GitOps is as much a part of Azure Infrastructure engineering as anything native to the public cloud. The convenience that git repositories and associated workflows provide is not specific to the public clouds and can span sovereign clouds and on-premises. In this regard, a few methods need to be called out.

Assuming a workflow file has been authored in the .github/workflows folder of a repository, it is very much like an automation script that can be shared and re-used in different workflows and that is not restricted to just GitHub workflows. All you need is a personal access token. For example,

curl -X POST \

-H "Accept: application/vnd.github.v3+json" \

-H "Authorization: token YOUR_PERSONAL_ACCESS_TOKEN" \

https://api.github.com/repos/OWNER/REPO/actions/workflows/WORKFLOW_ID/dispatches \

-d '{"ref":"main"}

The advantages of GitOps includes auditing which is similar to that of the public cloud. Every run of the workflow is recorded including who did it and when. Secrets and variables allow the workflow to be parameterized and this can be done with the help of another request just prior to the run. For example,

curl -X PUT \

-H "Accept: application/vnd.github.v3+json" \

-H "Authorization: token YOUR_PERSONAL_ACCESS_TOKEN" \

https://api.github.com/repos/OWNER/REPO/actions/secrets/SECRET_NAME \

-d '{"encrypted_value": "NEW_ENCRYPTED_VALUE", "key_id": "KEY_ID"}'

This helps particularly in the case when the Owner or owning organization to the repository has policies in place to require any change to the files in the repository to be done via pull-requests where manual approvals are necessary.

GitOps, therefore, provides version tracking and file sharing convenience that can be packaged to run with dedicated accounts that have very specific fine-grained access to what resources are specified to be acted upon by the workflow file.

A user interface or any floating ui component in any portal can also use GitOps as backend instead of the actual resource, thereby, providing convenience to how an automation is run.

Reference: Previous1 articles (IaCResolutionsPart261.docx: https://1drv.ms/w/c/d609fb70e39b65c8/EZtfWh6GSp5ElYh8itkjwBkBXexIdT-xGnqwQqcrQZk-cQ?e=DwZ2BI).