With the Azure App Service Actions for GitHub, you can automate your workflow to deploy Azure Web Apps or Azure Web Apps for Containers using GitHub Actions.
Get started today with a free Azure account!
This repository contains GitHub Action for Azure WebApp to deploy to an Azure WebApp (Windows or Linux). Supports deploying *.jar, *.war, *.zip or a folder.
You can also use this Github Action to deploy your customized image into an Azure Webapps container.
For deploying container images to Kubernetes, consider using Kubernetes deploy action. This action requires that the cluster context be set earlier in the workflow by using either the Azure/aks-set-context action or the Azure/k8s-set-context action.
The definition of this Github Action is in action.yml.
- Checkout Checkout your Git repository content into Github Actions agent.
- Authenticate using Azure Web App Publish Profile or using Azure Login. Action supports publish profile for Azure Web Apps (both Windows and Linux) and Azure Web Apps for Containers (Linux only). Action does not support multi-container scenario with publish profile.
- To build app code in a specific language based environment, use setup actions
- Setup DotNet Sets up a dotnet environment by optionally downloading and caching a version of dotnet by SDK version and adding to PATH .
- Setup Node sets up a node environment by optionally downloading and caching a version of node - npm by version spec and add to PATH
- Setup Python sets up Python environment by optionally installing a version of python and adding to PATH.
- Setup Java sets up Java app environment optionally downloading and caching a version of java by version and adding to PATH. Downloads from Azul's Zulu distribution.
- To build and deploy a containerized app, use docker-login to log in to a private container registry such as Azure Container registry. Once login is done, the next set of Actions in the workflow can perform tasks such as building, tagging and pushing containers.
Note: Workflow samples with sample application code and deployment procedure for various runtime environments are given at (https://github.com/Azure/actions-workflow-samples/tree/master/AppService). For Eg: If You want to deploy a Java WAR based app, You can follow the link https://github.com/Azure-Samples/Java-application-petstore-ee7 in the sample workflow templates.
- Create a web app in Azure using app service. Follow the tutorial Azure Web Apps Quickstart.
- Pick a template from the following table depends on your Azure web app runtime and place the template to
.github/workflows/in your project repository. - Change
app-nameto your Web app name created in the first step. - Commit and push your project to GitHub repository, you should see a new GitHub Action initiated in Actions tab.
| Runtime | Template |
|---|---|
| DotNet | dotnet.yml |
| Node | node.yml |
| Java | java_jar.yml |
| Java | java_war.yml |
| Python | python.yml |
| DOCKER | docker.yml |
# File: .github/workflows/workflow.yml
on: push
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout Github Action'
uses: actions/checkout@master
- name: Setup Node 10.x
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: 'npm install, build, and test'
run: |
npm install
npm run build --if-present
npm run test --if-present
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v2
with:
app-name: node-rn
publish-profile: ${{ secrets.azureWebAppPublishProfile }}
on: [push]
name: Linux_Container_Node_Workflow
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout Github Action'
uses: actions/checkout@master
- uses: azure/docker-login@v1
with:
login-server: contoso.azurecr.io
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: |
docker build . -t contoso.azurecr.io/nodejssampleapp:${{ github.sha }}
docker push contoso.azurecr.io/nodejssampleapp:${{ github.sha }}
- uses: azure/webapps-deploy@v2
with:
app-name: 'node-rnc'
publish-profile: ${{ secrets.azureWebAppPublishProfile }}
images: 'contoso.azurecr.io/nodejssampleapp:${{ github.sha }}'
For any credentials like Azure Service Principal, Publish Profile etc add them as secrets in the GitHub repository and then use them in the workflow.
The above example uses app-level credentials i.e., publish profile file for deployment.
Follow the steps to configure the secret:
- Download the publish profile for the WebApp from the portal (Get Publish profile option)
- Define a new secret under your repository settings, Add secret menu
- Paste the contents for the downloaded publish profile file into the secret's value field
- Now in the workflow file in your branch:
.github/workflows/workflow.ymlreplace the secret for the inputpublish-profile:of the deploy Azure WebApp action (Refer to the example above)
Sample workflow to build and deploy a Node.js app to Containerized WebApp using Azure service principal
- Azure Login Login with your Azure credentials for Web app deployment authentication. Once login is done, the next set of Azure actions in the workflow can re-use the same session within the job.
on: [push]
name: Linux_Container_Node_Workflow
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout Github Action'
uses: actions/checkout@master
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: azure/docker-login@v1
with:
login-server: contoso.azurecr.io
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: |
docker build . -t contoso.azurecr.io/nodejssampleapp:${{ github.sha }}
docker push contoso.azurecr.io/nodejssampleapp:${{ github.sha }}
- uses: azure/webapps-deploy@v2
with:
app-name: 'node-rnc'
images: 'contoso.azurecr.io/nodejssampleapp:${{ github.sha }}'
For any credentials like Azure Service Principal, Publish Profile etc add them as secrets in the GitHub repository and then use them in the workflow.
The above example uses user-level credentials i.e., Azure Service Principal for deployment.
- You should have installed Azure cli on your local machine to run the command or use the cloudshell in the Azure portal. To install Azure cli, follow Install Azure Cli. To use cloudshell, follow CloudShell Quickstart.
Follow the steps to configure the secret:
- Define a new secret under your repository settings, Add secret menu
- Run the below Azure cli command.
az ad sp create-for-rbac --name "myApp" --role contributor \
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
--sdk-auth
# Replace {subscription-id}, {resource-group} with the subscription, resource group details of the WebApp
# The command should output a JSON object similar to this:
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)
}
- Paste the contents of the above az cli command as the value of secret variable, for example 'AZURE_CREDENTIALS'
- You can further scope down the Azure Credentials to the Web App using scope attribute. For example,
az ad sp create-for-rbac --name "myApp" --role contributor \
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Web/sites/{app-name} \
--sdk-auth
# Replace {subscription-id}, {resource-group}, and {app-name} with the names of your subscription, resource group, and Azure Web App.
- Now in the workflow file in your branch:
.github/workflows/workflow.ymlreplace the secret in Azure login action with your secret (Refer to the example above)
This sample assumes the node-rnc web application has been previously configured to authenticate against the private registry. If you wish to set private registry authentication settings on the workflow, you can either use:
-
The command az webapp config container to configure the registry url, username and password.
-
Setup the authentication settings using azure/appservice-settings action, like this for example
- name: Set Web App ACR authentication
uses: Azure/appservice-settings@v1
with:
app-settings-json: |
[
{
"name": "DOCKER_REGISTRY_SERVER_PASSWORD",
"value": "${{ secrets.REGISTRY_PASSWORD }}",
"slotSetting": false
},
{
"name": "DOCKER_REGISTRY_SERVER_URL",
"value": "https://contoso.azurecr.io",
"slotSetting": false
},
{
"name": "DOCKER_REGISTRY_SERVER_USERNAME",
"value": "${{ secrets.REGISTRY_USERNAME }}",
"slotSetting": false
}
]This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.