Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1Add the orbs stanza below your version, invoking the orb:
1
2
orbs:
azure-cli: circleci/azure-cli@1.3.2Use azure-cli elements in your existing workflows and jobs.
Install the Azure CLI
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
version: '2.1'
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
verify-install:
executor: azure-cli/default
steps:
- azure-cli/install
- run:
command: az -v
name: Verify Azure CLI is installed
workflows:
example-workflow:
jobs:
- verify-install
Log into Azure with a Service Principal
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
version: '2.1'
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
login-to-azure:
executor: azure-cli/azure-docker
steps:
- azure-cli/login-with-service-principal
- run:
command: az resource list
name: List resources of tenant stored as `AZURE_SP_TENANT` env var
workflows:
example-workflow:
jobs:
- login-to-azure
Install the Azure CLI, then log in with a username and password
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
version: '2.1'
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
login-to-azure:
executor: azure-cli/default
steps:
- azure-cli/install
- azure-cli/login-with-user:
alternate-tenant: true
- run:
command: az resource list
name: List resources of tenant stored as `AZURE_TENANT` env var
workflows:
example-workflow:
jobs:
- login-to-azure
Log into Azure with the login type determined based on environment variable detection.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
version: '2.1'
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
login-to-azure:
executor: azure-cli/azure-docker
steps:
- azure-cli/login-with-user-or-service-principal
- run:
command: az resource list
name: List resources of tenant stored as `AZURE_SP_TENANT` env var
workflows:
example-workflow:
jobs:
- login-to-azure
Initilize the Azure CLI
| PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
|---|---|---|---|---|
azure-sp | Name of environment variable storing the full name of the Service Principal, in the form http://app-url
| No | AZURE_SP | env_var_name |
azure-sp-password | Name of environment variable storing the password for the Service Principal
| No | AZURE_SP_PASSWORD | env_var_name |
azure-sp-tenant | Name of environment variable storing the tenant ID for the Service Principal
| No | AZURE_SP_TENANT | env_var_name |
Initilize the Azure CLI
| PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
|---|---|---|---|---|
alternate-tenant | Use an alternate tenant | No | false | boolean |
azure-password | Environment variable storing your Azure password
| No | AZURE_PASSWORD | env_var_name |
azure-tenant | Environment variable storing your Azure tenant, necessary if `alternate-tenant` is set to true
| No | AZURE_TENANT | env_var_name |
azure-username | Environment variable storing your Azure username
| No | AZURE_USERNAME | env_var_name |
Initilize the Azure CLI. Supports login either with a user or with a Service Principal. The type of login is determined by checking if the environment variable storing the Azure username or the environment variable storing the name of the Service Principal is set to a non-empty value.
| PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
|---|---|---|---|---|
alternate-tenant | Use an alternate tenant. Only applicable for user logins. | No | false | boolean |
azure-password | Environment variable storing your Azure password. Only applicable for user logins.
| No | AZURE_PASSWORD | env_var_name |
azure-sp | Name of environment variable storing the full name of the Service Principal, in the form http://app-url. Only applicable for Service Principal logins.
| No | AZURE_SP | env_var_name |
azure-sp-password | Name of environment variable storing the password for the Service Principal. Only applicable for Service Principal logins.
| No | AZURE_SP_PASSWORD | env_var_name |
azure-sp-tenant | Name of environment variable storing the tenant ID for the Service Principal. Only applicable for Service Principal logins.
| No | AZURE_SP_TENANT | env_var_name |
azure-tenant | Environment variable storing your Azure tenant, necessary if `alternate-tenant` is set to true. Only applicable for user logins.
| No | AZURE_TENANT | env_var_name |
azure-username | Environment variable storing your Azure username. Only applicable for user logins.
| No | AZURE_USERNAME | env_var_name |
Microsoft's Azure CLI Docker image
| PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
|---|---|---|---|---|
tag | The microsoft azure cli Docker image version tag. | No | latest | string |
CircleCI official cimg/python Docker image to use
| PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
|---|---|---|---|---|
python-version | - | No | 3.12.9 | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
version: 2.1
description: |
Install, initialize, and log into the Azure command-line interface (azcli)
display:
source_url: https://github.com/CircleCI-Public/azure-cli-orb
commands:
install:
description: |
Install the Azure CLI, if not available
steps:
- run:
command: |
#!/usr/bin/env bash
install_debian() {
# Set sudo to work whether logged in as root user or non-root user
if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi
# https://github.com/CircleCI-Public/azure-cli-orb/issues/15
# https://manpages.debian.org/unstable/apt/apt-get.8.en.html
$SUDO apt-get --allow-releaseinfo-change-suite update && $SUDO apt-get -qqy install apt-transport-https
if [[ $(command -v lsb_release) == "" ]]; then
echo "Installing lsb_release"
$SUDO apt-get -qqy install lsb-release
fi
# Create an environment variable for the correct distribution
AZ_REPO="$(lsb_release -cs)"
export AZ_REPO
# Modify your sources list
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
$SUDO tee /etc/apt/sources.list.d/azure-cli.list
if [[ $(command -v curl) == "" ]]; then
echo "Installing curl"
$SUDO apt-get -qqy install curl
fi
if [[ $(command -v gpg) == "" ]]; then
echo "Installing gpg"
$SUDO apt-get -qqy install gnupg
fi
# Get the Microsoft signing key
echo "Install Microsoft signing key"
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
gpg --dearmor |
$SUDO tee /etc/apt/trusted.gpg.d/microsoft.gpg >/dev/null
# Update and install the Azure CLI
# https://github.com/CircleCI-Public/azure-cli-orb/issues/15
# https://manpages.debian.org/unstable/apt/apt-get.8.en.html
echo "Run apt-get update"
$SUDO apt-get --allow-releaseinfo-change-suite update
echo "Run apt-get install"
$SUDO apt-get -qqy install \
ca-certificates \
azure-cli
echo "Azure CLI is now installed."
