A GitHub account. If you don't have one, sign up for free.
Set up GitHub Actions deployment when creating the app
GitHub Actions deployment is integrated into the default Create Web App process. Set Continuous deployment to Enable in the Deployment tab, and configure the organization, repository, and branch that you want.
When you enable continuous deployment, app creation automatically picks the authentication method based on the basic authentication selection and configures your app and your GitHub repository accordingly:
Set up GitHub Actions deployment from the Deployment Center
For an existing app, you can get started quickly with GitHub Actions by using the App Service Deployment Center. This turn-key method generates a GitHub Actions workflow file based on your application stack and commits it to your GitHub repository.
The Deployment Center also lets you easily configure the more secure OpenID Connect authentication with a user-assigned identity. For more information, see the user-assigned identity option.
If your Azure account has the needed permissions, you can create a user-assigned identity. Otherwise, you can select an existing user-assigned managed identity in the Identity dropdown menu. You can work with your Azure administrator to create a user-assigned managed identity with the Website Contributor role.
The recommended way to authenticate with Azure App Services for GitHub Actions is with OpenID Connect. This approach is an authentication method that uses short-lived tokens. Setting up OpenID Connect with GitHub Actions is more complex but offers hardened security.
Alternatively, you can authenticate with a User-assigned Managed Identity, a service principal, or a publish profile.
The following procedure describes the steps for creating an Microsoft Entra application, service principal, and federated credentials using Azure CLI statements. To learn how to create an Microsoft Entra application, service principal, and federated credentials in Azure portal, see Connect GitHub and Azure.
This command returns a JSON with an appId that is your client-id. Save the value to use as the AZURE_CLIENT_ID GitHub secret later.
You use the objectId value when creating federated credentials with Graph API and reference it as the APPLICATION-OBJECT-ID.
Create a service principal. Replace the $appID with the appId from your JSON output.
This command generates JSON output with a different objectId to use in the next step. The new objectId is the assignee-object-id.
Copy the appOwnerTenantId to use as a GitHub secret for AZURE_TENANT_ID later.
Azure CLI
az ad sp create --id$appId
Create a new role assignment by subscription and object. By default, the role assignment is tied to your default subscription. Replace $subscriptionId with your subscription ID, $resourceGroupName with your resource group name, $webappName with your web app name, and $assigneeObjectId with the generated id. Learn how to manage Azure subscriptions with the Azure CLI.
Azure CLI
az role assignment create --role contributor --subscription$subscriptionId--assignee-object-id$assigneeObjectId--scope /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/$webappName--assignee-principal-type ServicePrincipal
Replace APPLICATION-OBJECT-ID with the appId (generated while creating app) for your Active Directory application.
Set a value for CREDENTIAL-NAME to reference later.
Set the subject. GitHub defines its value depending on your workflow:
For jobs in your GitHub Actions environment: repo:< Organization/Repository >:environment:< Name >
For Jobs not tied to an environment, include the ref path for branch/tag based on the ref path used for triggering the workflow: repo:< Organization/Repository >:ref:< ref path>. For example, repo:n-username/ node_express:ref:refs/heads/my-branch or repo:n-username/ node_express:ref:refs/tags/my-tag.
For workflows triggered by a pull request event: repo:< Organization/Repository >:pull_request.
Azure CLI
az ad app federated-credential create --id<APPLICATION-OBJECT-ID>--parameters credential.json
("credential.json" contains the following content)
{
"name": "<CREDENTIAL-NAME>",
"issuer": "https://token.actions.githubusercontent.com",
"subject": "repo:organization/repository:ref:refs/heads/main",
"description": "Testing",
"audiences": [
"api://AzureADTokenExchange"]
}
A publish profile is an app-level credential. Set up your publish profile as a GitHub secret.
Go to your app service in the Azure portal.
On the Overview page, select Download publish profile.
Save the downloaded file. Use the contents of the file to create a GitHub secret.
