A GitHub account. If you don't have one, sign up forfree.
Set up GitHub Actions deployment when creating the app
GitHub Actions deployment is integrated into the defaultapp creation wizard.You just need to setContinuous deploymenttoEnablein the Deployment tab, and configure the organization, repository, and branch you want.
When you enable continuous deployment, the app creation wizard automatically picks the authentication method based on the basic authentication selection and configures your app and your GitHub repository accordingly:
Set up GitHub Actions deployment from the Deployment Center
For an existing app, you can get started quickly with GitHub Actions by using the App Service Deployment Center. This turn-key method automatically generates a GitHub Actions workflow file based on your application stack and commits it to your GitHub repository.
The Deployment Center also lets you easily configure the more secure OpenID Connect authentication withtheuser-assigned identityoption.
If your Azure account has theneeded permissions,you can select to create a user-assigned identity. Otherwise, you can select an existing user-assigned managed identity in theIdentitydropdown. You can work with your Azure administrator to create a user-assigned managed identity with theWebsite Contributor role.
The recommended way to authenticate with Azure App Services for GitHub Actions is with OpenID Connect. This is an authentication method that uses short-lived tokens. Setting upOpenID Connect with GitHub Actionsis more complex but offers hardened security.
Alternatively, you can authenticate with a User-assigned Managed Identity, a service principal, or a publish profile.
The below runs you through the steps for creating an active directory application, service principal, and federated credentials using Azure CLI statements. To learn how to create an active directory application, service principal, and federated credentials in Azure portal, seeConnect GitHub and Azure.
This command outputs a JSON with anappIdthat is yourclient-id.Save the value to use as theAZURE_CLIENT_IDGitHub secret later.
You'll use theobjectIdvalue when creating federated credentials with Graph API and reference it as theAPPLICATION-OBJECT-ID.
Create a service principal. Replace the$appIDwith the appId from your JSON output.
This command generates JSON output with a differentobjectIdand will be used in the next step. The newobjectIdis theassignee-object-id.
Copy theappOwnerTenantIdto use as a GitHub secret forAZURE_TENANT_IDlater.
az ad sp create --id $appId
Create a new role assignment by subscription and object. By default, the role assignment is tied to your default subscription. Replace$subscriptionIdwith your subscription ID,$resourceGroupNamewith your resource group name,$webappNamewith your web app name, and$assigneeObjectIdwith the generatedid.Learnhow to manage Azure subscriptions with the Azure CLI.
az role assignment create --role contributor --subscription $subscriptionId --assignee-object-id $assigneeObjectId --scope /subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/$webappName --assignee-principal-type ServicePrincipal
ReplaceAPPLICATION-OBJECT-IDwith theappId (generated while creating app)for your Active Directory application.
Set a value forCREDENTIAL-NAMEto reference later.
Set thesubject.Its value is defined by GitHub depending on your workflow:
Jobs in your GitHub Actions environment:repo:< Organization/Repository >:environment:< Name >
For Jobs not tied to an environment, include the ref path for branch/tag based on the ref path used for triggering the workflow:repo:< Organization/Repository >:ref:< ref path>.For example,repo:n-username/ node_express:ref:refs/heads/my-branchorrepo:n-username/ node_express:ref:refs/tags/my-tag.
For workflows triggered by a pull request event:repo:< Organization/Repository >:pull_request.
az ad app federated-credential create --id <APPLICATION-OBJECT-ID> --parameters credential.json
( "credential.json" contains the following content)
{
"name": "<CREDENTIAL-NAME>",
"issuer": "https://token.actions.githubusercontent",
"subject": "repo:organization/repository:ref:refs/heads/main",
"description": "Testing",
"audiences": [
"api://AzureADTokenExchange"
]
}
A publish profile is an app-level credential. Set up your publish profile as a GitHub secret.
Go to your app service in the Azure portal.
On theOverviewpage, selectGet Publish profile.
Save the downloaded file. You'll use the contents of the file to create a GitHub secret.
Note
As of October 2020, Linux web apps needs the app settingWEBSITE_WEBDEPLOY_USE_SCMset totruebefore downloading the publish profile.This requirement will be removed in the future.
az ad sp create-for-rbac --name "myApp" --role contributor \
--scopes /subscriptions/<subscription-id>/resourceGroups/<group-name>/providers/Microsoft.Web/sites/<app-name> \
--json-auth
In the previous example, replace the placeholders with your subscription ID, resource group name, and app name. The output is a JSON object with the role assignment credentials that provide access to your App Service app similar to the following JSON snippet. Copy this JSON object for later.
It is always a good practice to grant minimum access. The scope in the previous example is limited to the specific App Service app and not the entire resource group.
You need to provide your application'sClient ID,Tenant IDandSubscription IDto theAzure/loginaction. These values can either be provided directly in the workflow or can be stored in GitHub secrets and referenced in your workflow. Saving the values as GitHub secrets is the more secure option.
Open your GitHub repository and go toSettings > Security > Secrets and variables > Actions > New repository secret.
Create secrets forAZURE_CLIENT_ID,AZURE_TENANT_ID,andAZURE_SUBSCRIPTION_ID.Use these values from your Active Directory application for your GitHub secrets:
GitHub Secret
Active Directory Application
AZURE_CLIENT_ID
Application (client) ID
AZURE_TENANT_ID
Directory (tenant) ID
AZURE_SUBSCRIPTION_ID
Subscription ID
Save each secret by selectingAdd secret.
InGitHub,browse your repository. SelectSettings > Security > Secrets and variables > Actions > New repository secret.
To useapp-level credentials,paste the contents of the downloaded publish profile file into the secret's value field. Name the secretAZURE_WEBAPP_PUBLISH_PROFILE.
When you configure the GitHub workflow file later, you use theAZURE_WEBAPP_PUBLISH_PROFILEin the deploy Azure Web App action. For example:
3. Add the workflow file to your GitHub repository
A workflow is defined by a YAML (.yml) file in the/.github/workflows/path in your GitHub repository. This definition contains the various steps and parameters that make up the workflow.
At a minimum, the workflow file would have the following distinct steps:
Authenticate with App Service using the GitHub secret you created.
Build the web app.
Deploy the web app.
To deploy your code to an App Service app, you use theazure/webapps-deploy@v3action. The action requires the name of your web app inapp-nameand, depending on your language stack, the path of a *.zip, *.war, *.jar, or folder to deploy inpackage.For a complete list of possible inputs for theazure/webapps-deploy@v3action, see theaction.ymldefinition.
The following examples show the part of the workflow that builds the web app, in different supported languages.
To deploy with OpenID Connect using the managed identity you configured, use theazure/login@v1action with theclient-id,tenant-id,andsubscription-idkeys and reference the GitHub secrets that youcreated earlier.
name:.NET Core
on: [push]
permissions:
id-token: write
contents: read
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '6.0.x' # set this to the dot net version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Setup.NET Core SDK
- name: Setup.NET Core
uses: actions/setup-dotnet@v3
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
# Run dotnet build and publish
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
- name: logout
run: |
az logout
Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. The example uses GitHub secrets for theclient-id,tenant-id,andsubscription-idvalues. You can also pass these values directly in the login action.
name: Deploy ASP.NET MVC App deploy to Azure Web App
on: [push]
permissions:
id-token: write
contents: read
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NUGET_VERSION: '5.3.x' # set this to the dot net version to use
jobs:
build-and-deploy:
runs-on: windows-latest
steps:
# checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Install Nuget
uses: nuget/setup-nuget@v1
with:
nuget-version: ${{ env.NUGET_VERSION}}
- name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file
run: nuget restore
- name: Add msbuild to PATH
uses: microsoft/[email protected]
- name: Run MSBuild
run: msbuild.\SampleWebApplication.sln
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'
# Azure logout
- name: logout
run: |
az logout
Build and deploy a Java Spring app to Azure using an Azure service principal. The example uses GitHub secrets for theclient-id,tenant-id,andsubscription-idvalues. You can also pass these values directly in the login action.
name: Build and deploy WAR app to Azure Web App using OpenID Connect
env:
JAVA_VERSION: '11' # set this to the Java version to use
DISTRIBUTION: microsoft # set this to the Java distribution
AZURE_WEBAPP_NAME: sampleapp # set this to the name of your web app
on: [push]
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Java version
uses: actions/[email protected]
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.DISTRIBUTION }}
cache: 'maven'
- name: Build with Maven
run: mvn clean install
- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: '*.war'
You can find this full example using multiple jobs for build and deployhereas well.
name: JavaScript CI
on: [push]
permissions:
id-token: write
contents: read
name: Node.js
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: 'my-app-path' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '18.x' # set this to the node version to use
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout GitHub Action'
uses: actions/checkout@main
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Setup Node ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 'npm install, build, and test'
run: |
npm install
npm run build --if-present
npm run test --if-present
working-directory: my-app-path
# deploy web app using Azure credentials
- uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
# Azure logout
- name: logout
run: |
az logout
name: Python application
on:
[push]
permissions:
id-token: write
contents: read
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Set up Python 3.x
uses: actions/setup- Python @v4
with:
Python -version: 3.x
- name: Install dependencies
run: |
Python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Deploy web App using GH Action azure/webapps-deploy
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
- name: logout
run: |
az logout
Thepublish-profileinput should reference theAZURE_WEBAPP_PUBLISH_PROFILEGitHub secret that youcreated earlier.
