| title | description | ms.topic | ms.date | ms.reviewer | ms.custom |
|---|---|---|---|---|---|
Configure CI/CD with GitHub Actions |
Learn how to deploy your code to Azure App Service from a CI/CD pipeline with GitHub Actions. Customize the build tasks and execute complex deployments. |
article |
12/14/2021 |
ushan |
github-actions-azure, devx-track-azurecli |
Get started with GitHub Actions to automate your workflow and deploy to Azure App Service from GitHub.
- An Azure account with an active subscription. Create an account for free.
- A GitHub account. If you don't have one, sign up for free.
- A working Azure App Service app.
A workflow is defined by a YAML (.yml) file in the /.github/workflows/ path in your repository. This definition contains the various steps and parameters that make up the workflow.
The file has three sections:
| Section | Tasks |
|---|---|
| Authentication | 1. Define a service principal or publish profile. 2. Create a GitHub secret. |
| Build | 1. Set up the environment. 2. Build the web app. |
| Deploy | 1. Deploy the web app. |
You can quickly get started with GitHub Actions by using the App Service Deployment Center. This will automatically generate a workflow file based on your application stack and commit it to your GitHub repository in the correct directory.
- Navigate to your webapp in the Azure portal
- On the left side, click Deployment Center
- Under Continuous Deployment (CI / CD), select GitHub
- Next, select GitHub Actions
- Use the dropdowns to select your GitHub repository, branch, and application stack
- If the selected branch is protected, you can still continue to add the workflow file. Be sure to review your branch protections before continuing.
- On the final screen, you can review your selections and preview the workflow file that will be committed to the repository. If the selections are correct, click Finish
This will commit the workflow file to the repository. The workflow to build and deploy your app will start immediately.
You can also deploy a workflow without using the Deployment Center. To do so, you will need to first generate deployment credentials.
The recommended way to authenticate with Azure App Services for GitHub Actions is with a publish profile. You can also authenticate with a service principal or Open ID Connect but the process requires more steps.
Save your publish profile credential or service principal as a GitHub secret to authenticate with Azure. You'll access the secret within your workflow.
A publish profile is an app-level credential. Set up your publish profile as a GitHub secret.
-
Go to your app service in the Azure portal.
-
On the Overview page, select Get Publish profile.
-
Save the downloaded file. You'll use the contents of the file to create a GitHub secret.
Note
As of October 2020, Linux web apps will need the app setting WEBSITE_WEBDEPLOY_USE_SCM set to true before downloading the publish profile. This requirement will be removed in the future.
You can create a service principal with the az ad sp create-for-rbac command in the Azure CLI. Run this command with Azure Cloud Shell in the Azure portal or by selecting the Try it button.
az ad sp create-for-rbac --name "myApp" --role contributor \
--scopes /subscriptions/<subscription-id>/resourceGroups/<group-name>/providers/Microsoft.Web/sites/<app-name> \
--sdk-auth
In the example above, replace the placeholders with your subscription ID, resource group name, and app name. The output is a JSON object with the role assignment credentials that provide access to your App Service app similar to below. Copy this JSON object for later.
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)
}
Important
It is always a good practice to grant minimum access. The scope in the previous example is limited to the specific App Service app and not the entire resource group.
OpenID Connect is an authentication method that uses short-lived tokens. Setting up OpenID Connect with GitHub Actions is more complex process that offers hardened security.
-
If you do not have an existing application, register a new Active Directory application and service principal that can access resources. Create the Active Directory application.
az ad app create --display-name myAppThis command will output JSON with an
appIdthat is yourclient-id. Save the value to use as theAZURE_CLIENT_IDGitHub secret later.You'll use the
objectIdvalue when creating federated credentials with Graph API and reference it as theAPPLICATION-OBJECT-ID. -
Create a service principal. Replace the
$appIDwith the appId from your JSON output.This command generates JSON output with a different
objectIdand will be used in the next step. The newobjectIdis theassignee-object-id.Copy the
appOwnerTenantIdto use as a GitHub secret forAZURE_TENANT_IDlater.az ad sp create --id $appId -
Create a new role assignment by subscription and object. By default, the role assignment will be tied to your default subscription. Replace
$subscriptionIdwith your subscription ID,$resourceGroupNamewith your resource group name, and$assigneeObjectIdwith the generatedassignee-object-id. Learn how to manage Azure subscriptions with the Azure CLI.az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id $assigneeObjectId --scope /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/ --assignee-principal-type ServicePrincipal -
Run the following command to create a new federated identity credential for your active directory application.
