Should you consider migrating CI/CD pipelines from Azure DevOps

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

1/18

JUL 29, 2023

As engineering teams look for ways to streamline their

processes and enhance their development workflow, the

adoption of CI/CD (Continuous Integration/Continuous

Delivery) pipelines has become quite the norm. Azure DevOps

was one of the first platforms to offer YAML based CI/CD

templates and quickly became the favorite tool amongst a lot

of developers. After Microsoft's acquisition of Github, they

quickly introduced the much-desired enterprise-grade CI/CD

Should you

consider

migrating CI/CD

pipelines from

Azure DevOps to

GitHub Actions?

SERVICES CASE STUDIES BLOG

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

2/18

With the increasing popularity and capabilities of GitHub Actions (GHA), many teams

are considering migrating their CI/CD pipelines from Azure DevOps (ADO) to GitHub

Actions. This article aims to provide an outline of the advantages of GHA, and a general

roadmap for the migration process, highlighting key considerations and steps.

Why Migrate to GitHub Actions?

GitHub Actions has seen rapid adoption since its introduction due to its tight integration

with GitHub repositories and its event-driven model. With this model, workflows can be

triggered on almost any GitHub event, enabling highly flexible and customizable

automation.

While both ADOand GHAare YAML using relatively similar YAML templates , certain

characteristics and features may make GHA a more appealing choice for most teams

or projects. Here are a few key advantages of GitHub Actions over Azure DevOps.

Marketplace And Custom Actions

GitHub Actions marketplace is more extensive and active, with thousands of actions

available for various tasks. This contrasts with Azure DevOps, where task extensions are

tooling in GitHub Actions, and it quickly rose to popularity.

While Azure DevOps remains a feature-rich tool, with GitHub's

continuous upgrades and versatile features, an increasing

number of developers are migrating from Azure DevOps to

GitHub Actions.

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

3/18

less numerous and community contribution is not as robust.

Ease of Integration

GitHub Actions marketplace hosts a plethora of actions, ranging from setting up

different environments (like actions/setup-node for Node.js, actions/setup-python for

Python) to deploying code to different cloud providers (like aws-actions/aws-s3-sync

for syncing a directory to an S3 bucket). In comparison, Azure DevOps does offer an

extensions marketplace, but it's not as comprehensive or user-friendly as GitHub's.

For instance, consider the action of deploying a Docker image to a Kubernetes cluster.

The GitHub marketplace has an action like azure/k8s-deploy, which simplifies the

process to a few lines of YAML.

While Azure DevOps can achieve similar results, it usually requires a more complex

series of tasks to accomplish the same goal.

Community Contributions

GitHub Actions benefits greatly from being built on the most popular platform for open-

source software. Many actions in the marketplace are contributed by the community

and go beyond mere CI/CD tasks, including actions for automating the management of

issues, pull requests, and project boards. For example, the actions/stale action marks

1 - name: Deploy to Kubernetes

2 uses: azure/k8s-deploy@v1

3 with:

4 namespace: mynamespace

5 manifests: |

6 manifest1.yml

7 manifest2.yml

8 images: |

9 myimage1:$(IMAGE1_NAME)

10 myimage2:$(IMAGE2_NAME)

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

4/18

issues and pull requests that have not seen activity for a specified amount of time as

stale, encouraging more effective project management.

Triggers And Event-Driven Workflows

GitHub Actions supports a broader range of event triggers. Any event that happens

within a GitHub repository can be used to trigger a workflow. On the other hand, Azure

DevOps primarily focuses on push and pull request events for CI/CD workflows.

Pull Request Triggers

The workflow runs whenever a pull request is opened, synchronized, or closed.

For example, with ADO, you have to do a lot of PowerShell magic to trigger a pipeline for

a pull request closure.

