{"id":1246,"date":"2024-10-28T14:08:05","date_gmt":"2024-10-28T21:08:05","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/powerplatform\/?p=1246"},"modified":"2024-10-28T14:54:43","modified_gmt":"2024-10-28T21:54:43","slug":"automate-power-platform-environment-creation-solution-imports-with-github-actions-federated-auth-setup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powerplatform\/automate-power-platform-environment-creation-solution-imports-with-github-actions-federated-auth-setup\/","title":{"rendered":"Automate Power Platform Environment Creation &#038; Solution Imports with GitHub Actions (Federated Auth Setup)"},"content":{"rendered":"<h1>Automate Power Platform Environment Creation &amp; Solution Imports with GitHub Actions (Federated Auth Setup)<\/h1>\n<p>Automating your CI\/CD pipeline for Power Platform solutions streamlines development and reduces manual tasks. Integrating GitHub Actions with federated authentication provides secure and scalable access for creating environments, importing solutions, and even cleaning up temporary environments. This post guides you through automating these tasks with a federated authentication setup.<\/p>\n<hr \/>\n<h2>Introduction<\/h2>\n<p>This guide details how to automate Power Platform environment creation and solution import using GitHub Actions with federated authentication. Federated authentication removes the need for direct application credentials by leveraging single sign-on (SSO) capabilities with identity providers. This approach ensures that deployments are secure, compliant, and less reliant on sensitive credentials.<\/p>\n<h2>Prerequisites<\/h2>\n<p>Ensure you have the following:<\/p>\n<ul>\n<li><strong>Power Platform Environment<\/strong>: Admin access is required to manage environments.<\/li>\n<li><strong>Federated Authentication Setup<\/strong>: Configure a federated identity provider, like Azure Active Directory (AAD), with necessary permissions to access Power Platform resources.<\/li>\n<li><strong>GitHub Repository<\/strong>: This is where workflows and solutions are stored.<\/li>\n<li><strong>Power Platform CLI<\/strong>: Install and make available the Power Platform CLI in your GitHub environment. \n<ul>\n<li>See <a href=\"https:\/\/learn.microsoft.com\/en-us\/power-platform\/developer\/cli\/introduction?tabs=windows\">Power Platform CLI Documentation<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Setting Up Federated Authentication with GitHub Actions<\/h2>\n<p>Using federated authentication in GitHub Actions involves configuring an OpenID Connect (OIDC) trust relationship between GitHub and your identity provider (e.g., Azure AD). This setup ensures secure, token-based authentication without storing client secrets.<\/p>\n<h3>Configuring OIDC in Azure AD<\/h3>\n<ol>\n<li>\n<p><strong>Create an App Registration<\/strong> in Azure AD:<\/p>\n<ul>\n<li>Go to Azure AD > App Registrations > New Registration.<\/li>\n<li>Set redirect URI to GitHub Actions: <code>https:\/\/github.com\/&lt;organization&gt;\/&lt;repository&gt;<\/code>.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Enable Federated Credentials<\/strong> for the app registration:<\/p>\n<ul>\n<li>Under <strong>Certificates &amp; Secrets<\/strong>, select <strong>Federated Credentials<\/strong> > <strong>Add Credential<\/strong>.<\/li>\n<li>Choose <strong>GitHub<\/strong> as the identity provider and set the repository access.<\/li>\n<li>Define permissions to allow GitHub Actions access to Power Platform resources.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Assign Required API Permissions<\/strong>:<\/p>\n<ul>\n<li>Add necessary Power Platform permissions (e.g., <code>Environment.Create<\/code>, <code>Solution.Import<\/code>) to the app registration in Azure AD.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>GitHub Secrets<\/h2>\n<p>To enable federated authentication, you will only need:<\/p>\n<ul>\n<li><strong>AZURE_CLIENT_ID<\/strong>: Client ID of your Azure AD app.<\/li>\n<li><strong>AZURE_TENANT_ID<\/strong>: Azure tenant ID.<\/li>\n<\/ul>\n<p>No client secrets are needed because authentication is handled by OIDC and federated credentials.