Deploy an app in Azure Government with Azure Pipelines

This article helps you use Azure Pipelines to set up continuous integration (CI) and continuous deployment (CD) of your web app running in Azure Government. CI/CD automates the build of your code from a repo along with the deployment (release) of the built code artifacts to a service or set of services in Azure Government. In this tutorial, you'll build a web app and deploy it to an Azure Governments app service. This build and release process is triggered by a change to a code file in the repo.

Azure Pipelines is used by teams to configure continuous deployment for applications hosted in Azure subscriptions. We can use this service for applications running in Azure Government by defining service connections for Azure Government.

Note

This article uses the Azure Az PowerShell module, which is the recommended PowerShell module for interacting with Azure. To get started with the Az PowerShell module, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

Prerequisites

Before starting this tutorial, you must complete the following prerequisites:

If you don't have an active Azure Government subscription, create a free account before you begin.

Create Azure Government app service

Create an App service in your Azure Government subscription. The following steps will set up a CD process to deploy to this Web App.

Set up Build and Source control integration

Follow through one of the quickstarts below to set up a Build for your specific type of app:

Generate a service principal

  1. Download or copy and paste the service principal creation PowerShell script into an IDE or editor.

    Note

    This script will be updated to use the Azure Az PowerShell module instead of the deprecated AzureRM PowerShell module.

  2. Open up the file and navigate to the param parameter. Replace the $environmentName variable with AzureUSGovernment." This action sets the service principal to be created in Azure Government.

  3. Open your PowerShell window and run the following command. This command sets a policy that enables running local files.

    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

    When you're asked whether you want to change the execution policy, enter "A" (for "Yes to All").

  4. Navigate to the directory that has the edited script above.

  5. Edit the following command with the name of your script and run:

    ./<name of script file you saved>

  6. The "subscriptionName" parameter can be found by logging into your Azure Government subscription via Connect-AzAccount -EnvironmentName AzureUSGovernment and then running Get-AzureSubscription.

  7. When prompted for the "password" parameter, enter your desired password.

  8. After providing your Azure Government subscription credentials, you should see the following message:

    Note

    The Environment variable should be AzureUSGovernment.

  9. After the script has run, you should see your service connection values. Copy these values as we'll need them when setting up our endpoint.

    ps4

Configure the Azure Pipelines service connection

Follow the instructions in Service connections for builds and releases to set up the Azure Pipelines service connection.

Make one change specific to Azure Government: In step #3 of Service connections for builds and releases, click on "use the full version of the service connection catalog" and set Environment to AzureUSGovernment.

Define a release process

Follow Deploy a web app to Azure App Services instructions to set up your release pipeline and deploy to your application in Azure Government.

Q&A

Do I need a build agent?
You need at least one agent to run your deployments. By default, the build and deployment processes are configured to use the hosted agents. Configuring a private agent would limit data sharing outside of Azure Government.

I use Team Foundation Server on premises. Can I configure CD on my server to target Azure Government?
Currently, Team Foundation Server can't be used to deploy to an Azure Government Cloud.

Next steps