- Replace
APPLICATION-OBJECT-IDwith the objectId (generated while creating app) for your Active Directory application. - Set a value for
CREDENTIAL-NAMEto reference later. - Set the
subject. The value of this is defined by GitHub depending on your workflow:- Jobs in your GitHub Actions environment:
repo:< Organization/Repository >:environment:< Name > - For Jobs not tied to an environment, include the ref path for branch/tag based on the ref path used for triggering the workflow:
repo:< Organization/Repository >:ref:< ref path>. For example,repo:n-username/ node_express:ref:refs/heads/my-branchorrepo:n-username/ node_express:ref:refs/tags/my-tag. - For workflows triggered by a pull request event:
repo:< Organization/Repository >:pull_request.
- Jobs in your GitHub Actions environment:
az ad app federated-credential create --id <APPLICATION-OBJECT-ID> --parameters credential.json ("credential.json" contains the following content) { "name": "<CREDENTIAL-NAME>", "issuer": "https://token.actions.githubusercontent.com/", "subject": "repo:organization/repository:ref:refs/heads/main", "description": "Testing", "audiences": [ "api://AzureADTokenExchange" ] } - Replace
To learn how to create a Create an active directory application, service principal, and federated credentials in Azure portal, see Connect GitHub and Azure.
In GitHub, browse your repository. Select Settings > Security > Secrets and variables > Actions > New repository secret.
To use app-level credentials, paste the contents of the downloaded publish profile file into the secret's value field. Name the secret AZURE_WEBAPP_PUBLISH_PROFILE.
When you configure your GitHub workflow, you use the AZURE_WEBAPP_PUBLISH_PROFILE in the deploy Azure Web App action. For example:
- uses: azure/webapps-deploy@v2
with:
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}In GitHub, browse your repository. Select Settings > Security > Secrets and variables > Actions > New repository secret.
To use user-level credentials, paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret the name AZURE_CREDENTIALS.
When you configure the workflow file later, you use the secret for the input creds of the Azure Login action. For example:
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}You need to provide your application's Client ID, Tenant ID and Subscription ID to the login action. These values can either be provided directly in the workflow or can be stored in GitHub secrets and referenced in your workflow. Saving the values as GitHub secrets is the more secure option.
-
Open your GitHub repository and go to Settings > Security > Secrets and variables > Actions > New repository secret.
-
Create secrets for
AZURE_CLIENT_ID,AZURE_TENANT_ID, andAZURE_SUBSCRIPTION_ID. Use these values from your Active Directory application for your GitHub secrets:GitHub Secret Active Directory Application AZURE_CLIENT_ID Application (client) ID AZURE_TENANT_ID Directory (tenant) ID AZURE_SUBSCRIPTION_ID Subscription ID -
Save each secret by selecting Add secret.
Setting up the environment can be done using one of the setup actions.
| Language | Setup Action |
|---|---|
| .NET | actions/setup-dotnet |
| ASP.NET | actions/setup-dotnet |
| Java | actions/setup-java |
| JavaScript | actions/setup-node |
| Python | actions/setup-python |
The following examples show how to set up the environment for the different supported languages:
.NET
- name: Setup Dotnet 3.3.x
uses: actions/setup-dotnet@v1
with:
dotnet-version: '3.3.x'ASP.NET
- name: Install Nuget
uses: nuget/setup-nuget@v1
with:
nuget-version: ${{ env.NUGET_VERSION}}Java
- name: Setup Java 1.8.x
uses: actions/setup-java@v1
with:
# If your pom.xml <maven.compiler.source> version is not in 1.8.x,
# change the Java version to match the version in pom.xml <maven.compiler.source>
java-version: '1.8.x'JavaScript
env:
NODE_VERSION: '14.x' # set this to the node version to use
jobs:
build-and-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@main
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v1
with:
node-version: ${{ env.NODE_VERSION }}Python
- name: Setup Python 3.x
uses: actions/setup-python@v1
with:
python-version: 3.xThe process of building a web app and deploying to Azure App Service changes depending on the language.
The following examples show the part of the workflow that builds the web app, in different supported languages.
For all languages, you can set the web app root directory with working-directory.
.NET
The environment variable AZURE_WEBAPP_PACKAGE_PATH sets the path to your web app project.
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp' ASP.NET
You can restore NuGet dependencies and run msbuild with run.
- name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file
run: nuget restore
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v1.0.2
- name: Run msbuild
run: msbuild .\SampleWebApplication.slnJava
- name: Build with Maven
run: mvn package --file pom.xmlJavaScript
For Node.js, you can set working-directory or change for npm directory in pushd.