Note
As of October 2020, Linux web apps need the app setting WEBSITE_WEBDEPLOY_USE_SCM set to truebefore downloading the publish profile. This requirement will be removed in the future.
az ad sp create-for-rbac --name"myApp"--role contributor \
--scopes /subscriptions/<subscription-id>/resourceGroups/<group-name>/providers/Microsoft.Web/sites/<app-name> \
--json-auth
In the previous example, replace the placeholders with your subscription ID, resource group name, and app name. The output is a JSON object with the role assignment credentials that provide access to your App Service app similar to the following JSON snippet. Copy this JSON object for later.
It's always a good practice to grant minimum access. The scope in the previous example is limited to the specific App Service app and not the entire resource group.
You need to provide your application's Client ID, Tenant ID, and Subscription ID to the Azure/login action. These values can either be provided directly in the workflow or can be stored in GitHub secrets and referenced in your workflow. Saving the values as GitHub secrets is the more secure option.
Open your GitHub repository and go to Settings > Security > Secrets and variables > Actions > New repository secret.
Create secrets for AZURE_CLIENT_ID, AZURE_TENANT_ID, and AZURE_SUBSCRIPTION_ID. Use these values from your Active Directory application for your GitHub secrets:
GitHub Secret
Active Directory Application
AZURE_CLIENT_ID
Application (client) ID
AZURE_TENANT_ID
Directory (tenant) ID
AZURE_SUBSCRIPTION_ID
Subscription ID
Save each secret by selecting Add secret.
In GitHub, browse to your repository. Select Settings > Security > Secrets and variables > Actions > New repository secret.
To use app-level credentials that you created in the previous section, paste the contents of the downloaded publish profile file into the secret's value field. Name the secret AZURE_WEBAPP_PUBLISH_PROFILE.
When you configure the GitHub workflow file later, use the AZURE_WEBAPP_PUBLISH_PROFILE in the deploy Azure Web App action. For example:
In GitHub, browse to your repository. Select Settings > Security > Secrets and variables > Actions > New repository secret.
To use user-level credentials that you created in the previous section, paste the entire JSON output from the Azure CLI command into the secret's value field. Name the secret AZURE_CREDENTIALS.
When you configure the GitHub workflow file later, use the secret for the input creds of the Azure/login. For example:
A YAML (.yml) file in the /.github/workflows/ path in your GitHub repository defines a workflow. This definition contains the various steps and parameters that make up the workflow.
At a minimum, the workflow file would have the following distinct steps:
Authenticate with App Service using the GitHub secret you created.
Build the web app.
Deploy the web app.
To deploy your code to an App Service app, use the azure/webapps-deploy@v3 action. The action requires the name of your web app in app-name and, depending on your language stack, the path of a *.zip, *.war, *.jar, or folder to deploy in package. For a complete list of possible inputs for the azure/webapps-deploy@v3 action, see action.yml.
The following examples show the part of the workflow that builds the web app, in different supported languages.
To deploy with OpenID Connect using the managed identity you configured, use the azure/login@v2 action with the client-id, tenant-id, and subscription-id keys. Reference the GitHub secrets that you created earlier.
name:.NETCoreon:[push]permissions: id-token:write contents:readenv: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository root DOTNET_VERSION:'6.0.x'# set this to the dot net version to usejobs: build: runs-on:ubuntu-latest steps:# Checkout the repo - uses:actions/checkout@main - uses:azure/login@v2 with: client-id:${{secrets.AZURE_CLIENT_ID}} tenant-id:${{secrets.AZURE_TENANT_ID}} subscription-id:${{secrets.AZURE_SUBSCRIPTION_ID}}# Setup .NET Core SDK - name:Setup.NETCore uses:actions/setup-dotnet@v3 with: dotnet-version:${{env.DOTNET_VERSION}}# Run dotnet build and publish - name:dotnetbuildandpublish run:|
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name:'Run Azure webapp deploy action using publish profile credentials' uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}}# Replace with your app name package:'${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp' - name:logout run:|
az logout
Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. The example uses GitHub secrets for the client-id, tenant-id, and subscription-id values. You can also pass these values directly in the sign-in action.
