How to Purge Azure CDN Cache from GitHub Actions

If you use Azure CDN to deliver content from your GitHub repository, you might want to purge your CDN cache whenever you make changes to your files. Purging the cache ensures that your users get the latest version of your content, without waiting for the cache expiration time. In this article, I will show you how to purge Azure CDN cache from GitHub Actions using a simple workflow.

Intro

You may think that CDN stands for “Cool Dudes Network”, but actually it means “Content Delivery Network”. A CDN is a system of servers that delivers your website’s content to users around the world faster and more efficiently. Sounds great, right? Well, it is, until you need to update your content. That’s when you need to purge your CDN endpoints.

Purging CDN endpoints means telling the CDN servers to delete their cached copies of your content and fetch the latest version from your origin server. This way, you can ensure that your users see the most up-to-date content on your website. If you don’t purge your CDN endpoints, you may end up with stale or outdated content on your website, which can cause confusion, frustration or even legal issues for you and your users.

For example, imagine that you run a news website and you publish an article about a celebrity scandal. The article goes viral and thousands of users access it through the CDN servers. However, after a few hours, you realize that some of the information in the article was incorrect or misleading. You quickly edit the article and update it on your origin server. But guess what? The CDN servers still have the old version of the article cached and they keep serving it to your users. Now you have a bunch of angry readers who accuse you of spreading fake news or defamation. Not cool!

That’s why purging CDN endpoints is required whenever you make changes to your content. It may take some time for the purge to propagate across all the CDN servers, but it’s worth it in the long run. Purging CDN endpoints ensures that your website always delivers fresh and accurate content to your users.

Purge Locally

To purge CDN from Azure CLI in the terminal of your dev machine, you would perform the following command:

az cdn endpoint purge --content-paths /* --resource-group <resource_group_name> --profile-name <profile_name> --<endpoint_name>

In my case thinks look like this:

and the command is:

az cdn endpoint purge --content-paths /* --resource-group isoline --profile-name first --name pweb

I’m assuming here you want to purge all the content (/*). It takes a bit of time to execute (watch your GHA credits!) but eventually succeeds:

> az cdn endpoint purge --content-paths /* --resource-group isoline --profile-name first --name pweb
/ Running ..
 

Now we just need to automate it from GitHub Actions.

One way to do that is to use the [Azure/cli action](Azure/cli action) which provides a framework and guidelines to author and use Azure Actions to automate your GitHub workflows. You can create a workflow file in your repository that builds, tests, packages, releases and deploys your static site to Azure Storage and Azure CDN using GitHub Actions. Here is a sample workflow that executes abovementioned command:

name: Publish

on:
  push:
    branches: [ master ]

jobs:
  publish:

    runs-on: ubuntu-latest

    steps:

    - name: Purge CDN cache
      uses: azure/CLI@v1
      with:
        inlineScript: |
          az cdn endpoint purge --content-paths /* --resource-group isoline --profile-name first --name pweb          

Unfortunately, when running this, it won’t work, because az is not authenticated. This means that the Azure CLI does not have access to your subscription or resources. To fix this, normally you run az login and follow the instructions to sign in with your account. But in GitHub Actions this is not going to work.

Fortunately, you can use [Azure/login action](Azure/login action) that does just that - logs in GitHub action to your Azure subscription. Azure/login action is compatible with Azure CLI and Azure PowerShell scripts, and supports different Azure environments such as public cloud, government cloud, and Azure Stack. You can also log in to Azure tenants without any subscriptions if you need to. With Azure/login action, you can focus on writing awesome code and let GitHub Actions handle the rest.

Logging In

The first step is to create a service principal in Azure that has permission to manage CDN endpoints. A service principal is an identity that can be used by applications or tools to access Azure resources. You can create a service principal using the Azure CLI with this command:

az ad sp create-for-rbac -n "<name_of_service_principal>" --role "CDN Endpoint Contributor" --sdk-auth --scopes /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>

This command will output a JSON object with some credentials, such as clientId, clientSecret, subscriptionId and tenantId. You need to copy the entire JSON output to use later.

The next step is to add this as a secret to your GitHub repository that will store these credentials. Secrets are encrypted environment variables that can be used by GitHub Actions workflows. To add secrets, go to the Settings tab of your repository and click on Secrets in the left menu. Then click on New repository secret and add the following secret:

• AZURE_CREDENTIALS: paste the JSON object from the previous step.

Executing

Our working workflow will now look like this:

name: Publish

on:
  push:
    branches: [ master ]

jobs:
  publish:

    runs-on: ubuntu-latest

    steps:
    - name: Login to Azure
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    - name: Purge CDN cache
      uses: azure/CLI@v1
      with:
        inlineScript: |
          az cdn endpoint purge --content-paths /* --resource-group isoline --profile-name first --name pweb          

This workflow file has two steps:

• The first step uses an action from azure/login@v1 to login to Azure using the credentials stored in AZURE_CREDENTIALS secret.
• The second step uses az cdn endpoint purge command from Azure CLI to purge all content paths from the specified CDN endpoint.

You can customize this workflow file according to your needs, such as adding filters for branches or paths, or specifying different content paths for purging.

That’s it! Now you have a simple way to purge Azure CDN cache from GitHub Actions whenever you update your content. I hope you found this article helpful and feel free to leave any comments or questions below.