}
install_alpine() {
apk update
apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo make py-pip bash
pip install azure-cli --break-system-packages
}
# Verify the CLI isn't already installed
if az -v >/dev/null; then
echo "Azure CLI installed already."
exit 0
fi
if grep debian /etc/os-release &>/dev/null; then
install_debian
exit 0
fi
if grep alpine /etc/os-release &>/dev/null; then
install_alpine
exit 0
fi
echo "Could not identify the system properly so azure cli could not be installed"
exit 1
name: Install Azure CLI, if not available
no_output_timeout: 20m
login-with-service-principal:
description: Initilize the Azure CLI
parameters:
azure-sp:
default: AZURE_SP
description: |
Name of environment variable storing the full name of the Service Principal, in the form http://app-url
type: env_var_name
azure-sp-password:
default: AZURE_SP_PASSWORD
description: |
Name of environment variable storing the password for the Service Principal
type: env_var_name
azure-sp-tenant:
default: AZURE_SP_TENANT
description: |
Name of environment variable storing the tenant ID for the Service Principal
type: env_var_name
steps:
- run:
command: |
#!/usr/bin/env bash
AZURE_SP_TENANT="$(circleci env subst "\$$AZURE_SP_TENANT")"
AZURE_SP="$(circleci env subst "\$$AZURE_SP")"
AZURE_SP_PASSWORD="$(circleci env subst "\$$AZURE_SP_PASSWORD")"
az login \
--service-principal \
--tenant="${AZURE_SP_TENANT}" \
-u="${AZURE_SP}" \
-p="${AZURE_SP_PASSWORD}"
environment:
AZURE_SP: << parameters.azure-sp >>
AZURE_SP_PASSWORD: << parameters.azure-sp-password >>
AZURE_SP_TENANT: << parameters.azure-sp-tenant >>
name: Login to the Azure CLI via Service Principal
login-with-user:
description: Initilize the Azure CLI
parameters:
alternate-tenant:
default: false
description: Use an alternate tenant
type: boolean
azure-password:
default: AZURE_PASSWORD
description: |
Environment variable storing your Azure password
type: env_var_name
azure-tenant:
default: AZURE_TENANT
description: |
Environment variable storing your Azure tenant, necessary if `alternate-tenant` is set to true
type: env_var_name
azure-username:
default: AZURE_USERNAME
description: |
Environment variable storing your Azure username
type: env_var_name
steps:
- run:
command: |
#!/usr/bin/env bash
ALTERNATE_TENANT="$(circleci env subst "\$$ALTERNATE_TENANT")"
AZURE_USERNAME="$(circleci env subst "\$$ALTERNATE_TENANT")"
AZURE_PASSWORD="$(circleci env subst "\$$ALTERNATE_TENANT")"
AZURE_TENANT="$(circleci env subst "\$$ALTERNATE_TENANT")"
if [[ ! "${ALTERNATE_TENANT}" = "false" ]]; then
az login \
--tenant="${AZURE_TENANT}" \
-u="${AZURE_USERNAME}" \
-p="${AZURE_PASSWORD}"
exit 0
fi
if [ -n "${AZURE_USERNAME}" ]; then
echo "User credentials detected; logging in with user"
az login \
-u="${AZURE_USERNAME}" \
-p="${AZURE_PASSWORD}"
exit 0
fi
environment:
ALTERNATE_TENANT: << parameters.alternate-tenant >>
AZURE_PASSWORD: << parameters.azure-password >>
AZURE_TENANT: << parameters.azure-tenant >>
AZURE_USERNAME: << parameters.azure-username >>
name: Login to the Azure CLI via username/password
login-with-user-or-service-principal:
description: |
Initilize the Azure CLI. Supports login either with a user or with a Service Principal. The type of login is determined by checking if the environment variable storing the Azure username or the environment variable storing the name of the Service Principal is set to a non-empty value.
parameters:
alternate-tenant:
default: false
description: Use an alternate tenant. Only applicable for user logins.
type: boolean
azure-password:
default: AZURE_PASSWORD
description: |
Environment variable storing your Azure password. Only applicable for user logins.
