Continuous delivery by using GitHub Action

GitHub Actions lets you define a workflow to automatically build and deploy your functions code to function app in Azure.

In GitHub Actions, a workflow is an automated process that you define in your GitHub repository. This process tells GitHub how to build and deploy your functions app project on GitHub.

A workflow is defined by a YAML (.yml) file in the /.github/workflows/ path in your repository. This definition contains the various steps and parameters that make up the workflow.

For an Azure Functions workflow, the file has three sections:

Section Tasks
Authentication
  1. Define a service principal.
  2. Download publishing profile.
  3. Create a GitHub secret.
Build
  1. Set up the environment.
  2. Build the function app.
Deploy
  1. Deploy the function app.

Note

You do not need to create a service principal if you decide to use publishing profile for authentication.

Create a service principal

You can create a service principal by using the az ad sp create-for-rbac command in the Azure CLI. You can run this command using Azure Cloud Shell in the Azure portal or by selecting the Try it button.

az ad sp create-for-rbac --name "myApp" --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Web/sites/<APP_NAME> --sdk-auth

In this example, replace the placeholders in the resource with your subscription ID, resource group, and function app name. The output is the role assignment credentials that provide access to your function app. Copy this JSON object, which you can use to authenticate from GitHub.

Important

It is always a good practice to grant minimum access. This is why the scope in the previous example is limited to the specific function app and not the entire resource group.

Download the publishing profile

To download the publishing profile of your function app:

  1. Select the function app's Overview page, and then select Get publish profile.

    Download publish profile

  2. Save and copy the contents of the publish settings file.

Configure the GitHub secret

  1. In GitHub, browse to your repository, select Settings > Secrets > Add a new secret.

    Add Secret

  2. Add a new secret.

    • If you're using the service principal that you created by using the Azure CLI, use AZURE_CREDENTIALS for the Name. Then, paste the copied JSON object output for Value, and select Add secret.
    • If you're using a publishing profile, use SCM_CREDENTIALS for the Name. Then, use the publishing profile's file content for Value, and select Add secret.

GitHub can now authenticate to your function app in Azure.

Set up the environment

Setting up the environment is done using a language-specific publish setup action.

The following example shows the part of the workflow that uses the actions/setup-node action to set up the environment:

    - name: 'Login via Azure CLI'
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    - name: Setup Node 10.x
      uses: actions/setup-node@v1
      with:
        node-version: '10.x'

Build the function app

This depends on the language and for languages supported by Azure Functions, this section should be the standard build steps of each language.

The following example shows the part of the workflow that builds the function app, which is language specific:

    - name: 'Run npm'
      shell: bash
      run: |
        # If your function app project is not located in your repository's root
        # Please change your directory for npm in pushd
        pushd .
        npm install
        npm run build --if-present
        npm run test --if-present
        popd

Deploy the function app

To deploy your code to a function app, you will need to use the Azure/functions-action action. This action has two parameters:

Parameter Explanation
app-name (Mandatory) The name of your function app.
slot-name (Optional) The name of the deployment slot you want to deploy to. The slot must already be defined in your function app.

The following example uses version 1 of the functions-action:

    - name: 'Run Azure Functions Action'
      uses: Azure/functions-action@v1
      id: fa
      with:
        app-name: PLEASE_REPLACE_THIS_WITH_YOUR_FUNCTION_APP_NAME

Next steps

To view a complete workflow .yaml file, see one of the files in the Azure GitHub Actions workflow samples repo that have functionapp in the name. You can use these samples a starting point for your workflow.