YAML
name:DeployASP.NETMVCAppdeploytoAzureWebAppon:[push]permissions: id-token:write contents:readenv: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository root NUGET_VERSION:'5.3.x'# set this to the dot net version to usejobs: build-and-deploy: runs-on:windows-latest steps:# checkout the repo - uses:actions/checkout@main - uses:azure/login@v2 with: client-id:${{secrets.AZURE_CLIENT_ID}} tenant-id:${{secrets.AZURE_TENANT_ID}} subscription-id:${{secrets.AZURE_SUBSCRIPTION_ID}} - name:InstallNuget uses:nuget/setup-nuget@v1 with: nuget-version:${{env.NUGET_VERSION}} - name:NuGettorestoredependenciesaswellasproject-specifictoolsthatarespecifiedintheprojectfile run:nugetrestore - name:AddmsbuildtoPATH uses:microsoft/setup-msbuild@v1.0.2 - name:RunMSBuild run:msbuild.\SampleWebApplication.sln - name:'Run Azure webapp deploy action using publish profile credentials' uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}}# Replace with your app name package:'${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'# Azure logout - name:logout run:|
az logout
Build and deploy a Java Spring Boot app to Azure using an Azure service principal. The example uses GitHub secrets for the client-id, tenant-id, and subscription-id values. You can also pass these values directly in the sign-in action.
name:BuildanddeployWARapptoAzureWebAppusingOpenIDConnectenv: JAVA_VERSION:'11'# set this to the Java version to use DISTRIBUTION:microsoft# set this to the Java distribution AZURE_WEBAPP_NAME:sampleapp# set this to the name of your web appon:[push]permissions: id-token:write contents:readjobs: build: runs-on:ubuntu-latest steps: - uses:actions/checkout@v4 - name:SetupJavaversion uses:actions/setup-java@v3.0.0 with: java-version:${{env.JAVA_VERSION}} distribution:${{env.DISTRIBUTION}} cache:'maven' - name:BuildwithMaven run:mvncleaninstall - name:LogintoAzure uses:azure/login@v2 with: client-id:${{secrets.AZURE_CLIENT_ID}} tenant-id:${{secrets.AZURE_TENANT_ID}} subscription-id:${{secrets.AZURE_SUBSCRIPTION_ID}} - name:DeploytoAzureWebApp id:deploy-to-webapp uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} package:'*.war'
You can find this full example using multiple jobs for build and deploy.
YAML
name:JavaScriptCIon:[push]permissions: id-token:write contents:readname:Node.jsenv: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'my-app-path'# set this to the path to your web app project, defaults to the repository root NODE_VERSION:'18.x'# set this to the node version to usejobs: build-and-deploy: runs-on:ubuntu-latest steps:# checkout the repo - name:'Checkout GitHub Action' uses:actions/checkout@main - uses:azure/login@v2 with: client-id:${{secrets.AZURE_CLIENT_ID}} tenant-id:${{secrets.AZURE_TENANT_ID}} subscription-id:${{secrets.AZURE_SUBSCRIPTION_ID}} - name:SetupNode${{env.NODE_VERSION}} uses:actions/setup-node@v4 with: node-version:${{env.NODE_VERSION}} - name:'npm install, build, and test' run:|
npm install
npm run build --if-present
npm run test --if-present
working-directory:my-app-path# deploy web app using Azure credentials - uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} package:${{env.AZURE_WEBAPP_PACKAGE_PATH}}# Azure logout - name:logout run:|
az logout
YAML
name:Pythonapplicationon:[push]permissions: id-token:write contents:readenv: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository rootjobs: build: runs-on:ubuntu-latest steps: - uses:actions/checkout@v4 - uses:azure/login@v2 with: client-id:${{secrets.AZURE_CLIENT_ID}} tenant-id:${{secrets.AZURE_TENANT_ID}} subscription-id:${{secrets.AZURE_SUBSCRIPTION_ID}} - name:SetupPython3.x uses:actions/setup-python@v4 with: python-version:3.x - name:Installdependencies run:|
python -m pip install --upgrade pip
pip install -r requirements.txt
- name:DeploywebAppusingGHActionazure/webapps-deploy uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} package:${{env.AZURE_WEBAPP_PACKAGE_PATH}} - name:logout run:|
az logout
The publish-profile input should reference the AZURE_WEBAPP_PUBLISH_PROFILE GitHub secret that you created earlier.