<\/p>\n<h2>GitHub Actions Workflow<\/h2>\n<p>The following GitHub Actions workflow automates environment creation and solution import with federated authentication:<\/p>\n<pre><code class=\"yaml\">name: Power Platform CI\/CD with Federated Auth\n\non:\n  push:\n    branches:\n      - main\n\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout Code\n        uses: actions\/checkout@v3\n\n      - name: Set Environment Name\n        run: echo \"ENV_NAME=${{ github.ref_name }}-${{ github.run_id }}\" >> $GITHUB_ENV\n\n      - name: Authenticate with Azure via Federated Auth\n        uses: azure\/login@v1\n        with:\n          client-id: ${{ secrets.AZURE_CLIENT_ID }}\n          tenant-id: ${{ secrets.AZURE_TENANT_ID }}\n          federated-credentials: true\n\n      - name: Create Power Platform Environment\n        run: pac environment create --name $ENV_NAME --region unitedstates --type Production\n\n      - name: Import Solution to Power Platform\n        run: pac solution import --path .\/solution.zip --environment $ENV_NAME\n\n      - name: Cleanup Power Platform Environment on Failure\n        if: failure()\n        run: pac environment delete --name $ENV_NAME\n<\/code><\/pre>\n<h3>Workflow Breakdown<\/h3>\n<ul>\n<li><strong>Authenticate with Azure via Federated Auth<\/strong>: GitHub authenticates with Azure AD using federated OIDC credentials, making authentication secure and secret-free.<\/li>\n<li><strong>Create Power Platform Environment<\/strong>: A unique environment name is generated to avoid conflicts in parallel runs.<\/li>\n<li><strong>Import Solution<\/strong>: The solution in your repository is imported to the new environment.<\/li>\n<li><strong>Cleanup on Failure<\/strong>: Deletes the environment if import fails, ensuring a clean tenant.<\/li>\n<\/ul>\n<h3>Verifying the Workflow<\/h3>\n<p>To test:<\/p>\n<ol>\n<li><strong>Commit and Push<\/strong>: Push the workflow file to your repository.<\/li>\n<li><strong>Check GitHub Actions<\/strong>: Monitor the &#8220;Actions&#8221; tab for the workflow run.<\/li>\n<li><strong>Verify in Power Platform Admin Center<\/strong>: Ensure an environment is created, and check for cleanup if there was an import failure.<\/li>\n<\/ol>\n<h3>Conclusion<\/h3>\n<p>Implementing federated authentication with GitHub Actions for Power Platform enhances security by avoiding client secrets and using OIDC. This setup automates CI\/CD tasks efficiently and keeps your Power Platform tenant clean.<\/p>\n<hr \/>\n<h3>Additional Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/docs.github.com\/en\/actions\">GitHub Actions Documentation<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/power-platform\/admin\">Power Platform Admin Guide<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Automate Power Platform Environment Creation &amp; Solution Imports with GitHub Actions (Federated Auth Setup) Automating your CI\/CD pipeline for Power Platform solutions streamlines development and reduces manual tasks. Integrating GitHub Actions with federated authentication provides secure and scalable access for creating environments, importing solutions, and even cleaning up temporary environments. This post guides you through [&hellip;]<\/p>\n","protected":false},"author":173795,"featured_media":1247,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1246","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powerplatform"],"acf":[],"blog_post_summary":"<p>Automate Power Platform Environment Creation &amp; Solution Imports with GitHub Actions (Federated Auth Setup) Automating your CI\/CD pipeline for Power Platform solutions streamlines development and reduces manual tasks. Integrating GitHub Actions with federated authentication provides secure and scalable access for creating environments, importing solutions, and even cleaning up temporary environments. This post guides you through [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/posts\/1246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/users\/173795"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/comments?post=1246"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/posts\/1246\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/media\/1247"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/media?parent=1246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/categories?post=1246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powerplatform\/wp-json\/wp\/v2\/tags?post=1246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}