Wednesday, March 9, 2022

Deploy your App Service flexibly with Azure DevOps pipeline

When deploying contents to App Services, usually we use CI/CD pipeline to make the deployment automatically and continuously.
For Azure DevOps pipeline, we usually use the "Azure Web App" task to deploy the related contents to Azure App Service. In this blog, we are introducing using KUDU API in Azure DevOps pipeline to make the app service deployment more flexible.
KUDU API provide the way to operate the App Service SCM/KUDU site easily. Such as you can do ZIP deployment, delete/undeploy files and get certain files etc.
Since KUDU API needs basic auth for authentication, we need to get the related credentials before configuring Azure DevOps pipeline. There are two kinds of credentials which you can use - Site level credential and user level credential. Below are the detailed steps to show how to get the site level credential and user level credential.
Site level credential
There are two options which you can use to get the site level credential.
Option 1: get from publish profile
In Azure portal -> Get publish profile -> then you can find the related username and password.
Option 2: get from deployment center
In Deployment Center -> Deployment Credentials -> get the related credential (the username is the part after the "\", as "$marAppService" in below example).
User level credential
In Deployment Center, you can also set and use user level credentials. The difference between app level credential and user level credential is that user level credential can be used for different app services, while app level credential can only be used for certain app service.
Azure DevOps pipeline settings
After getting the credential for KUDU API, we can start to configure the Azure DevOps pipeline. In this blog, we will only undeploy/delete the war file (site/wwwroot/mar.war) before deploying new changes to App Service, so we will use PowerShell task to call the KUDU API (DELETE /api/vfs/{path}) before Azure Web App task. Below are the detailed configurations for the pipeline:


1. Define KUDU API credential in pipeline variables

For the password, we can use the secret variable type to store the value. For the username, we need to add the escape character "`" before "$" to avoid the username value being treated as a PowerShell variable.



2. Add PowerShell Task to call the KUDU API

Before the "Azure Web App" task (you can also use KUDU API to do the ZIP deployment), we can add a PowerShell task. The example PowerShell script as below:
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "$(app_username)", "$(app_password)")))
$userAgent = "powershell/2.0"
$HeaderValues = @{
    'Authorization' = ('Basic {0}' -f $base64AuthInfo)
    'If-Match'      = '*'

$body = ""
$response = Invoke-RestMethod '' -Method 'DELETE' -Headers $HeaderValues -Body $body
$response | ConvertTo-Json
Write-Output "delete succeed"
Write-Output "delete failed"
For Azure DevOps variable syntax, the format is $(variable_name), so we use the defined variable with the format $(app_username) and $(app_password) here.
Using KUDU API in Azure DevOps can make the deployment of app service more flexible. Try to explore more usages based on your customized needs.
Posted at