name:.NETCoreCIon:[push]env: AZURE_WEBAPP_NAME:my-app-name# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository root DOTNET_VERSION:'6.0.x'# set this to the dot net version to usejobs: build: runs-on:ubuntu-latest steps:# Checkout the repo - uses:actions/checkout@main# Setup .NET Core SDK - name:Setup.NETCore uses:actions/setup-dotnet@v3 with: dotnet-version:${{env.DOTNET_VERSION}}# Run dotnet build and publish - name:dotnetbuildandpublish run:|
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name:'Run Azure webapp deploy action using publish profile credentials' uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}}# Replace with your app name publish-profile:${{secrets.AZURE_WEBAPP_PUBLISH_PROFILE}}# Define secret variable in repository settings as per action documentation package:'${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
Build and deploy an ASP.NET MVC app that uses NuGet and publish-profile for authentication.
YAML
name:DeployASP.NETMVCAppdeploytoAzureWebAppon:[push]env: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository root NUGET_VERSION:'5.3.x'# set this to the dot net version to usejobs: build-and-deploy: runs-on:windows-latest steps: - uses:actions/checkout@main - name:InstallNuget uses:nuget/setup-nuget@v1 with: nuget-version:${{env.NUGET_VERSION}} - name:NuGettorestoredependenciesaswellasproject-specifictoolsthatarespecifiedintheprojectfile run:nugetrestore - name:AddmsbuildtoPATH uses:microsoft/setup-msbuild@v1.0.2 - name:RunMSBuild run:msbuild.\SampleWebApplication.sln - name:'Run Azure webapp deploy action using publish profile credentials' uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}}# Replace with your app name publish-profile:${{secrets.AZURE_WEBAPP_PUBLISH_PROFILE}}# Define secret variable in repository settings as per action documentation package:'${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'
Build and deploy a Java Spring Boot app to Azure using an Azure publish profile. The publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
Build and deploy a Tomcat app to Azure using an Azure publish profile. The publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
YAML
name:BuildanddeployWARapptoAzureWebAppusingpublishprofileenv: JAVA_VERSION:'11'# set this to the Java version to use DISTRIBUTION:microsoft# set this to the Java distribution AZURE_WEBAPP_NAME:sampleapp# set this to the name of your web appon:[push]permissions: id-token:write contents:readjobs: build: runs-on:ubuntu-latest steps: - uses:actions/checkout@v4 - name:SetupJavaversion uses:actions/setup-java@v3.0.0 with: java-version:${{env.JAVA_VERSION}} distribution:${{env.DISTRIBUTION}} cache:'maven' - name:BuildwithMaven run:mvncleaninstall - name:DeploytoAzureWebApp id:deploy-to-webapp uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} publish-profile:${{secrets.AZURE_WEBAPP_PUBLISH_PROFILE}} package:'*.war'
You can find this full example using multiple jobs for build and deploy.