name:.NET Core CI
on: [push]
env:
AZURE_WEBAPP_NAME: my-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '6.0.x' # set this to the dot net version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout the repo
- uses: actions/checkout@main
# Setup.NET Core SDK
- name: Setup.NET Core
uses: actions/setup-dotnet@v3
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
# Run dotnet build and publish
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # Define secret variable in repository settings as per action documentation
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
Build and deploy an ASP.NET MVC app that uses NuGet andpublish-profilefor authentication.
name: Deploy ASP.NET MVC App deploy to Azure Web App
on: [push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NUGET_VERSION: '5.3.x' # set this to the dot net version to use
jobs:
build-and-deploy:
runs-on: windows-latest
steps:
- uses: actions/checkout@main
- name: Install Nuget
uses: nuget/setup-nuget@v1
with:
nuget-version: ${{ env.NUGET_VERSION}}
- name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file
run: nuget restore
- name: Add msbuild to PATH
uses: microsoft/[email protected]
- name: Run MSBuild
run: msbuild.\SampleWebApplication.sln
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # Define secret variable in repository settings as per action documentation
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'
Build and deploy a Java Spring app to Azure using an Azure publish profile. Thepublish-profileinput references theAZURE_WEBAPP_PUBLISH_PROFILEsecret that you created earlier.
name: Java CI with Maven
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 1.8
uses: actions/setup-java@v3
with:
java-version: 1.8
- name: Build with Maven
run: mvn -B package --file pom.xml
working-directory: my-app-path
- name: Azure WebApp
uses: Azure/webapps-deploy@v3
with:
app-name: my-app-name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: my/target/*.jar
To deploy awarinstead of ajar,change thepackagevalue.
Build and deploy a Tomcat app to Azure using an Azure publish profile. Thepublish-profileinput references theAZURE_WEBAPP_PUBLISH_PROFILEsecret that you created earlier.
name: Build and deploy WAR app to Azure Web App using publish profile
env:
JAVA_VERSION: '11' # set this to the Java version to use
DISTRIBUTION: microsoft # set this to the Java distribution
AZURE_WEBAPP_NAME: sampleapp # set this to the name of your web app
on: [push]
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Java version
uses: actions/[email protected]
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.DISTRIBUTION }}
cache: 'maven'
- name: Build with Maven
run: mvn clean install
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: '*.war'
You can find this full example using multiple jobs for build and deployhereas well.
Build and deploy a Node.js app to Azure using the app's publish profile. Thepublish-profileinput references theAZURE_WEBAPP_PUBLISH_PROFILEsecret that you created earlier.
# File:.github/workflows/workflow.yml
name: JavaScript CI
on: [push]
env:
AZURE_WEBAPP_NAME: my-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: 'my-app-path' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '18.x' # set this to the node version to use
jobs:
build-and-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@main
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: npm install, build, and test
run: |
# Build and test the project, then
# deploy to Azure Web App.
npm install
npm run build --if-present
npm run test --if-present
working-directory: my-app-path
- name: 'Deploy to Azure WebApp'
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
Build and deploy a Python app to Azure using the app's publish profile. Note how thepublish-profileinput references theAZURE_WEBAPP_PUBLISH_PROFILEsecret that you created earlier.
name: Python CI
on:
[push]
env:
AZURE_WEBAPP_NAME: my-web-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.x
uses: actions/setup- Python @v4
with:
Python -version: 3.x
- name: Install dependencies
run: |
Python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Building web app
uses: azure/appservice-build@v2
- name: Deploy web App using GH Action azure/webapps-deploy
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
To deploy with the service principal you configured, use theazure/login@v1action with thecredskey and reference theAZURE_CREDENTIALSsecret that youcreated earlier.
name:.NET Core
on: [push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '6.0.x' # set this to the dot net version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Setup.NET Core SDK
- name: Setup.NET Core
uses: actions/setup-dotnet@v3
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
# Run dotnet build and publish
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release --property:PublishDir='${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name: 'Run Azure webapp deploy action using Azure Credentials'
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
- name: logout
run: |
az logout
Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. Note how thecredsinput references theAZURE_CREDENTIALSsecret that you created earlier.
