使用 Github Actions 进行持续交付Continuous delivery by using GitHub Action

可以通过 GitHub Actions 定义一个工作流,以便自动生成函数代码并将其部署到 Azure 中的函数应用。GitHub Actions lets you define a workflow to automatically build and deploy your functions code to function app in Azure.

在 GitHub Actions 中,工作流是在 GitHub 存储库中定义的自动化过程。In GitHub Actions, a workflow is an automated process that you define in your GitHub repository. 此过程告知 GitHub 如何在 GitHub 中生成和部署函数应用项目。This process tells GitHub how to build and deploy your functions app project on GitHub.

工作流通过存储库的 /.github/workflows/ 路径中的 YAML (.yml) 文件定义。A workflow is defined by a YAML (.yml) file in the /.github/workflows/ path in your repository. 此定义包含组成工作流的各种步骤和参数。This definition contains the various steps and parameters that make up the workflow.

对于 Azure Functions 工作流,此文件有三个部分:For an Azure Functions workflow, the file has three sections:

部分Section 任务Tasks
身份验证Authentication
  1. 定义服务主体。Define a service principal.
  2. 下载发布配置文件。Download publishing profile.
  3. 创建 GitHub 机密。Create a GitHub secret.
生成Build
  1. 设置环境。Set up the environment.
  2. 生成函数应用。Build the function app.
部署Deploy
  1. 部署函数应用。Deploy the function app.

备注

如果决定使用发布配置文件进行身份验证,则不需创建服务主体。You do not need to create a service principal if you decide to use publishing profile for authentication.

创建服务主体Create a service principal

可以在 Azure CLI 中使用 az ad sp create-for-rbac 命令创建服务主体You can create a service principal by using the az ad sp create-for-rbac command in the Azure CLI.

az ad sp create-for-rbac --name "myApp" --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Web/sites/<APP_NAME> --sdk-auth

在此示例中,请将资源中的占位符替换为你的订阅 ID、资源组以及函数应用名称。In this example, replace the placeholders in the resource with your subscription ID, resource group, and function app name. 输出是用于访问函数应用的角色分配凭据。The output is the role assignment credentials that provide access to your function app. 请复制此 JSON 对象,它可以用来从 GitHub 进行身份验证。Copy this JSON object, which you can use to authenticate from GitHub.

重要

始终应授予最小访问权限。It is always a good practice to grant minimum access. 这是在上一示例中将范围限制为特定的函数应用而不是整个资源组的原因。This is why the scope in the previous example is limited to the specific function app and not the entire resource group.

下载发布配置文件Download the publishing profile

若要下载函数应用的发布配置文件:To download the publishing profile of your function app:

  1. 选择函数应用的“概述”页,然后选择“获取发布配置文件” 。Select the function app's Overview page, and then select Get publish profile.

    下载发布配置文件

  2. 保存并复制发布设置文件的内容。Save and copy the contents of the publish settings file.

配置 GitHub 机密Configure the GitHub secret

  1. GitHub 中浏览到存储库,选择“设置” > “机密” > “添加新机密”。In GitHub, browse to your repository, select Settings > Secrets > Add a new secret.

    添加机密

  2. 添加新机密。Add a new secret.

    • 如果使用的是通过使用 Azure CLI 创建的服务主体,请使用 AZURE_CREDENTIALS 作为“名称”。If you're using the service principal that you created by using the Azure CLI, use AZURE_CREDENTIALS for the Name. 然后,将复制的 JSON 对象输出粘贴为“值”,并选择“添加机密” 。Then, paste the copied JSON object output for Value, and select Add secret.
    • 如果使用的是发布配置文件,请使用 SCM_CREDENTIALS 作为“名称”。If you're using a publishing profile, use SCM_CREDENTIALS for the Name. 然后使用发布配置文件的文件内容作为“值”,并选择“添加机密” 。Then, use the publishing profile's file content for Value, and select Add secret.

GitHub 现在可以针对 Azure 中的函数应用进行身份验证了。GitHub can now authenticate to your function app in Azure.

设置环境Set up the environment

设置环境是使用特定于语言的发布设置操作完成的。Setting up the environment is done using a language-specific publish setup action.

以下示例显示了使用 actions/setup-node 操作设置环境的工作流部分:The following example shows the part of the workflow that uses the actions/setup-node action to set up the environment:

    - name: 'Login via Azure CLI'
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    - name: Setup Node 10.x
      uses: actions/setup-node@v1
      with:
        node-version: '10.x'

生成函数应用Build the function app

这取决于语言。对于 Azure Functions 支持的语言,应该可以将此部分视为每种语言的标准生成步骤。This depends on the language and for languages supported by Azure Functions, this section should be the standard build steps of each language.

以下示例显示了生成函数应用的工作流部分,该部分是特定于语言的:The following example shows the part of the workflow that builds the function app, which is language specific:

    - name: 'Run npm'
      shell: bash
      run: |
        # If your function app project is not located in your repository's root
        # Please change your directory for npm in pushd
        pushd .
        npm install
        npm run build --if-present
        npm run test --if-present
        popd

部署函数应用Deploy the function app

若要将代码部署到函数应用,需使用 Azure/functions-action 操作。To deploy your code to a function app, you will need to use the Azure/functions-action action. 该操作有两个参数:This action has two parameters:

参数Parameter 说明Explanation
app-nameapp-name (必需)函数应用的名称。(Mandatory) The name of your function app.
slot-nameslot-name (可选)要部署到其中的部署槽的名称。(Optional) The name of the deployment slot you want to deploy to. 该槽必须已经在函数应用中定义。The slot must already be defined in your function app.

以下示例使用第 1 版 functions-actionThe following example uses version 1 of the functions-action:

    - name: 'Run Azure Functions Action'
      uses: Azure/functions-action@v1
      id: fa
      with:
        app-name: PLEASE_REPLACE_THIS_WITH_YOUR_FUNCTION_APP_NAME

后续步骤Next steps

若要查看完整的工作流 .yaml 文件,请参阅 Azure GitHub Actions 工作流示例存储库中名称包含 functionapp 的文件之一。To view a complete workflow .yaml file, see one of the files in the Azure GitHub Actions workflow samples repo that have functionapp in the name. 可以使用这些示例作为工作流的起点。You can use these samples a starting point for your workflow.