1 - name: Mark stale issues and pull requests

2 uses: actions/stale@v4

3 with:

4 days-before-stale: 60

5 days-before-close: 7

1 - task: PowerShell@2

2 inputs:

3 targetType: 'inline'

4 script: |

5 # Call REST API and set the result to $pr

6 $token = "{PAT}" # Replace it with your PAT

7 $token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetByte

8 $url="https://dev.azure.com/{organization}/{project}/_apis/git/pullrequests/{pu

9 $head = @{ Authorization =" Basic $token" }

10 $pr = Invoke-RestMethod -Uri $url -Method Get -Headers $head -ContentType appl

11 # Pass the status result to future tasks. You can also pass it to future jobs/s

12 $status = $pr.status

13 Write-Host "##vso[task.setvariable variable=prstatus;]$status"

15 - task: ... # The task you use to destroy apps

16 condition: eq(variables.prstatus, 'completed')

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

5/18

With GHA, there are pre-build actions, and conditions to do this quite easily.

Issue Comments Triggers

The workflow runs when a comment is added to an issue in the repository.

While ADO also has support for comment-based triggers, this is only supported if you

are using GitHub as the source repository. ( in most instances, if you are using ADO

Pipelines, you are likely to be using ADO Git repos, so this feature is actually useless).

With GHA, this is straightforward to do.

Release Triggers

In Azure DevOps, this is typically done using Release Pipelines, which are designed to

handle the deployment of your application. You can create a release manually, or you

can configure the release pipeline to automatically create a new release when it

detects a new build artifact (which could be created by a build pipeline when you

create a GitHub release, for example).

1 name: Pull Request Closed Workflow

3 on:

4 pull_request:

5 types: [closed]

1 on:

2 issue_comment:

3 types: [created, edited]

1 trigger: none

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

6/18

In GitHub Actions, you can trigger a workflow directly from your YAML file when a release

is created by using the release event. You can further specify the types of release

events that will trigger the workflow, such as created, edited, published, etc.

Parallelism And Matrix Builds

Both platforms support running jobs in parallel and matrix builds. However, GitHub

Actions offers a more intuitive syntax and configuration for matrix builds.

Azure DevOps has the concept of a "Matrix Strategy" that allows you to run jobs in

parallel with different configurations. Here is an example:

3 stages:

4 - stage: Deploy

5 jobs:

6 - deployment: DeployToAzure

7 displayName: Deploy to Azure

8 pool:

9 vmImage: 'ubuntu-latest'

10 environment: 'Production'

11 strategy:

12 runOnce:

13 deploy:

14 steps:

15 - script: echo Deploying!

1 on:

2 release:

3 types: [published, created, edited]

1 jobs:

2 - job: Build

3 strategy:

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

7/18

GitHub Actions also supports a similar feature, also known as "Matrix Strategy". However,

GitHub Actions provides a more flexible approach, allowing you to combine different

sets of variables. Here is an example:

Runner Environment

GitHub Actions and Azure DevOps both offer self-hosted runners, allowing you to run

workflows on your own hardware and in your own environment. Self-hosted runners can

be used when you have specific requirements that aren't met by the hosted runners, like

4 matrix:

5 linux:

6 imageName: 'ubuntu-latest'

7 windows:

8 imageName: 'windows-latest'

9 pool:

10 vmImage: $(imageName)

11 steps:

12 - script: echo Hello, world!

1 jobs:

2 build:

3 runs-on: ${{ matrix.os }}

4 strategy:

5 matrix:

6 os: [ubuntu-latest, windows-latest]

7 node: [12, 14]

8 steps:

9 - name: Checkout code

10 uses: actions/checkout@v2

11 - name: Use Node.js ${{ matrix.node }}

12 uses: actions/setup-node@v2

13 with:

14 node-version: ${{ matrix.node }}

15 - run: npm ci

16 - run: npm test

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

8/18

when you need a specific OS or tool that's not available on the hosted runners, or when

your code needs to access resources that are only available in your local network.

However, GitHub Actions goes a step further by offering the ability to run actions in

Docker containers on their hosted runners. This means that you can create a Dockerfile

to specify the exact environment that your workflow needs, and this Dockerfile will be

built and run on the GitHub-hosted runner.