name: Deploy ASP.NET MVC App deploy to Azure Web App
on: [push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NUGET_VERSION: '5.3.x' # set this to the dot net version to use
jobs:
build-and-deploy:
runs-on: windows-latest
steps:
# checkout the repo
- uses: actions/checkout@main
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Install Nuget
uses: nuget/setup-nuget@v1
with:
nuget-version: ${{ env.NUGET_VERSION}}
- name: NuGet to restore dependencies as well as project-specific tools that are specified in the project file
run: nuget restore
- name: Add msbuild to PATH
uses: microsoft/[email protected]
- name: Run MSBuild
run: msbuild.\SampleWebApplication.sln
- name: 'Run Azure webapp deploy action using Azure Credentials'
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/SampleWebApplication/'
# Azure logout
- name: logout
run: |
az logout
Build and deploy a Java Spring app to Azure using an Azure service principal. Note how thecredsinput references theAZURE_CREDENTIALSsecret that you created earlier.
name: Java CI with Maven
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set up JDK 1.8
uses: actions/setup-java@v3
with:
java-version: 1.8
- name: Build with Maven
run: mvn -B package --file pom.xml
working-directory: complete
- name: Azure WebApp
uses: Azure/webapps-deploy@v3
with:
app-name: my-app-name
package: my/target/*.jar
# Azure logout
- name: logout
run: |
az logout
Build and deploy a Tomcat app to Azure using an Azure service principal. Note how thecredsinput references theAZURE_CREDENTIALSsecret that you created earlier.
name: Build and deploy WAR app to Azure Web App using Service Principal Connect
env:
JAVA_VERSION: '11' # set this to the Java version to use
DISTRIBUTION: microsoft # set this to the Java distribution
AZURE_WEBAPP_NAME: sampleapp # set this to the name of your web app
on: [push]
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Java version
uses: actions/[email protected]
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.DISTRIBUTION }}
cache: 'maven'
- name: Build with Maven
run: mvn clean install
- name: Login to Azure
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: '*.war'
You can find this full example using multiple jobs for build and deployhereas well.
Build and deploy a Node.js app to Azure using an Azure service principal. Note how thecredsinput references theAZURE_CREDENTIALSsecret that you created earlier.
name: JavaScript CI
on: [push]
name: Node.js
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: 'my-app-path' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '18.x' # set this to the node version to use
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# checkout the repo
- name: 'Checkout GitHub Action'
uses: actions/checkout@main
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Setup Node ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 'npm install, build, and test'
run: |
npm install
npm run build --if-present
npm run test --if-present
working-directory: my-app-path
# deploy web app using Azure credentials
- uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
# Azure logout
- name: logout
run: |
az logout
Build and deploy a Python app to Azure using an Azure service principal. Note how thecredsinput references theAZURE_CREDENTIALSsecret that you created earlier.
name: Python application
on:
[push]
env:
AZURE_WEBAPP_NAME: my-app # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set up Python 3.x
uses: actions/setup- Python @v4
with:
Python -version: 3.x
- name: Install dependencies
run: |
Python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Deploy web App using GH Action azure/webapps-deploy
uses: azure/webapps-deploy@v3
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
- name: logout
run: |
az logout
How do I deploy a WAR file through Maven plugin and OpenID Connect
In case you configured your Java Tomcat project with theMaven plugin,you can also deploy to Azure App Service through this plugin. If you use theAzure CLI GitHub actionit will make use of your Azure login credentials.
More information on the GitHub Action for CLI and how to use and configure it can be found in theAzure CLI GitHub action.
More information on the az webapp deploy command, how to use and the parameter details can be found in theaz webapp deploy documentation.
How do I deploy to a Container
With the Azure Web Deploy action, you can automate your workflow to deploy custom containers to App Service using GitHub Actions. Detailed information on the steps to deploy using GitHub Actions, can be found in theDeploy to a Container.
How do I update the Tomcat configuration after deployment
In case you would like to update any of your web apps settings after deployment, you can use theApp Service Settingsaction.
- uses: azure/appservice-settings@v1
with:
app-name: 'my-app'
slot-name: 'staging' # Optional and needed only if the settings have to be configured on the specific deployment slot
app-settings-json: '[{ "name": "CATALINA_OPTS", "value": "-Dfoo=bar" }]'
connection-strings-json: '${{ secrets.CONNECTION_STRINGS }}'
general-settings-json: '{ "alwaysOn": "false", "webSocketsEnabled": "true" }' #'General configuration settings as Key Value pairs'
id: settings
More information on this action and how to use and configure it can be found in theApp Service Settingsrepository.
Next steps
Check out references on Azure GitHub Actions and workflows: