This week I struggled with deploying an ASP.NET Core Web API to an Azure App Service using a GitHub Actions Workflow in combination with using OpenID Connect within that workflow.
First, I tried to do the deployment with the GitHub action azure/webapps-deploy@v3.
name: CI/CD
on:
push:
branches: ["main"]
permissions:
id-token: write
contents: read
env:
AZURE_CORE_OUTPUT: none
AZURE_WEBAPP_PACKAGE_PATH: "./app.zip"
DOTNET_VERSION: "9.0.x"
jobs:
build_test_publish:
name: Build, execute tests and publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Build
run: dotnet build src/ArbitraryAspNetCoreWebApi.sln --configuration Release
- name: Test
run: dotnet test src/ArbitraryAspNetCoreWebApi.sln --configuration Release --no-build --verbosity normal
- name: Publish
run: dotnet publish src/ArbitraryAspNetCoreWebApi --configuration Release --output ./temp
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: arbitrary-aspnetcore-webapi
path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
deploy:
name: Deploy to Azure Web App
runs-on: ubuntu-latest
environment: dev
needs: [build_test_publish]
steps:
- name: Download artifact
uses: actions/download-artifact@v4
- uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy to Azure Web App
uses: azure/webapps-deploy@v3
with:
app-name: kv-secret-rotation-sample-appsrv-dev
resource-group-name: kv-secret-rotation-sample-rg-dev
package: .
- name: Logout
run: |
az logout
Unfortunately, I didn’t manage to get it to work. I always ended up with the following error during deployment step.
Error: Deployment Failed, Error: No credentials found. Add an Azure login action before this action. For more details refer https://github.com/azure/login
I finally ended up creating a GitHub issue for it.
UPDATE 26.12.2024
Removing/commenting out AZURE_CORE_OUTPUT: none fixes the error
Next, I tried it with the GitHub action azure/cli@v2.
name: CI/CD
on:
push:
branches: ["main"]
permissions:
id-token: write
contents: read
env:
AZURE_CORE_OUTPUT: none
AZURE_WEBAPP_PACKAGE_PATH: "./app.zip"
DOTNET_VERSION: "9.0.x"
jobs:
build_test_publish:
name: Build, execute tests and publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Build
run: dotnet build src/ArbitraryAspNetCoreWebApi.sln --configuration Release
- name: Test
run: dotnet test src/ArbitraryAspNetCoreWebApi.sln --configuration Release --no-build --verbosity normal
- name: Publish
run: dotnet publish src/ArbitraryAspNetCoreWebApi --configuration Release --output ./temp
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: arbitrary-aspnetcore-webapi
path: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
deploy:
name: Deploy to Azure Web App
runs-on: ubuntu-latest
environment: dev
needs: [build_test_publish]
steps:
- name: Download artifact
uses: actions/download-artifact@v4
- uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy to Azure Web App
uses: azure/cli@v2
with:
inlineScript: |
az webapp deploy --resource-group kv-secret-rotation-sample-rg-dev --name kv-secret-rotation-sample-appsrv-dev --src-path $GITHUB_WORKSPACE/arbitrary-aspnetcore-webapi/app.zip --track-status false
- name: Logout
run: |
az logout
And I failed again with the following error during deployment step.
ERROR: Either '/home/runner/work/dotnet-webapi-using-az-key-vault-secret-rotated-by-terraform/dotnet-webapi-using-az-key-vault-secret-rotated-by-terraform/arbitrary-aspnetcore-webapi.zip' is not a valid local file path or you do not have permissions to access it
The problem was, that the zip file I wanted to deploy was not really a zip file but the output of dotnet publish. The error message is somehow a bit misleading. After properly creating the zip file right after the publish step, the deployment finally succeeded.
- name: Create Zip
shell: pwsh
run: |
cd ./temp
zip -r ../app.zip ./*
The full GitHub Actions Workflow can be found here.
I hope this saves others from headaches.
Leave a Reply