Edit

Share via


Deploy to App Service using GitHub Actions

Get started with GitHub Actions to automate your workflow and deploy to Azure App Service from GitHub.

Prerequisites

Set up GitHub Actions deployment when creating the app

GitHub Actions deployment is integrated into the default Create Web App process. Set Continuous deployment to Enable in the Deployment tab, and configure the organization, repository, and branch that you want.

Screenshot shows how to enable GitHub Actions deployment in the App Service create Deployment tab.

When you enable continuous deployment, app creation automatically picks the authentication method based on the basic authentication selection and configures your app and your GitHub repository accordingly:

Basic authentication selection Authentication method
Disable User-assigned identity (OpenID Connect) (recommended)
Enable Basic authentication

Note

You might receive an error when you create the app that your Azure account doesn't have certain permissions. Your account might need the required permissions to create and configure the user-assigned identity. For an alternative, see Set up GitHub Actions deployment from the Deployment Center.

Set up GitHub Actions deployment from the Deployment Center

For an existing app, you can get started quickly with GitHub Actions by using the App Service Deployment Center. This turn-key method generates a GitHub Actions workflow file based on your application stack and commits it to your GitHub repository.

The Deployment Center also lets you easily configure the more secure OpenID Connect authentication with a user-assigned identity. For more information, see the user-assigned identity option.

If your Azure account has the needed permissions, you can create a user-assigned identity. Otherwise, you can select an existing user-assigned managed identity in the Identity dropdown menu. You can work with your Azure administrator to create a user-assigned managed identity with the Website Contributor role.

For more information, see Continuous deployment to Azure App Service.

Set up a GitHub Actions workflow manually

You can deploy a workflow without using the Deployment Center. In that case you need to perform three steps:

  1. Generate deployment credentials
  2. Configure the GitHub secret
  3. Add the workflow file to your GitHub repository

Generate deployment credentials

The recommended way to authenticate with Azure App Services for GitHub Actions is with OpenID Connect. This approach is an authentication method that uses short-lived tokens. Setting up OpenID Connect with GitHub Actions is more complex but offers hardened security.

Alternatively, you can authenticate with a User-assigned Managed Identity, a service principal, or a publish profile.

Note

Publish profile requires basic authentication to be enabled.

A publish profile is an app-level credential. Set up your publish profile as a GitHub secret.

  1. Go to your app service in the Azure portal.

  2. On the Overview page, select Download publish profile.

  3. Save the downloaded file. Use the contents of the file to create a GitHub secret.

Note

As of October 2020, Linux web apps need the app setting WEBSITE_WEBDEPLOY_USE_SCM set to true before downloading the publish profile. This requirement will be removed in the future.

Configure the GitHub secret

In GitHub, browse to your repository. Select Settings > Security > Secrets and variables > Actions > New repository secret.

To use app-level credentials that you created in the previous section, paste the contents of the downloaded publish profile file into the secret's value field. Name the secret AZURE_WEBAPP_PUBLISH_PROFILE.

When you configure the GitHub workflow file later, use the AZURE_WEBAPP_PUBLISH_PROFILE in the deploy Azure Web App action. For example:

YAML
- uses: azure/webapps-deploy@v2
  with:
    publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}

Add the workflow file to your GitHub repository

A YAML (.yml) file in the /.github/workflows/ path in your GitHub repository defines a workflow. This definition contains the various steps and parameters that make up the workflow.

At a minimum, the workflow file would have the following distinct steps:

  1. Authenticate with App Service using the GitHub secret you created.
  2. Build the web app.
  3. Deploy the web app.

To deploy your code to an App Service app, use the azure/webapps-deploy@v3 action. The action requires the name of your web app in app-name and, depending on your language stack, the path of a *.zip, *.war, *.jar, or folder to deploy in package. For a complete list of possible inputs for the azure/webapps-deploy@v3 action, see action.yml.

The following examples show the part of the workflow that builds the web app, in different supported languages.

The publish-profile input should reference the AZURE_WEBAPP_PUBLISH_PROFILE GitHub secret that you created earlier.

YAML
name: .NET Core CI

on: [push]

env:
  AZURE_WEBAPP_NAME: my-app-name    # set this to your application's name
  AZURE_WEBAPP_PACKAGE_PATH: '.'      # set this to the path to your web app project, defaults to the repository root
  DOTNET_VERSION: '6.0.x'           # set this to the dot net version to use

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      # Checkout the repo
      - uses: actions/checkout@main
      
      # Setup .NET Core SDK
      - name: Setup .NET Core
        uses: actions/setup-dotnet@v3
        with:
          dotnet-version: ${{ env.DOTNET_VERSION }} 
      
      # Run dotnet build and publish
      - name: dotnet build and publish
        run: |
          dotnet restore
          dotnet build --configuration Release
          dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp' 
          
      # Deploy to Azure Web apps
      - name: 'Run Azure webapp deploy action using publish profile credentials'
        uses: azure/webapps-deploy@v3
        with: 
          app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE  }} # Define secret variable in repository settings as per action documentation
          package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'

Frequently Asked Questions

How do I deploy a WAR file through Maven plugin?

In case you configured your Java Tomcat project with the Maven plugin, you can also deploy to Azure App Service through this plugin. If you use the Azure CLI GitHub action, it makes use of your Azure credentials.

YAML
    - name: Azure CLI script file
      uses: azure/cli@v2
      with:
        inlineScript: |
          mvn package azure-webapp:deploy

For more information on the Maven plugin and how to use and configure it, see Maven plugin wiki for Azure App Service.

How do I deploy a WAR file through Az CLI?

If you use prefer the Azure CLI to deploy to App Service, you can use the GitHub Action for Azure CLI.

YAML
- name: Azure CLI script
  uses: azure/cli@v2
  with:
    inlineScript: |
      az webapp deploy --src-path '${{ github.workspace }}/target/yourpackage.war' --name ${{ env.AZURE_WEBAPP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }}  --async true --type war

For more information on the GitHub Action for CLI and how to use and configure it, see Azure CLI GitHub action.

For more information on the az webapp deploy command, how to use it, and the parameter details, see az webapp deploy documentation.

How do I deploy a startup file?

Use the GitHub Action for CLI. For example:

YAML
- name: Deploy startup script
  uses: azure/cli@v2
  with:
    inlineScript: |
      az webapp deploy --src-path ${{ github.workspace }}/src/main/azure/createPasswordlessDataSource.sh --name ${{ env.AZURE_WEBAPP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --type startup --track-status false

How do I deploy to a Container?

With the Azure Web Deploy action, you can automate your workflow to deploy custom containers to App Service using GitHub Actions. For more in information about the steps to deploy using GitHub Actions, see Deploy to a Container.

How do I update the Tomcat configuration after deployment?

In case you would like to update any of your web apps settings after deployment, you can use the App Service Settings action.

YAML
    - uses: azure/appservice-settings@v1
      with:
        app-name: 'my-app'
        slot-name: 'staging'  # Optional and needed only if the settings have to be configured on the specific deployment slot
        app-settings-json: '[{ "name": "CATALINA_OPTS", "value": "-Dfoo=bar" }]' 
        connection-strings-json: '${{ secrets.CONNECTION_STRINGS }}'
        general-settings-json: '{"alwaysOn": "false", "webSocketsEnabled": "true"}' #'General configuration settings as Key Value pairs'
      id: settings

For more information on this action and how to use and configure it, see the App Service Settings repository.

Check out references on Azure GitHub Actions and workflows: