Skip to content

Automate your CI/CD workflow using CLI for Microsoft 365 GitHub Actions

GitHub Actions help you automate your software development workflows in the same place you store code and collaborate on pull requests and issues. You can write individual tasks, called actions, and combine them to create a custom workflow.

Actions

We have built and published actions to the GitHub Marketplace that will enable you to easily install and execute CLI for Microsoft 365 commands from within your own custom workflows.

CLI for Microsoft 365 Login

This action performs two roles, firstly it installs the CLI for Microsoft 365 into your build host agent and secondly, it creates a connection to your Microsoft 365 tenant which can then be used by other actions.

Important

This action is required to be executed in a step before any other CLI for Microsoft 365 actions

CLI for Microsoft 365 Deploy App

This action simplifies the installation and deployment of a SharePoint Framework app to either a tenant level or site collection level app catalog.

Microsoft 365 Run Script

This action provides the ability to execute an inline script or script file using either bash or PowerShell as the executing shell.

Tutorial

Creating a basic workflow which authenticates with an Microsoft 365 tenant

We are going to assume that you have a GitHub repository already created, which you are also the owner of.

Create secrets

When connecting to any system or service, we need to make sure that the account details used to connect are kept in a safe and secure way. GitHub provides a way of storing these credentials in encrypted form in your repository, which can then be reused in your custom workflows.

First you will need to need to navigate, in your browser, to your repository on GitHub.com and go to the Settings tab, from here choose the Secrets item on the left hand menu.

Using the Add new secret link, enter the ADMIN_USERNAME into the Name field and the username of the account that you are to use to connect to your Microsoft 365 tenant with, e.g. user@tenant.onmicrosoft.com. Note: This account should not be protected with multi factor authentication

Repeat the above step to also store the account password which should be named ADMIN_PASSWORD.

Setup workflow

Now that we have secured the account credentials, we can start to create the workflow.

Select Actions tab and you will be presented with the Get started with GitHub Actions page. This will display a selection of templates to start your workflow from, however, for the purpose of this tutorial we will create a new workflow from scratch.

To do that, click the Setup a workflow yourself button which is placed on the far right of the page.

Update the build definition file

You will be presented with a screen displaying a file editor which has the below yaml. The YAML file represents a custom workflow and is sometimes referred to as Build Definition as Code.

name: CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v1
    - name: Run a one-line script
      run: echo Hello, world!
    - name: Run a multi-line script
      run: |
        echo Add other actions to build,
        echo test, and deploy your project.

The above configuration defines a simple workflow named CI that is triggered on the push of new code to the repository, it contains a single build that is executed on an ubuntu hosted agent and has multiple steps that, execute a single line script and multi line script, both printing text to the logs.

We will update the initial configuration as shown below, replacing the existing steps with the CLI for Microsoft 365 Login action instead.

name: CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:

    - name: Login to tenant
      uses: pnp/action-cli-login@v1.0.0
      with:
        ADMIN_USERNAME:  ${{ secrets.ADMIN_USERNAME }}
        ADMIN_PASSWORD:  ${{ secrets.ADMIN_PASSWORD }}

The uses property tells the build agent to use the CLI for Microsoft 365 GitHub Action for the step, this will automatically become available when the workflow is triggered, no installation is required.

The action accepts an admin username and password, which are used to authenticate with your Microsoft 365 tenant, these credentials are provided by an environment variable called secrets which contains properties exposing the secured credentials that we saved earlier.

Lastly, we need to commit the main.yaml file to the repository, click the Start Commit button and click Commit new file. You may want enter a custom commit message at this point, however the default will be fine for this tutorial.

Confirm the build has completed successfully

As we setup the workflow to be triggered on the push of new code to the repository, the CI workflow is automatically run when we initially created the workflow in the repository.

Select the Actions tab, this time you will be presented with a table that displays the CI run either in progress or completed, click on the run called CI in the table to view the workflow output logs.

You will see that all steps have a green tick, expanding the Login tenant step will display further detail generated from the CLI for Microsoft 365 Login action, with the last log confirming that the login was successful.

Congratulations! You have just setup your first custom workflow in a GitHub repository and successfully logged into Microsoft 365 using the Microsoft 365 Login action.

CI Successful build

How-To Guides

These guides presuppose some familiarity with using GitHub Actions and CLI for Microsoft 365.

Deploy an app using the CLI for Microsoft 365 Deploy App action

Create a .yaml file within the .github/workflow folder with the below build definition to deploy an app to a tenant level app catalog.

name: SPFx CI/CD with O365 CLI

on: [push]

jobs:
  build:
    ##
    ## Build code omitted
    ##

  deploy:
    needs: build
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [10.x]

    steps:

    ##
    ## Code to get the package omitted
    ##

    - name: Login to tenant
      uses: pnp/action-cli-login@v1.0.0
      with:
        ADMIN_USERNAME:  ${{ secrets.ADMIN_USERNAME }}
        ADMIN_PASSWORD:  ${{ secrets.ADMIN_PASSWORD }}

    - name: Deploy app to tenant app catalog
      id: o365clideploy
      uses: pnp/action-cli-deploy@v1.0.0
      with:
        APP_FILE_PATH: sharepoint/solution/spfx-m365-cli-action.sppkg
        SKIP_FEATURE_DEPLOYMENT: true
        OVERWRITE: true

    - name: Get the id of the app deployed
      run: echo "The id of the app deployed is ${{ steps.o365clideploy.outputs.APP_ID }}"

Alternatively, you can deploy the app to a site collection based app catalog by using the below step in replacement of the Deploy app to tenant app catalog step.

- name: Deploy app to a site collection app catalog
  id: o365clideploy
  uses: pnp/action-cli-deploy@v1.0.0
  with:
    APP_FILE_PATH: sharepoint/solution/spfx-m365-cli-action.sppkg
    SCOPE: sitecollection
    SITE_COLLECTION_URL: https://contoso.sharepoint.com/sites/teamsite

Execute an inline script using the CLI for Microsoft 365 Run Script action

Add this step to a .yaml build file contained within the .github/workflows folder to send an email from SharePoint to a user by executing the spo mail send command as an inline script.

- name: Send email
      uses: pnp/action-cli-runscript@v1.0.0
      with:
        O365_CLI_SCRIPT: m365 spo mail send --webUrl https://contoso.sharepoint.com/sites/teamsite --to 'user@contoso.onmicrosoft.com' --subject 'Deployment done' --body '<h2>CLI for Microsoft 365</h2> <p>The deployment is complete.</p> <br/> Email sent via CLI for Microsoft 365 GitHub Action.'

Execute a script file using the CLI for Microsoft 365 Run Script action

Add the respective script file to your repository and this step to a .yaml build file contained within the .github/workflows folder to create lists by executing the commands contained within the script file.

- name: Create lists
      uses: pnp/action-cli-runscript@v1.0.0
      with:
        O365_CLI_SCRIPT_PATH: ./script/lists.ps1 

Reference

CLI for Microsoft 365 Login

View on GitHub Marketplace

Inputs

Name Description
ADMIN_USERNAME The username of the account used to login Required
ADMIN_PASSWORD The password of the account used to login Required

Microsoft 365 Deploy App

View on GitHub Marketplace

Inputs

Name Description
APP_FILE_PATH Relative path of the app in your repo Required
SCOPE Scope of the app catalog: tenant,sitecollection. Default is tenant Optional
SITE_COLLECTION_URL The URL of the site collection where the solution package will be added Required if scope is set to sitecollection
SKIP_FEATURE_DEPLOYMENT true,false If the app supports tenant-wide deployment, deploy it to the whole tenant. Default is false Optional
OVERWRITE true,false Set to overwrite the existing package file. Default is false Optional

Output

The APP_ID of the app that has been deployed.

Microsoft 365 Run Script

View on GitHub Marketplace

Inputs

Name Description
O365_CLI_SCRIPT_PATH Relative path to the script Required
O365_CLI_SCRIPT The script to run Required
IS_POWERSHELL Used only with O365_CLI_SCRIPT. If true, O365_CLI_SCRIPT will be passed as a PowerShell script, otherwise the assumption is bash script. Default is false Optional

Attention

One of O365_CLI_SCRIPT_PATH / O365_CLI_SCRIPT is mandatory, in case both are defined O365_CLI_SCRIPT_PATH gets preference.

Contributions and Issues

Due to the requirement that a GitHub action must be located within its own repository, these actions are not managed within the main CLI for Microsoft 365 repository.

If you have any ideas or issues regarding any of the actions, please raise them within the issue list of their respective repositories.