Azure Landing Zones Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure Landing Zones Documentation
  2. /
  3. Accelerator
  4. /
  5. User Guide
  6. /
  7. Phase 1 - Prerequisites
  8. /
  9. GitHub
Edit page

GitHub

This section details the prerequisites for GitHub.

GitHub Prerequisites

The accelerator does not support GitHub personal accounts, since they don’t support all the features required for security. You must have a GitHub organization account or the accelerator will fail on apply. You can create a free organization here. Learn more about account types here.

If you choose to use a free organization account the accelerator bootstrap will make your repositories public. It must do this to support the functionality required by the accelerator. This is not recommended for production environments.

GitHub Personal Access Token (PAT)

The following instructions refer to classic personal access tokens. You can also use fine-grained access tokens which are still in beta to provide more granular permissions. These docs will be updated to reflect this in the future.

This first PAT is referred to as token-1.

  1. Navigate to github.com.
  2. Click on your user icon in the top right and select Settings.
  3. Scroll down and click on Developer Settings in the left navigation.
  4. Click Personal access tokens in the left navigation and select Tokens (classic).
  5. Click Generate new token at the top and select Generate new token (classic).
  6. Enter Azure Landing Zone Terraform Accelerator in the Note field.
  7. Alter the Expiration drop down and select Custom.
  8. Choose tomorrows date in the date picker.
  9. Check the following scopes:
    1. repo
    2. workflow
    3. admin:org
    4. user: read:user
    5. user: user:email
    6. delete_repo
  10. Click Generate token.
  11. Copy the token and save it somewhere safe.
  12. If your organization uses single sign on, then click the Configure SSO link next to your new PAT.
  13. Select your organization and click Authorize, then follow the prompts to allow SSO.

If you are using self-hosted runners, you will need to create a second PAT that we’ll refer to as token-2 for them. You can do this by following the steps above with the following differences:

  1. Select No expiration for the Expiration field.

    You may want to set a shorter expiration date for security reasons. In either case, you will need to have a process in place to extend expiration the token before it expires.

  2. The scope required depends on the type of organization you are using:

    1. If you are using a Free organization or an Enterprise organization without a runner group, select only the repo scope.
    2. If you are using an Enterprise organization and a runner group, select the admin:org scope for classic tokens (or organization_self_hosted_runners:write for fine-grained tokens).
gdoc_arrow_left_alt Azure DevOps Authenticating via Service Principal gdoc_arrow_right_alt