Monthly Archives: February 2022

Create Azure Service Principal and “az login”

Sample of creating Resource Group and then create Service Principle with contributor role under the RG for DevOps Pipeline

#az group create --name $MY_RG --location southeastasia
#RG_ID=$(az group show --name $MY_RG --query "id" --output tsv)
# or 
RG_ID=$(az group create --name $MY_RG  --location southeastasia --query "id" --output tsv)
PASSWORD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role contributor --scopes $RG_ID  --query "password" --output tsv)
USER_NAME=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv)

az login --service-principal -u $USER_NAME -p $PASSWORD --tenant <mytenant>

Connect to SQL Database from App Service by using a managed identity – System-assigned.

Running App Service with Azure SQL based

Fix list:
The steps in this guide has been tested with “.NET 6.0”

dotnet tool install -g dotnet-ef
dotnet ef migrations add InitialCreate
dotnet ef database update
dotnet add package Microsoft.Data.SqlClient --version 4.0.1
dotnet add package Azure.Identity --version 1.5.0

appsettings.json :

  "Logging": {
    "LogLevel": {
      "Default": "Information"
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "CoredBConnection": ";Authentication=Active Directory Default; Database=CoredB;"
az webapp identity assign --resource-group my-002-rg --name webapp-core-sql-018
ALTER ROLE db_datareader ADD MEMBER [webapp-core-sql-018];
ALTER ROLE db_datawriter ADD MEMBER [webapp-core-sql-018];
ALTER ROLE db_ddladmin ADD MEMBER [webapp-core-sql-018];

Program.cs :

public void ConfigureServices(IServiceCollection services)
   services.AddDbContext<MyDatabaseContext>(options =>

See Also:

Web App & Azure SQL Templates:


Configuring self-hosted runners with a default self-signed certificate for GitHub Enterprise Server

Quick fix:

  1. Copy “/etc/haproxy/ssl.crt” from GHE Server to Runner machine under ” /usr/local/share/ca-certificates/ “
  1. Updated the certificate in the runner server by running ” sudo update-ca-certificates “
$ az vm image list --all -f GitHub-Enterprise | grep '"urn":' | sort -V
#Standard E4s v3 (4 vcpus, 32 GiB memory)
$ az vm create -n myghesvr -g My-01-RG --size Standard_E4ds_v4 -l southeastasia --image GitHub:GitHub-Enterprise:GitHub-Enterprise:3.3.3 --storage-sku StandardSSD_LRS
$ az vm disk attach --name ghevm-data-01 --new --resource-group My-01-RG --size-gb 100 --sku Standard_LRS --vm-name myghesvr  
$ az vm open-port -n myghesvr  -g My-01-RG --port 8443
$ az vm open-port -n myghesvr -g My-01-RG --port 122 --priority 903
$ az vm open-port -n myghesvr -g My-01-RG --port 443 --priority 904
$ az vm open-port -n myghesvr -g My-01-RG --port 80 --priority 905

Screenshot: Local machine:

$ scp -P 122 .
$ scp ssl.crt

Screenshot: Runner machine:

azuser@myghesvr:~$ openssl x509 -noout -text -in /etc/haproxy/ssl.crt
azuser@gherne4:~$ sudo cp ghe7-ssl.crt /usr/local/share/ca-certificates/
azuser@gherne4:~$ ls -l /usr/local/share/ca-certificates
total 4
-rw-r--r-- 1 root root 1618 Feb 13 09:35 ghe7-ssl.crt
azuser@gherne4:~$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…

Sample YAML file: m18h/sample-actions-ghe7-self-signed.yaml at master · fujute/m18h (

Alternative: Disabling TLS certificate verification

./ --url --token

See Also:

* Troubleshooting GitHub Actions for your enterprise – GitHub Docs
* Monitoring and troubleshooting self-hosted runners
* Troubleshooting GitHub Actions for your enterprise