticate with Azure.

The Exact Levers You Control

  • Trigger Conditions (on): You can define when your workflow runs. Common options include push (to specific branches), pull_request, schedule (cron jobs), or workflow_dispatch (manual trigger).

  • Environment Variables (env): Crucial for passing secrets like API keys, database credentials, or Azure service principal details. These are stored in GitHub Secrets and accessed via ${{ secrets.YOUR_SECRET_NAME }}.

  • Azure Service Principal: The AZURE_CREDENTIALS secret is typically a JSON object containing clientId, clientSecret, subscriptionId, and tenantId. This is generated in Azure and grants GitHub Actions the necessary permissions to deploy to your Azure resources.

  • Deployment Target: The app-name and slot-name in the webapps-deploy action precisely dictate where your code lands in Azure.

  • Build Process: The run steps allow you to customize your build, test, and packaging commands. You can use different package managers (yarn, pnpm), build tools (Webpack, Vite), and testing frameworks.

  • Action Versions (@vX): Using specific versions of actions (e.g., @v3, @v2) ensures your workflow remains stable and doesn’t break due to unexpected changes in newer releases.

The azure/webapps-deploy action internally handles packaging your application code from the specified package directory and then uses the provided AZURE_CREDENTIALS to authenticate with Azure. It then uploads this package to the target app-name and slot-name, initiating the deployment process within Azure. The action abstracts away the complexities of Azure CLI commands or REST API calls for deployment.

Once your application is deployed, you’ll likely want to monitor its health and performance.

Want structured learning?

Take the full Azure course →