Deploy an app in Azure Government with Azure Pipelines
This article helps you use Azure Pipelines to set up continuous integration (CI) and continuous deployment (CD) of your web app running in Azure Government. CI/CD automates the build of your code from a repo along with the deployment (release) of the built code artifacts to a service or set of services in Azure Government. In this tutorial, you will build a web app and deploy it to an Azure Governments app service. This build and release process is triggered by a change to a code file in the repo.
Azure Pipelines is not available as part of Azure Government. While this tutorial shows how to configure the CI/CD capabilities of Azure Pipelines in order to deploy an app to a service inside Azure Government, be aware that Azure Pipelines runs its pipelines outside of Azure Government. Research your organization's security and service policies before using it as part of your deployment tools.
Azure Pipelines is used by teams to configure continuous deployment for applications hosted in Azure subscriptions. We can use this service for applications running in Azure Government by defining service connections for Azure Government.
This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.
Before starting this tutorial, you must have the following:
- Create an organization in Azure DevOps
- Create and add a project to the Azure DevOps organization
- Install and set up Azure Powershell
If you don't have an active Azure Government subscription, create a free account before you begin.
Create Azure Government app service
Create an App service in your Azure Government subscription. The following steps will set up a CD process to deploy to this Web App.
Set up Build and Source control integration
Follow through one of the quickstarts below to set up a Build for your specific type of app:
Generate a service principal
Download or copy and paste the service principal creation powershell script into an IDE or editor.
Open up the file and navigate to the
paramparameter. Replace the
$environmentNamevariable with AzureUSGovernment." This sets the service principal to be created in Azure Government.
Open your Powershell window and run the following command. This command sets a policy that enables running local files.
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
When you are asked whether you want to change the execution policy, enter "A" (for "Yes to All").
Navigate to the directory that has the edited script above.
Edit the following command with the name of your script and run:
./<name of script file you saved>
The "subscriptionName" parameter can be found by logging into your Azure Government subscription with
Connect-AzAccount -EnvironmentName AzureUSGovernmentand then running
When prompted for the "password" parameter, enter your desired password.
After providing your Azure Government subscription credentials, you should see the following:
The Environment variable should be "AzureUSGovernment"
After the script has run, you should see your service connection values. Copy these values as we will need them when setting up our endpoint.
Configure the Azure Pipelines service connection
Follow the instructions in Service connections for builds and releases to set up the Azure Pipelines service connection.
Make one change specific to Azure Government: In step #3 of Service connections for builds and releases, click on "use the full version of the service connection catalog" and set Environment to AzureUSGovernment.
Define a release process
Follow Deploy a web app to Azure App Services instructions to set up your release pipeline and deploy to your application in Azure Government.
Q: Do I need a build agent?
A: You need at least one agent to run your deployments. By default, the build and deployment processes are configured to use the hosted agents. Configuring a private agent would limit data sharing outside of Azure Government.
Q: I use Team Foundation Server on-premises. Can I configure CD on my server to target Azure Government?
A: Currently, Team Foundation Server cannot be used to deploy to an Azure Government Cloud.