Build and deploy a Node.js app to Azure using the app's publish profile. The publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
YAML
# File: .github/workflows/workflow.ymlname:JavaScriptCIon:[push]env: AZURE_WEBAPP_NAME:my-app-name# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'my-app-path'# set this to the path to your web app project, defaults to the repository root NODE_VERSION:'18.x'# set this to the node version to usejobs: build-and-deploy: name:BuildandDeploy runs-on:ubuntu-latest steps: - uses:actions/checkout@main - name:UseNode.js${{env.NODE_VERSION}} uses:actions/setup-node@v4 with: node-version:${{env.NODE_VERSION}} - name:npminstall,build,andtest run:|
# Build and test the project, then
# deploy to Azure Web App.
npm install
npm run build --if-present
npm run test --if-present
working-directory:my-app-path - name:'Deploy to Azure WebApp' uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} publish-profile:${{secrets.AZURE_WEBAPP_PUBLISH_PROFILE}} package:${{env.AZURE_WEBAPP_PACKAGE_PATH}}
Build and deploy a Python app to Azure using the app's publish profile. Note how the publish-profile input references the AZURE_WEBAPP_PUBLISH_PROFILE secret that you created earlier.
YAML
name:PythonCIon:[push]env: AZURE_WEBAPP_NAME:my-web-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository rootjobs: build: runs-on:ubuntu-latest steps: - uses:actions/checkout@v4 - name:SetupPython3.x uses:actions/setup-python@v4 with: python-version:3.x - name:Installdependencies run:|
python -m pip install --upgrade pip
pip install -r requirements.txt
- name:Buildingwebapp uses:azure/appservice-build@v2 - name:DeploywebAppusingGHActionazure/webapps-deploy uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} publish-profile:${{secrets.AZURE_WEBAPP_PUBLISH_PROFILE}} package:${{env.AZURE_WEBAPP_PACKAGE_PATH}}
To deploy with the service principal you configured, use the azure/login@v2 action with the creds key and reference the AZURE_CREDENTIALS secret that you created earlier.
name:.NETCoreon:[push]env: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository root DOTNET_VERSION:'6.0.x'# set this to the dot net version to usejobs: build: runs-on:ubuntu-latest steps:# Checkout the repo - uses:actions/checkout@main - uses:azure/login@v2 with: creds:${{secrets.AZURE_CREDENTIALS}}# Setup .NET Core SDK - name:Setup.NETCore uses:actions/setup-dotnet@v3 with: dotnet-version:${{env.DOTNET_VERSION}}# Run dotnet build and publish - name:dotnetbuildandpublish run:|
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name:'Run Azure webapp deploy action using Azure Credentials' uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}}# Replace with your app name package:'${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp' - name:logout run:|
az logout
Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. The creds input references the AZURE_CREDENTIALS secret that you created earlier.
YAML
name:DeployASP.NETMVCAppdeploytoAzureWebAppon:[push]env: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository root NUGET_VERSION:'5.3.x'# set this to the dot net version to usejobs: build-and-deploy: runs-on:windows-latest steps:# checkout the repo - uses:actions/checkout@main - uses:azure/login@v2 with: creds:${{secrets.AZURE_CREDENTIALS}} - name:InstallNuget uses:nuget/setup-nuget@v1 with: nuget-version:${{env.NUGET_VERSION}} - name:NuGettorestoredependenciesaswellasproject-specifictoolsthatarespecifiedintheprojectfile run:nugetrestore - name:AddmsbuildtoPATH uses:microsoft/setup-msbuild@v1.0.2 - name:RunMSBuild run:msbuild.\SampleWebApplication.sln - name:'Run Azure webapp deploy action using Azure Credentials' uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}}# Replace with your app name package:'${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'# Azure logout - name:logout run:|
az logout
Build and deploy a Java Spring Boot app to Azure using an Azure service principal. The creds input references the AZURE_CREDENTIALS secret that you created earlier.
Build and deploy a Tomcat app to Azure using an Azure service principal. The creds input references the AZURE_CREDENTIALS secret that you created earlier.