Here's an example of how this work:

First, you create a Dockerfile that specifies the exact environment your workflow

requires. For instance, if your workflow requires `Node.js` and a specific version of the

AWS CLI, your Dockerfile might look like this:

Next, you define a custom action in the same repository as your workflow. This action

uses the Dockerfile you just created. The `action.yml` for this custom action would look

like this:

Finally, you use this action in your workflow:

1 FROM node:14

3 RUN curl "https://d1vvhvl2y92vvt.cloudfront.net/awscli-exe-linux-x86_64-2.1.30.zip" -o

4 unzip awscliv2.zip && \

5 sudo ./aws/install

1 name: 'Custom Action'

2 description: 'Run my scripts in a custom environment'

3 runs:

4 using: 'docker'

5 image: 'Dockerfile'

1 jobs:

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

9/18

In this setup, the custom-job job will run on a GitHub-hosted runner, but the action will

run in the Docker container that you've specified. This gives you the ability to specify the

exact environment that your action needs, without the need to set up and manage your

own self-hosted runner.

GitHub Advanced Security

Although Microsoft now owns GitHub, and there's a lot of feature parity between the two

platforms, Microsoft has announced that the Advanced Security service will not be

available for ADO. GitHub's advanced security features definitely add significant value

to the platform and can serve as compelling reasons to consider migration from Azure

DevOps to GitHub Actions. Here are some key features:

Code Scanning: This feature scans your code as soon as it’s pushed to GitHub, and can

surface and help prevent vulnerabilities before they reach production. The tool is built

on the open-source project Semmle’s CodeQL, allowing you to explore your source

code as a database. It's a powerful tool for identifying security vulnerabilities in many

popular programming languages.

Secret Scanning: Formerly known as token scanning, this feature scans repositories for

known secret formats to prevent fraudulent use of credentials committed accidentally.

Once it finds potential secrets, it alerts the provider or the repository owner, ensuring

quick action can be taken.

2 custom-job:

3 runs-on: ubuntu-latest

4 steps:

5 - uses: ./.github/actions/custom-action

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

10/18

Dependabot Alerts and Security Updates: Dependabot pulls in information from the

GitHub Advisory Database and other sources to identify dependencies with known

vulnerabilities. It can alert you to the problem and can even automatically create a pull

request to update to the fixed version, subject to your configuration.

Private Instances: For businesses that need to meet complex security, compliance and

policy constraints, GitHub provides private instances. It is a fully managed offering from

GitHub, which provides enhanced security, simplified administration, and scalable

performance to serve large or regulated organizations.

These features integrate seamlessly into the developer workflow. Since everything

happens within the GitHub ecosystem, there's no need to manage and maintain

multiple tools or jump from one platform to another to manage your code, which saves

time and reduces complexity.

Step-by-Step Migration Guide

Step 1: Assess Your Current Azure Pipelines

Before diving into the migration, it's important to understand your existing Azure

Pipelines in detail.

Which tasks are being performed?

What dependencies exist between tasks?

How is the pipeline triggered, and what conditions lead to its execution?

This analysis will provide a blueprint for recreating your pipelines in GitHub Actions.

Step 2: Understand GitHub Actions Structure

GitHub Actions are composed of workflows that respond to events on your GitHub

repository. Each workflow consists of one or more jobs, which are sets of steps that

perform individual tasks. Steps can run commands or actions, which are pre-built

pieces of code.

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

11/18

Understand the key components:

Workflow: Defined in a YAML file in the .github/workflows directory in your

repository.

Jobs: Run on separate instances of the GitHub-hosted runner.

Steps: The smallest unit in a job, can run commands or actions.

Actions: Prebuilt pieces of code to perform common tasks.

Step 3: Create An Equivalent GitHub Actions

Workflow

Create a .github/workflows directory in your GitHub repository, and add a new YAML file

to define your workflow. Use your analysis from Step 1 to guide the definition of jobs and

steps.

Consider using prebuilt actions from the GitHub marketplace to replace custom scripts

in your Azure Pipeline, but be aware of versioning and potential security concerns.

Step 4: Handle Secrets And Environment

Variables

GitHub Actions provide mechanisms to handle secrets and environment variables. Use

the GitHub web interface to configure secrets at the repository or organization level.

Environment variables can be set at the workflow, job, or step level within the YAML

workflow file. They can also reference secrets, providing a way to securely handle

sensitive data.

Step 5: Implement Conditional Logic

GitHub Actions supports conditional jobs and steps, using a syntax similar to Azure

DevOps. Conditional statements are written in JavaScript expression syntax, providing

flexibility for complex logic.

Step 6: Testing The Migration

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

12/18

Before fully transitioning to GitHub Actions, make sure to thoroughly test your new

workflows. This can be done by manually triggering the workflow or pushing changes to

your repository that would trigger the workflow.

Migrating Azure functions deployment

from ADOto GHA

This example is a simple comparison of what an Azure Function deployment using Azure

DevOps and GitHub Actions.

Azure DevOps YAML pipeline for Azure Function Deployment

1 trigger:

2 - main

4 variables:

5 # Azure Resource Manager connection created during pipeline creation

6 azureSubscription: 'my-azure-subscription'

8 # Function app name

9 functionAppName: 'my-function-app'

11 # Agent VM image name

12 vmImageName: 'ubuntu-latest'

14 stages:

15 - stage: Build

16 displayName: Build stage

18 jobs:

19 - job: Build

20 displayName: Build

21 pool:

22 vmImage: $(vmImageName)

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

13/18

GitHub Actions Workflow for Azure Function deployment

24 steps:

25 - task: DotNetCoreCLI@2

26 displayName: Build

27 inputs:

28 command: build

29 projects: '**/*.csproj'

30 arguments: --output $(System.DefaultWorkingDirectory)/publish_output

32 - stage: Deploy

33 displayName: Deploy stage

35 jobs:

36 - deployment: Deploy

37 displayName: Deploy

38 environment: 'production'

39 pool:

40 vmImage: $(vmImageName)

42 strategy:

43 runOnce:

44 deploy:

45 steps:

46 - task: AzureFunctionApp@1

47 displayName: 'Azure functions app deploy'

48 inputs:

49 azureSubscription: '$(azureSubscription)'

50 appType: functionApp

51 appName: $(functionAppName)

52 package: $(System.DefaultWorkingDirectory)/publish_output

1 name: Build and Deploy to Azure Functions

3 on:

4 push:

5 branches:

6 - main

8 env:

9 AZURE_FUNCTIONAPP_NAME: my-function-app # set this to your application's name

10 AZURE_FUNCTIONAPP_PACKAGE_PATH: './publish_output' # set this to the path to your a

11 DOTNET_VERSION: '3.1.x' # set this to the dotnet version to use

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

14/18

In the GitHub Actions workflow, we're also doing two main tasks: Building the app and

deploying it. The build is done with a run command that directly uses the dotnet CLI,

and the deployment is done with the Azure/functions-action@v1 action.

13 jobs:

14 build-and-deploy:

15 runs-on: ubuntu-latest

17 steps:

18 - name: 'Checkout GitHub Action'

19 uses: actions/checkout@main

21 - name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment

22 uses: actions/setup-dotnet@v1

23 with:

24 dotnet-version: ${{ env.DOTNET_VERSION }}

26 - name: Build with dotnet

27 run: dotnet build --configuration Release --output ${{ env.AZURE_FUNCTIONAPP_PA

29 - name: 'Login via Azure CLI'

30 uses: azure/login@v1

31 with:

32 creds: ${{ secrets.AZURE_CREDENTIALS }}

34 - name: 'Run Azure Functions Action'

35 uses: Azure/functions-action@v1

36 id: fa

37 with:

38 app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}

39 package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}

41 - name: 'Logout of Azure CLI'

42 run: az logout

30/07/2023, 12:54

Should you consider migrating CI/CD pipelines from Azure DevOps to GitHub Actions?

https://www.kodez.com.au/post/migrating-ci-cd-pipelines-from-azure-devops-to-github-actions

15/18

As you can see, both the Azure DevOps pipeline and the GitHub Actions workflow

achieve the same goal, and the syntax and structure are quite similar, so the migration

process is relatively simpler.

Conclusion

GitHub Actions offer significantly better DevOps/DevSecOps tooling. Migrating from

Azure DevOps to GitHub Actions involves translating Azure Pipelines YAML to GitHub

Actions YAML, while mapping tasks to actions. While the sample provided here is

specific to Azure Function App deployment, the process is similar for other applications.

It's worth noting that the convenience and increasing capabilities offered by GitHub

Actions make it a compelling option. However, the decision should be based on the

specific needs and context of your projects.

Feel free to reach out if you need help with preparing a migration strategy to GitHub

Actions.