azure / appservice-build Goto Github PK
View Code? Open in Web Editor NEWEnable GitHub developers to build Azure WebApps using GitHub Actions
License: MIT License
Enable GitHub developers to build Azure WebApps using GitHub Actions
License: MIT License
I would like to install a private repository when building a webapp. Right now we use a GITHUB ACCES TOKEN when deploying to a standard ubuntu server as following:
name: My App
on:
push:
branches:
- main
env:
AZURE_WEBAPP_NAME: my-app
AZURE_WEBAPP_PACKAGE_PATH: '.'
PYTHON_VERSION: '3.8' # supports 3.6, 3.7, 3.8)
jobs:
build-and-deploy-to-Azure:
runs-on: ubuntu-latest
steps:
- name: 'Checkout GitHub Action'
uses: actions/checkout@master
- name: Setup Python ${{ env.PYTHON_VERSION }} Environment
uses: actions/setup-python@v2
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: 'Install dependencies'
run: |
python -m pip install --upgrade pip
git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github
pip install -r requirements.txt
- name: 'Deploy to Azure WebApp'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
Notice the
git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github
And in our requirements.txt
we have:
git+https://github.com/orgname/reponame.git#egg=reponame
But obviously this will fail with appservice-build
because it has no access to our secrets.ACCESS_TOKEN
during runtime. Is there any way to get this working while deploying to Azure Web Apps through GH Actions?
Hello,
Is it possible to use this action with a non-public web apps(app services)?
we use an application with azure vnet integration,all 0.0.0.0 traffic redirect to virtual appliance/proxy.
we cannot complete this task using the ubuntu-latest runner, we have our own for internal connection
no matter what we do, this action does not work.
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
env:
HTTP_PROXY: 'http://xxx:9400'
HTTPS_PROXY: 'http://xxx:9400'
NO_PROXY: xxx
NODE_EXTRA_CA_CERTS: xxx
Doesn't help.
Thank you!
example of pipeline:
name: Deployment to Production
on:
workflow_dispatch:
env:
AZURE_WEBAPP_NAME: xxx-backend # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: 'backend' # set this to the path to your web app project, defaults to the repository root
PYTHON_VERSION: '3.10.8'
jobs:
build:
runs-on: private-runner
env:
HTTP_PROXY: 'http://xxx:9400'
HTTPS_PROXY: 'http://xxx:9400'
NO_PROXY: 127.0.0.1,localhost,,azurewebsites.net
NODE_EXTRA_CA_CERTS:xxx
environment: Production
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.x
uses: actions/setup-python@v2
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/requirements.txt
- name: Building web app
uses: azure/appservice-build@v3
with:
platform: python
platform-version: ${{ env.PYTHON_VERSION }} # Change this to the appropriate version
source-directory: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} # This is the source directory
- name: Deploy web App using GH Action azure/webapps-deploy
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.xxxx_PROD }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
The current entrypoint.sh file assumes that the repository is hosted on github.com and throws an error when run from Github Enterprise server:
appservice-build/entrypoint.sh
Line 70 in 9ec371c
https://api.github.com
needs to be replaced with ${GITHUB_API_URL}
as documented here. I will send a PR for this.
There is a critical github workflow initialization capability which exists for Azure static websites, that apparently does not exist for Azure App Services. According to the static website ARM grammar, the following path properties can be specified in the static website ARM template:
"repositoryToken": "string",
"repositoryUrl": "string",
"buildProperties": {
"appLocation": "string", //path within the repo, to the app that must be built.
"apiLocation": "string", //path to API code, if applicable.
"outputLocation": "string" //path to the bits, after build completes.
}
When a static website ARM template is deployed, a github workflow action file is automatically created and checked into the repo. That workflow action file is populated with the buildProperties
supplied above, as shown below:
- name: Build And Deploy
id: builddeploy
uses: Azure/static-web-apps-deploy@v1
with:
azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_YELLOW_DESERT_083CEBA0F }}
repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
action: "upload"
###### Repository/Build Configurations - These values can be configured to match your app requirements. ######
# For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
app_location: "/aliriam-rfp-poc" # App source code path
api_location: "" # Api source code path - optional
output_location: "dist/aliriam-rfp-poc" # Built app content directory - optional
###### End of Repository/Build Configurations ######
In contrast, the Azure App Service ARM grammar does not have the ability to specify these build-related paths. Thus the github workflow file that is generated - does not have the correct app path(s). It is automatically a failed deployment. To be clear, unlike the static website ARM grammar, the App Service ARM grammar does not directly describe any repo properties. Instead it depends on a Microsoft.Web/sites/sourcecontrols
sub-grammar, which unfortunately also does not have build-path properties.
Furthermore, the Azure portal App Service "create resource" blade also does not seem to support such build properties. Apparently the only way I can set these build-path properties, is by hand-editing the github workflow file after my Azure App Service resource has already been deployed. This is very awkward, and largely undermines the point of having ARM templates.
Indeed, the "awkward" goes a step further because the auto-generated github workflow file contains default references to "myapp", which has no relationship to what my app is called, or the folders used by my app. Notice:
- name: dotnet publish
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp
Even if there was a way to compensate by embedding the proper build path into to the DOTNET_ROOT
variable, the appended myapp
will still be wrong.
So again, it looks like I'm stuck doing post-deployment manual fixes to the auto-generated github workflow file. Is there some trick I am overlooking? Right now this looks like a critical missing capability for ARM deployments.
Hi Team,
I have created the below reusable composite action, but while calling the action, I am being encountered with following error. Could you please help me fix it, if am doing something wrong?
Composite actions path: https://gist.github.com/veereshkumarn/faeaed6dc73fb662d16fb8a0b04425b1#file-appservice-build-yaml
CI-Workflow File: https://gist.github.com/veereshkumarn/8054351c65b3205eae2b53d5452b85f8#file-ci_workflow-yaml
Error Details:
Error: /home/runner/work/paas-workflow/./.github/actions/azure-webapp-build/action.yaml: (Line: 9, Col: 120, Idx: 494) - (Line: 9, Col: 1[3](https://github.com/owner/paas-workflow/actions/runs/4012756665/jobs/6891450618#step:3:3)4, Idx: 508): While parsing a block mapping, did not find expected key. Error: System.ArgumentException: Unexpected type '' encountered while reading 'action manifest root'. The type 'MappingToken' was expected. at GitHub.DistributedTask.ObjectTemplating.Tokens.TemplateTokenExtensions.AssertMapping(TemplateToken value, String objectDescription) at GitHub.Runner.Worker.ActionManifestManager.Load(IExecutionContext executionContext, String manifestFile) Error: Fail to load /home/runner/work/devsecops-101[5](https://github.com/owner/paas-workflow/actions/runs/4012756665/jobs/6891450618#step:3:5)529-paas-workflow/paas-workflow/./.github/actions/azure-webapp-build/action.yaml
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.