YAML
name:BuildanddeployWARapptoAzureWebAppusingServicePrincipalConnectenv: JAVA_VERSION:'11'# set this to the Java version to use DISTRIBUTION:microsoft# set this to the Java distribution AZURE_WEBAPP_NAME:sampleapp# set this to the name of your web appon:[push]permissions: contents:readjobs: build: runs-on:ubuntu-latest steps: - uses:actions/checkout@v4 - name:SetupJavaversion uses:actions/setup-java@v3.0.0 with: java-version:${{env.JAVA_VERSION}} distribution:${{env.DISTRIBUTION}} cache:'maven' - name:BuildwithMaven run:mvncleaninstall - name:LogintoAzure uses:azure/login@v2 with: creds:${{secrets.AZURE_CREDENTIALS}} - name:DeploytoAzureWebApp id:deploy-to-webapp uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} package:'*.war'
You can find this full example using multiple jobs for build and deploy.
Build and deploy a Node.js app to Azure using an Azure service principal. The creds input references the AZURE_CREDENTIALS secret that you created earlier.
YAML
name:JavaScriptCIon:[push]name:Node.jsenv: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'my-app-path'# set this to the path to your web app project, defaults to the repository root NODE_VERSION:'18.x'# set this to the node version to usejobs: build-and-deploy: runs-on:ubuntu-latest steps:# checkout the repo - name:'Checkout GitHub Action' uses:actions/checkout@main - uses:azure/login@v2 with: creds:${{secrets.AZURE_CREDENTIALS}} - name:SetupNode${{env.NODE_VERSION}} uses:actions/setup-node@v4 with: node-version:${{env.NODE_VERSION}} - name:'npm install, build, and test' run:|
npm install
npm run build --if-present
npm run test --if-present
working-directory:my-app-path# deploy web app using Azure credentials - uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} package:${{env.AZURE_WEBAPP_PACKAGE_PATH}}# Azure logout - name:logout run:|
az logout
Build and deploy a Python app to Azure using an Azure service principal. The creds input references the AZURE_CREDENTIALS secret that you created earlier.
YAML
name:Pythonapplicationon:[push]env: AZURE_WEBAPP_NAME:my-app# set this to your application's name AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository rootjobs: build: runs-on:ubuntu-latest steps: - uses:actions/checkout@v4 - uses:azure/login@v2 with: creds:${{secrets.AZURE_CREDENTIALS}} - name:SetupPython3.x uses:actions/setup-python@v4 with: python-version:3.x - name:Installdependencies run:|
python -m pip install --upgrade pip
pip install -r requirements.txt
- name:DeploywebAppusingGHActionazure/webapps-deploy uses:azure/webapps-deploy@v3 with: app-name:${{env.AZURE_WEBAPP_NAME}} package:${{env.AZURE_WEBAPP_PACKAGE_PATH}} - name:logout run:|
az logout
In case you configured your Java Tomcat project with the Maven plugin, you can also deploy to Azure App Service through this plugin. If you use the Azure CLI GitHub action, it makes use of your Azure credentials.
With the Azure Web Deploy action, you can automate your workflow to deploy custom containers to App Service using GitHub Actions. For more in information about the steps to deploy using GitHub Actions, see Deploy to a Container.
How do I update the Tomcat configuration after deployment?
In case you would like to update any of your web apps settings after deployment, you can use the App Service Settings action.
YAML
- uses:azure/appservice-settings@v1 with: app-name:'my-app' slot-name:'staging'# Optional and needed only if the settings have to be configured on the specific deployment slot app-settings-json:'[{ "name": "CATALINA_OPTS", "value": "-Dfoo=bar" }]' connection-strings-json:'${{ secrets.CONNECTION_STRINGS }}' general-settings-json:'{"alwaysOn": "false", "webSocketsEnabled": "true"}'#'General configuration settings as Key Value pairs' id:settings
For more information on this action and how to use and configure it, see the App Service Settings repository.
Related content
Check out references on Azure GitHub Actions and workflows:
Build end-to-end solutions in Microsoft Azure to create Azure Functions, implement and manage web apps, develop solutions utilizing Azure storage, and more.