Tutorial: Use GitHub Actions to deploy to App Service and connect to a database

Learn how to set up a GitHub Actions workflow to deploy a ASP.NET Core application with an Azure SQL Database backend. When you're finished, you have an ASP.NET app running in Azure and connected to SQL Database. You'll first use an ARM template to create resources.

This tutorial does not use containers. If you want to deploy to a containerized ASP.NET Core application, see Use GitHub Actions to deploy to App Service for Containers and connect to a database.

In this tutorial, you learn how to:

  • Use a GitHub Actions workflow to add resources to Azure with a Azure Resource Manager template (ARM template)
  • Use a GitHub Actions workflow to build an ASP.NET Core application

If you don't have an Azure subscription, create a free account before you begin.


To complete this tutorial, you'll need:

Download the sample

Fork the sample project in the Azure Samples repo.


Create the resource group

Open the Azure Cloud Shell at https://shell.azure.com. You can alternately use the Azure CLI if you've installed it locally. (For more information on Cloud Shell, see the Cloud Shell Overview.)

az group create --name {resource-group-name} --location {resource-group-location}

Generate deployment credentials

You'll need to authenticate with a service principal for the resource deployment script to work. You can create a service principal with the az ad sp create-for-rbac command in the Azure CLI. Run this command with Azure Cloud Shell in the Azure portal or by selecting the Try it button.

    az ad sp create-for-rbac --name "{service-principal-name}" --sdk-auth --role contributor --scopes /subscriptions/{subscription-id}

In the example, replace the placeholders with your subscription ID, resource group name, and service principal name. The output is a JSON object with the role assignment credentials that provide access to your App Service app. Copy this JSON object for later. For help, go to configure deployment credentials.

    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",

Configure the GitHub secret for authentication

In GitHub, browse your repository, select Settings > Secrets > Add a new secret.

To use user-level credentials, paste the entire JSON output from the Azure CLI command into the secret's value field. Name the secret AZURE_CREDENTIALS.

Add GitHub secrets for your build

  1. Create two new secrets in your GitHub repository for SQLADMIN_PASS and SQLADMIN_LOGIN. Make sure you choose a complex password, otherwise the create step for the SQL database server will fail. You won't be able to access this password again so save it separately.

  2. Create an AZURE_SUBSCRIPTION_ID secret for your Azure subscription ID. If you do not know your subscription ID, use this command in the Azure Shell to find it. Copy the value in the SubscriptionId column.

    az account list -o table

Create Azure resources

The create Azure resources workflow runs an ARM template to deploy resources to Azure. The workflow:

To run the create Azure resources workflow:

  1. Open the infraworkflow.yml file in .github/workflows within your repository.

  2. Update the value of AZURE_RESOURCE_GROUP to your resource group name.

  3. Set the input for region in your ARM Deploy actions to your region.

    1. Open templates/azuredeploy.resourcegroup.parameters.json and update the rgLocation property to your region.
  4. Go to Actions and select Run workflow.

    Run the GitHub Actions workflow to add resources.

  5. Verify that your action ran successfully by checking for a green checkmark on the Actions page.

    Successful run of create resources.

  6. After you've created your resources, go to Actions, select Create Azure Resources, disable the workflow.

    Disable the Create Azure Resources workflow.

Create a publish profile secret

  1. In the Azure portal, open your new staging App Service (Slot) created with the Create Azure Resources workflow.

  2. Select Get Publish Profile.

  3. Open the publish profile file in a text editor and copy its contents.

  4. Create a new GitHub secret for AZURE_WEBAPP_PUBLISH_PROFILE.

Build and deploy your app

To run the build and deploy workflow:

  1. Open your workflow.yaml file in .github/workflows within your repository.

  2. Verify that the environment variables for AZURE_RESOURCE_GROUP, AZURE_WEBAPP_NAME, SQLSERVER_NAME, and DATABASE_NAME match the ones in infraworkflow.yml.

  3. Verify that your app deployed by visiting the URL in the Swap to production slot output. You should see a sample app, My TodoList App.

Clean up resources

If you no longer need your sample project, delete your resource group in the Azure portal and delete your repository on GitHub.

Next steps