type: env_var_name
azure-sp:
default: AZURE_SP
description: |
Name of environment variable storing the full name of the Service Principal, in the form http://app-url. Only applicable for Service Principal logins.
type: env_var_name
azure-sp-password:
default: AZURE_SP_PASSWORD
description: |
Name of environment variable storing the password for the Service Principal. Only applicable for Service Principal logins.
type: env_var_name
azure-sp-tenant:
default: AZURE_SP_TENANT
description: |
Name of environment variable storing the tenant ID for the Service Principal. Only applicable for Service Principal logins.
type: env_var_name
azure-tenant:
default: AZURE_TENANT
description: |
Environment variable storing your Azure tenant, necessary if `alternate-tenant` is set to true. Only applicable for user logins.
type: env_var_name
azure-username:
default: AZURE_USERNAME
description: |
Environment variable storing your Azure username. Only applicable for user logins.
type: env_var_name
steps:
- run:
command: |
#!/usr/bin/env bash
ALTERNATE_TENANT="$(circleci env subst "\$$ALTERNATE_TENANT")"
AZURE_TENANT="$(circleci env subst "\$$AZURE_TENANT")"
AZURE_USERNAME="$(circleci env subst "\$$AZURE_USERNAME")"
AZURE_PASSWORD="$(circleci env subst "\$$AZURE_PASSWORD")"
AZURE_SP="$(circleci env subst "\$$AZURE_SP")"
AZURE_SP_TENANT="$(circleci env subst "\$$AZURE_SP_TENANT")"
AZURE_SP_PASSWORD="$(circleci env subst "\$$AZURE_SP_PASSWORD")"
if [[ ! "${ALTERNATE_TENANT}" = "false" ]]; then
az login \
--tenant="${AZURE_TENANT}" \
-u="${AZURE_USERNAME}" \
-p="${AZURE_PASSWORD}"
exit 0
fi
if [ -n "${AZURE_USERNAME}" ]; then
echo "User credentials detected; logging in with user"
az login \
-u="${AZURE_USERNAME}" \
-p="${AZURE_PASSWORD}"
exit 0
fi
if [ -n "${AZURE_SP}" ]; then
echo "Service Principal credentials detected; logging in with Service Principal"
az login \
--service-principal \
--tenant="${AZURE_SP_TENANT}" \
-u="${AZURE_SP}" \
-p="${AZURE_SP_PASSWORD}"
exit 0
fi
echo 'Login failed; neither user nor Service Principal credentials were provided'
exit 1
environment:
ALTERNATE_TENANT: <<parameters.alternate-tenant>>
AZURE_PASSWORD: <<parameters.azure-password>>
AZURE_SP: <<parameters.azure-sp>>
AZURE_SP_PASSWORD: $<<parameters.azure-sp-password>>
AZURE_SP_TENANT: $<<parameters.azure-sp-tenant>>
AZURE_TENANT: <<parameters.azure-tenant>>
AZURE_USERNAME: <<parameters.azure-username>>
name: Login to the Azure CLI with user or Service Principal
executors:
azure-docker:
description: |
Microsoft's Azure CLI Docker image
docker:
- image: mcr.microsoft.com/azure-cli:<<parameters.tag>>
parameters:
tag:
default: latest
description: The microsoft azure cli Docker image version tag.
type: string
default:
description: |
CircleCI official cimg/python Docker image to use
docker:
- image: cimg/python:<<parameters.python-version>>
parameters:
python-version:
default: 3.12.9
type: string
examples:
install:
description: |
Install the Azure CLI
usage:
version: "2.1"
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
verify-install:
executor: azure-cli/default
steps:
- azure-cli/install
- run:
command: az -v
name: Verify Azure CLI is installed
workflows:
example-workflow:
jobs:
- verify-install
login-with-service-principal:
description: |
Log into Azure with a Service Principal
usage:
version: "2.1"
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
login-to-azure:
executor: azure-cli/azure-docker
steps:
- azure-cli/login-with-service-principal
- run:
command: az resource list
name: List resources of tenant stored as `AZURE_SP_TENANT` env var
workflows:
example-workflow:
jobs:
- login-to-azure
login-with-user:
description: |
Install the Azure CLI, then log in with a username and password
usage:
version: "2.1"
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
login-to-azure:
executor: azure-cli/default
steps:
- azure-cli/install
- azure-cli/login-with-user:
alternate-tenant: true
- run:
command: az resource list
name: List resources of tenant stored as `AZURE_TENANT` env var
workflows:
example-workflow:
jobs:
- login-to-azure
login-with-user-or-service-principal:
description: |
Log into Azure with the login type determined based on environment variable detection.
usage:
version: "2.1"
orbs:
azure-cli: circleci/azure-cli@1.0.0
jobs:
login-to-azure:
executor: azure-cli/azure-docker
steps:
- azure-cli/login-with-user-or-service-principal
- run:
command: az resource list
name: List resources of tenant stored as `AZURE_SP_TENANT` env var
workflows:
example-workflow:
jobs:
- login-to-azure