I am automating deployment of a solution to Azure for CI purposes in powershell. I will be using WebDeploy to deploy websites and webjobs. I plan to create the CI user in Azure AD once for all environments, attach him to the subscription, download appropriate publishprofile file and put this file in the repository. Then use Import-AzurePublishSettingsFile while deployment is running on CI. Is this the optimal way to do it? Can I assume that the credentials stored in this file won't expire?
Since the .publishsettings file mechanism is no longer been worked on, you should create an Azure Active Directory Service Principal to grant access for your CI environment to Azure.
Import-AzurePublishSettingsFile is using a .publishsettings file that has been downloaded using the Get-AzurePublishSettingsFile. This command will create a certificate in your subscription.
You can login the Azure Classic Portal.
Click Settings > Management certificates, and search with the downloaded .publishsettings file name.
You will be able to get the expire date of the certificate. It's usually one year long. I am not sure if it's long enough for you.
If your need a longer term, I suggest you to upload your own certificate, and use certificate instead. For more information, see Upload an Azure Management API Management Certificate
For more detail about how to use the uploaded certificates, see Getting Started with Azure PowerShell Cmdlets–Subscription Management
Related
I'm just trying to get my fist Release pipeline underway.
Our current infastrucure setup is that we have a number of On Prem VM's which I have deployed the Azure Agents as per the deployment group setup.
The issue I have at the moment is that the deployment first tries to download the artifact from our build server using a file share.
However, currently the deployment machine cant see the file share. I gather I am supposed to be able to see the file share. I'm not entirely sure how to share this folder on the build machine?
Am I supposed to just create a share for everyone to see? Or is there a particluar user/role that I am having to share it for?
Our current infastrucure setup is that we have a number of On Prem VM's which I have deployed the Azure Agents as per the deployment group setup.
You need to check which user is used to run the tasks on the agent. You can add a powershell task with inline script: whoami.
You need to make sure the account have access to the file share.
In addition, when you publish artifact, you can select file share to store the artifact and then you can consume the artifact in the release pipeline. Please check the link for the details.
My "Download artifacts from file share" in release pipeline screenshot:
In the instructions to deploy a Gatsby app to it relies on a Github repository to deploy. But my repository specifically ignores (ala .gitiignore) files that contain secret keys. What is the best way to deploy a Gatsby app to Azure with secrets?
The best way would be using Secure files in azure devops.
Go to Azure project portal --> Pipelines-->Library-->Secure files Tab-->click + Secure file to upload the files which contain secret keys to azure devops server.
Then you can consume the secure files in a Pipeline by using Download Secure File task.
After the secure file is downloaded in the pipeline, its path can be referenced in the pipeline as $(mySecureFile.secureFilePath) (mySecureFile is the name given to the task). Alternatively, downloaded secure files can be found in the directory given by $(Agent.TempDirectory)
You can also use Copy files task to move the secure file around in the agent machine.
I have been using azure PowerShell tasks to update my app settings in the portal for all the web apps and would like to know if there is any other way to do the same.
I don't want to make the changes in the config files alone. The changes have to be made in the azure portal as well.
There are a few third-party tools to accomplish this and avoid Powershell. Basically it takes your VSTS variables, and sets them in Azure. You install these as release tasks.
Azure WebApp Configuration task
Azure App Service: Set App settings
In current Azure stack you have two options.
For secured settings you should rather use "Azure Key Vault"
For Centralized app settings you should use "Azure App Configuration" which is in public preview.
I need to publish 3 webapp to azure using release manager from TFS, and I need all of these 3 apps inside wwwroot subfolder:
wwwroot\app1
wwwroot\app2
wwwroot\app3
This is because I have a azure virtual application pointing to each of this folders.
I have a release for each app. Each app should deploy not to wwwroot, but to a folder inside wwwroot (app1, app2 or app3).
At this moment what I'm doing as a workaround is deploying a package (zip) with the name of the folder that I need (app1, app2 or app3), however, this is just a workaround, because if I activate "clean" in the release task, this clean all wwwroot folders and clean the other apps.
Is there anyway to deploy using some Task to a specific folder instead root folder (wwwroot)? Or, is there a way to deploy to azure virtual application?
If not, is it possible to send me a powershell command to delete a specific folder in the wwwroot?
I'm using "Azure Web App Deployment" task that uses Publish-AzureWebsiteProject PS command, but I don't know if it's possible to send some argument to send this to a specific folder inside wwwroot? Is there some argument to do that?
Thank you all for the availability
You could directly use the AzureRM Web App Deployment task released by Microsoft which allows for virtual directories.
Update
It's a build-in task called Azure APP Service Deploy
The task you are using-- Azure Web App Deployment is deprecated.
NOTE: This task has been deprecated. To update Azure App Services using Web Deploy or Kudu REST APIs, use the Azure App Service
Deploy task.
We recommend you replace the Azure Web App Deployment task with the
Azure App Service Deploy task in all your build or release
definitions.
I found another solution. Using cURL to upload by FTP and I can control each individual folder.
Anyway, if someone knows how to deploy directly to a virtual app directory, please provide answer :)
Thank you
I'm trying to provision some Azure Websites using Powershell and am not sure how to configure Bitbucket deployment. Is this possible? Using the Service Management cmdlets I see that there is explicit support for Github deployment, but not Bitbucket. Perhaps there's a way using the new Resource Manager cmdlets, but there's very little documentation that I can find.
This feature isn't yet present in the PowerShell New-AzureWebsite Cmdlet and can only be configured when provisioning a new Website via the Management Portal.