- name: npm install, build, and test
run: |
npm install
npm run build --if-present
npm run test --if-present
working-directory: my-app-folder # set to the folder with your app if it is not the root directoryPython
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txtTo deploy your code to an App Service app, use the azure/webapps-deploy@v2 action. This action has four parameters:
| Parameter | Explanation |
|---|---|
| app-name | (Required) Name of the App Service app |
| publish-profile | (Optional) Publish profile file contents with Web Deploy secrets |
| package | (Optional) Path to package or folder. The path can include *.zip, *.war, *.jar, or a folder to deploy |
| slot-name | (Optional) Enter an existing slot other than the production slot |
Build and deploy a .NET Core app to Azure using an Azure publish profile. The publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
name: .NET Core CI
on: [push]
env:
AZURE_WEBAPP_NAME: my-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '3.1.x' # set this to the dot net version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout the repo
- uses: actions/checkout@main
# Setup .NET Core SDK
- name: Setup .NET Core
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
# Run dotnet build and publish
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # Define secret variable in repository settings as per action documentation
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'Build and deploy an ASP.NET MVC app that uses NuGet and publish-profile for authentication.
name: Deploy ASP.NET MVC App deploy to Azure Web App
on: [push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NUGET_VERSION: '5.3.x' # set this to the dot net version to use
jobs:
build-and-deploy:
runs-on: windows-latest
steps:
- uses: actions/checkout@main
- name: Install Nuget
uses: nuget/setup-nuget@v1
with:
nuget-version: ${{ env.NUGET_VERSION}}
- name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file
run: nuget restore
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v1.0.2
- name: Run MSBuild
run: msbuild .\SampleWebApplication.sln
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # Define secret variable in repository settings as per action documentation
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'Build and deploy a Java Spring app to Azure using an Azure publish profile. The publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
name: Java CI with Maven
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build with Maven
run: mvn -B package --file pom.xml
working-directory: my-app-path
- name: Azure WebApp
uses: Azure/webapps-deploy@v2
with:
app-name: my-app-name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: my/target/*.jarTo deploy a war instead of a jar, change the package value.
- name: Azure WebApp
uses: Azure/webapps-deploy@v2
with:
app-name: my-app-name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: my/target/*.warBuild and deploy a Node.js app to Azure using the app's publish profile. The publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
# File: .github/workflows/workflow.yml
name: JavaScript CI
on: [push]
env:
AZURE_WEBAPP_NAME: my-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: 'my-app-path' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '14.x' # set this to the node version to use
jobs:
build-and-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@main
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v1
with:
node-version: ${{ env.NODE_VERSION }}
- name: npm install, build, and test
run: |
# Build and test the project, then
# deploy to Azure Web App.
npm install
npm run build --if-present
npm run test --if-present
working-directory: my-app-path
- name: 'Deploy to Azure WebApp'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}Build and deploy a Python app to Azure using the app's publish profile. Note how the publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
name: Python CI
on:
[push]
env:
AZURE_WEBAPP_NAME: my-web-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.x
uses: actions/setup-python@v2
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Building web app
uses: azure/appservice-build@v2
- name: Deploy web App using GH Action azure/webapps-deploy
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}Build and deploy a .NET Core app to Azure using an Azure service principal. Note how the creds input references the AZURE_CREDENTIALS secret that you created earlier.
name: .NET Core
on: [push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '3.1.x' # set this to the dot net version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Setup .NET Core SDK
- name: Setup .NET Core
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
# Run dotnet build and publish
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name: 'Run Azure webapp deploy action using Azure Credentials'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
- name: logout
run: |
az logoutBuild and deploy a ASP.NET MVC app to Azure using an Azure service principal. Note how the creds input references the AZURE_CREDENTIALS secret that you created earlier.
name: Deploy ASP.NET MVC App deploy to Azure Web App
on: [push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NUGET_VERSION: '5.3.x' # set this to the dot net version to use
jobs:
build-and-deploy:
runs-on: windows-latest
steps:
# checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Install Nuget
uses: nuget/setup-nuget@v1
with:
nuget-version: ${{ env.NUGET_VERSION}}
- name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file
run: nuget restore
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v1.0.2
- name: Run MSBuild
run: msbuild .\SampleWebApplication.sln
- name: 'Run Azure webapp deploy action using Azure Credentials'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'
# Azure logout
- name: logout
run: |
az logoutBuild and deploy a Java Spring app to Azure using an Azure service principal. Note how the creds input references the AZURE_CREDENTIALS secret that you created earlier.
