// GitHub Actions

Validate and test your Bicep code in your deployment workflow. You'll use linting, preflight validation, and the what-if operation to validate your Azure changes before you deploy, and you'll test your resources after each deployment.

Discovering passwords in our codebase is probably one of our worst fears as a developer. But, what if you didn't need passwords at all? Join Chris, as he explores how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely.

Many of you may be familiar with GitHub for your own Open Source (OSS) projects. But, did you know that you can run your end-to-end development within your organization using GitHub Enterprise? Join Chris for a whistle-stop tour in the day-in-the-life of a developer with GitHub Codespaces, GitHub Copilot, GitHub Actions and GitHub Advanced Security, showing how you can bring Open Source best practices into your day-to-day work (also known as InnerSource)!

Chris and Matt solve a recurring ToolUp Days pain point — inconsistent developer environments — by setting up GitHub Codespaces with a custom dev container. They extend a community .NET template to include Go, configure Dapr component files for local Azure Storage access, and leverage Codespaces secrets as injected environment variables to avoid storing credentials in source code. By the end of the session they have a fully reproducible, cloud-hosted development environment that spins up in seconds.

Chris and Matt spend this episode tracking down why the World Events Engine keeps crashing on startup in Azure Container Apps — tracing the root cause to a missing GitHub Container Registry credentials block in the Infrastructure as Code and a GitHub Actions token permissions gap. The session also covers Dapr component naming conventions, storage queue message formatting, container app log analysis, and planning a dedicated GitHub Codespaces episode.

Chris and Matt deploy the World Events Engine to Azure Container Apps — encountering and fixing a real-world GitHub Actions deployment bug caused by parallel runs generating duplicate container names. The episode covers Dapr storage queue bindings, service invocation between microservices, random bar-type modifier logic, and a viewer-prompted conversation about using GitHub Codespaces to standardise the development environment.

Azure RBAC is a critical security control — but managing custom role definitions manually is error-prone, hard to audit, and doesn't scale. In this episode, Chris is joined by Marcel Lupo, DevOps MVP and Solutions Architect, who demonstrates how GitHub Actions can automate the full lifecycle of custom Azure RBAC role definitions. This session goes beyond typical developer workflows to show how GitHub can serve as the governance backbone for your Azure security posture — with role definitions version-controlled, reviewed via pull requests, and deployed through automated pipelines.

The series officially rebrands from ToolUp Tuesday to ToolUp Days, giving Chris and Matt the flexibility to keep a consistent cadence. This episode focuses on rethinking the game's data model — simplifying the player state object, introducing a BarType enum, and scaffolding both a player creation API and a bar management controller, with GitHub Copilot generating much of the boilerplate in real time.

In a couple of previous blog posts, I provided a writeup on the GitHub Projects Beta. I wrote two posts on automation within GitHub Projects (Adding Issues to GitHub Projects with GitHub Actions for a user profile and Adding Issues to GitHub Projects with GitHub Actions for an Organization profile). I'm pleased to say that the capabilities went Generally Available last week! As a result of the GA announcement and resulting changes, I need to post updates to my older samples.

Chris and Matt set up federated identity credentials (OIDC) for passwordless GitHub Actions authentication to Azure, deploy container apps via CI/CD, and discuss workflow trigger strategies for container image deployments.