Tutorial: Use GitHub Actions to deploy to an App Service custom container and connect to a database

Article
10/10/2024

This tutorial walks you through setting up a GitHub Actions workflow to deploy a containerized ASP.NET Core application with an Azure SQL Database backend. When you're finished, you have an ASP.NET app running in Azure and connected to SQL Database. You'll first create Azure resources with an ARM template GitHub Actions workflow.

In this tutorial, you learn how to:

Use a GitHub Actions workflow to add resources to Azure with a Azure Resource Manager template (ARM template)
Use a GitHub Actions workflow to build a container with the latest web app changes

If you don't have an Azure subscription, create a trial account before you begin.

Prerequisites

To complete this tutorial, you'll need:

An Azure account with an active subscription. Create a trial subscription.
A GitHub account. If you don't have one, sign up for free.
- A GitHub repository to store your Resource Manager templates and your workflow files. To create one, see Creating a new repository.

Download the sample

Fork the sample project in the Azure Samples repo.

https://github.com/Azure-Samples/dotnetcore-containerized-sqldb-ghactions/

Create the resource group

Use the Azure CLI.

    az group create --name {resource-group-name} --location {resource-group-location}

Generate deployment credentials

You'll need to authenticate with a service principal for the resource deployment script to work. You can create a service principal with the az ad sp create-for-rbac command in the Azure CLI.

    az ad sp create-for-rbac --name "{service-principal-name}" --sdk-auth --role contributor --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group-name}

In the example, replace the placeholders with your subscription ID, resource group name, and service principal name. The output is a JSON object with the role assignment credentials that provide access to your App Service app. Copy this JSON object for later. For help, go to configure deployment credentials.

  {
    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",
    (...)
  }

Important

It is always a good practice to grant minimum access. The scope in the previous example is limited to the specific App Service app and not the entire resource group.

Configure the GitHub secret for authentication

In GitHub, go to your repository.
Select Security > Secrets and variables > Actions.
Select New repository secret.
Paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret the name AZURE_CREDENTIALS.
Select Add secret.

Add a SQL Server secret

Create a new secret in your repository for SQL_SERVER_ADMIN_PASSWORD. This secret can be any password that meets the Azure standards for password security. You won't be able to access this password again so save it separately.

Create Azure resources

The create Azure resources workflow runs an ARM template to deploy resources to Azure. The workflow:

Checks out source code with the Checkout action.
Logs into Azure with the Azure Login action and gathers environment and Azure resource information.
Deploys resources with the Azure Resource Manager Deploy action.

To run the create Azure resources workflow:

Open the azuredeploy.yaml file in .github/workflows within your repository.
Update the value of AZURE_RESOURCE_GROUP to your resource group name.
Update the values of WEB_APP_NAME and SQL_SERVER_NAME to your web app name and sql server name.
Go to Actions and select Run workflow.
Verify that your action ran successfully by checking for a green checkmark on the Actions page.

Add container registry and SQL secrets

In the Azure portal, open your newly created Azure Container Registry in your resource group.
Go to Access keys and copy the username and password values.
Create new GitHub secrets for ACR_USERNAME and ACR_PASSWORD password in your repository.
In the Azure portal, open your Azure SQL database. Open Connection strings and copy the value.
Create a new secret for SQL_CONNECTION_STRING. Replace {your_password} with your SQL_SERVER_ADMIN_PASSWORD.

Build, push, and deploy your image

The build, push, and deploy workflow builds a container with the latest app changes, pushes the container to Azure Container Registry and, updates the web application staging slot to point to the latest container pushed. The workflow containers a build and deploy job:

The build job checks out source code with the Checkout action. The job then uses the Docker login action and a custom script to authenticate with Azure Container Registry, build a container image, and deploy it to Azure Container Registry.
The deployment job logs into Azure with the Azure Login action and gathers environment and Azure resource information. The job then updates Web App Settings with the Azure App Service Settings action and deploys to an App Service staging slot with the Azure Web Deploy action. Last, the job runs a custom script to update the SQL database and swaps staging slot to production.

To run the build, push, and deploy workflow:

Open your build-deploy.yaml file in .github/workflows within your repository.
Verify that the environment variables for AZURE_RESOURCE_GROUP and WEB_APP_NAME match the ones in azuredeploy.yaml.
Update the ACR_LOGIN_SERVER value for your Azure Container Registry login server.

AI Skills Fest