name: Java CI with Maven
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build with Maven
run: mvn -B package --file pom.xml
working-directory: complete
- name: Azure WebApp
uses: Azure/webapps-deploy@v2
with:
app-name: my-app-name
package: my/target/*.jar
# Azure logout
- name: logout
run: |
az logoutBuild and deploy a Node.js app to Azure using an Azure service principal. Note how the creds input references the AZURE_CREDENTIALS secret that you created earlier.
name: JavaScript CI
on: [push]
name: Node.js
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: 'my-app-path' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '14.x' # set this to the node version to use
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout GitHub Action'
uses: actions/checkout@main
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Setup Node ${{ env.NODE_VERSION }}
uses: actions/setup-node@v1
with:
node-version: ${{ env.NODE_VERSION }}
- name: 'npm install, build, and test'
run: |
npm install
npm run build --if-present
npm run test --if-present
working-directory: my-app-path
# deploy web app using Azure credentials
- uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
# Azure logout
- name: logout
run: |
az logoutBuild and deploy a Python app to Azure using an Azure service principal. Note how the creds input references the AZURE_CREDENTIALS secret that you created earlier.
name: Python application
on:
[push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set up Python 3.x
uses: actions/setup-python@v2
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Deploy web App using GH Action azure/webapps-deploy
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
- name: logout
run: |
az logoutBuild and deploy a .NET Core app to Azure using an Azure service principal. The example uses GitHub secrets for the client-id, tenant-id, and subscription-id values. You can also pass these values directly in the login action.
name: .NET Core
on: [push]
permissions:
id-token: write
contents: read
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '3.1.x' # set this to the dot net version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Setup .NET Core SDK
- name: Setup .NET Core
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
# Run dotnet build and publish
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
- name: logout
run: |
az logoutBuild and deploy a ASP.NET MVC app to Azure using an Azure service principal. The example uses GitHub secrets for the client-id, tenant-id, and subscription-id values. You can also pass these values directly in the login action.
name: Deploy ASP.NET MVC App deploy to Azure Web App
on: [push]
permissions:
id-token: write
contents: read
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NUGET_VERSION: '5.3.x' # set this to the dot net version to use
jobs:
build-and-deploy:
runs-on: windows-latest
steps:
# checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Install Nuget
uses: nuget/setup-nuget@v1
with:
nuget-version: ${{ env.NUGET_VERSION}}
- name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file
run: nuget restore
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v1.0.2
- name: Run MSBuild
run: msbuild .\SampleWebApplication.sln
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'
# Azure logout
- name: logout
run: |
az logoutBuild and deploy a Java Spring app to Azure using an Azure service principal. The example uses GitHub secrets for the client-id, tenant-id, and subscription-id values. You can also pass these values directly in the login action.
name: Java CI with Maven
on: [push]
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build with Maven
run: mvn -B package --file pom.xml
working-directory: complete
- name: Azure WebApp
uses: Azure/webapps-deploy@v2
with:
app-name: my-app-name
package: my/target/*.jar
# Azure logout
- name: logout
run: |
az logoutBuild and deploy a Node.js app to Azure using an Azure service principal. The example uses GitHub secrets for the client-id, tenant-id, and subscription-id values. You can also pass these values directly in the login action.
name: JavaScript CI
on: [push]
permissions:
id-token: write
contents: read
name: Node.js
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: 'my-app-path' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '14.x' # set this to the node version to use
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout GitHub Action'
uses: actions/checkout@main
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Setup Node ${{ env.NODE_VERSION }}
uses: actions/setup-node@v1
with:
node-version: ${{ env.NODE_VERSION }}
- name: 'npm install, build, and test'
run: |
npm install
npm run build --if-present
npm run test --if-present
working-directory: my-app-path
# deploy web app using Azure credentials
- uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
# Azure logout
- name: logout
run: |
az logoutBuild and deploy a Python app to Azure using an Azure service principal. The example uses GitHub secrets for the client-id, tenant-id, and subscription-id values. You can also pass these values directly in the login action.
name: Python application
on:
[push]
permissions:
id-token: write
contents: read
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Set up Python 3.x
uses: actions/setup-python@v2
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Deploy web App using GH Action azure/webapps-deploy
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
- name: logout
run: |
az logoutYou can find our set of Actions grouped into different repositories on GitHub, each one containing documentation and examples to help you use GitHub for CI/CD and deploy your apps to Azure.