I have started to learn about pulumi and building a small hobby project. So far I only have a static web app for frontend and a web app for backend. But I have problem automating connecting my github account to my web app. When I do it in the portal in the deployment center, it just works. Because I get a workflow-file (.yml) with a client-id. But I don't understand how I should create the client-id myself. I tried both creating a app registration manually, but that one fails in when it tries to deploy withing the github actions pipeline. It first failed with:

does not have authorization to perform action 'Microsoft.Web/sites/publishxml/action' over scope ...

And when I added this one (and some more) to a custom role I instead got.

Package deployment using OneDeploy initiated. Error: Failed to deploy web package to App Service. Error: Deployment Failed, Error: Failed to deploy web package using OneDeploy to App Service.

Another thing I tried was instead to create a service-principal with pulumi, But then I get

Authorization_RequestDenied: When using this permission, the backing application of the service principal being created must be in the local tenant.

But I think that means I dont have the rights to create one, but not sure. I just thought it would be super simple to connect a github account to my web app, since it was so simple for the static web app. I have asked both ChatGPT, the pulumi ai, google it and youtube. So if anyone have a good tutorial they want to share, I would really appreciate it