Azure Landing Zones Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure Landing Zones Documentation
  2. /
  3. Accelerator
  4. /
  5. User Guide
  6. /
  7. Phase 1 - Prerequisites
  8. /
  9. GitHub
Edit page

GitHub

This section details the prerequisites for GitHub.

GitHub Prerequisites

The accelerator does not support GitHub personal accounts, since they don’t support all the features required for security. You must have a GitHub organization account or the accelerator will fail on apply. You can create a free organization here. Learn more about account types here.

If you choose to use a free organization account the accelerator bootstrap will make your repositories public. It must do this to support the functionality required by the accelerator. This is not recommended for production environments.

GitHub Personal Access Token (PAT)

This first PAT is referred to as token-1.

  1. Navigate to github.com.
  2. Click on your user icon in the top right and select Settings.
  3. Scroll down and click on Developer Settings in the left navigation.
  4. Click Personal access tokens in the left navigation and select Fine-grained tokens.
  5. Click Generate new token at the top.
  6. Enter Azure Landing Zone Terraform Accelerator in the Token name field.
  7. Alter the Resource owner drop down and select your organization.
  8. Alter the Expiration drop down and select Custom.
  9. Choose tomorrows date in the date picker.
  10. Alter the Repository access radio button and select All repositories.
  11. Add the following Repository permissions:
    1. Actions: Read and write
    2. Administration: Read and write
    3. Contents: Read and write
    4. Environments: Read and write
    5. Secrets: Read and write
    6. Variables: Read and write
    7. Workflows: Read and write
  12. Add the following Organization permissions:
    1. Members: Read and write
    2. Self-hosted runners: Read and write Only required if you plan to use Runner Groups at the organization level.
  13. Click Generate token.
  14. Copy the token and save it somewhere safe.

If you are using self-hosted runners, you will need to create a second PAT that we’ll refer to as token-2 for them. You can do this by following these steps:

  1. Select No expiration for the Expiration field.

    You may want to set a shorter expiration date for security reasons. In either case, you will need to have a process in place to extend expiration the token before it expires.

  2. Navigate to github.com.

  3. Click on your user icon in the top right and select Settings.

  4. Scroll down and click on Developer Settings in the left navigation.

  5. Click Personal access tokens in the left navigation and select Fine-grained tokens.

  6. Click Generate new token at the top.

  7. Enter Azure Landing Zone Terraform Accelerator Runner Registration in the Token name field.

  8. Alter the Resource owner drop down and select your organization.

  9. Alter the Expiration drop down and select No Expiration.

    You can of course set an expiration date if you prefer, but you’ll need to ensure you have a process in place to renew it before it expires.

  10. Alter the Repository access radio button and select All repositories.

    You can should this post bootstrap deployment to limit access to only the repository where you will be using self-hosted runner. We’ll remind you to do this in the next steps after the bootstrap is complete.

  11. Add the following Repository permissions:

    1. Administration: Read and write

  12. Add the following Organization permissions:

    1. Self-hosted runners: Read and write Only required if you plan to use Runner Groups at the organization level.

  13. Click Generate token.

  14. Copy the token and save it somewhere safe.

gdoc_arrow_left_alt Azure DevOps Authenticating via Service Principal gdoc_arrow_right_alt