Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If your azd
template doesn't include a CI/CD pipeline definition file, you can create one to automate your application's build and deployment. A well-structured pipeline definition typically includes four main sections:
Trigger: Specifies events when the pipeline should run, such as code pushes to specific branches, pull requests, or manual triggers. Defining triggers ensures your pipeline runs automatically in response to development activities, enabling continuous integration and deployment.
Permissions: Specifies the access required for the pipeline to interact with resources securely. For example, grant permissions to read repository contents or request identity tokens. Correct permissions are essential for secure and successful deployments.
Operating System or Pool: Sets the environment for pipeline jobs, such as a specific virtual machine image (for example,
ubuntu-latest
) or an agent pool. Choosing the right environment ensures compatibility with your application's build and deployment requirements.Steps: Lists the tasks the pipeline performs, such as checking out code, installing dependencies, building, provisioning infrastructure, and deploying to Azure. Each step should be clearly defined to automate the end-to-end deployment process.
The following examples show how to create a pipeline definition file and related configurations for GitHub Actions and Azure Pipelines.
To run azd
in GitHub Actions, configure the following settings:
- Grant
id-token: write
andcontents: read
access scopes. - Install the azd action, unless using a Docker image with
azd
preinstalled.
Use this template as a starting point for your pipeline definition:
on:
workflow_dispatch:
push:
# Run when commits are pushed to mainline branch (main or master)
# Set this to the mainline branch you are using
branches:
- main
- master
# Set this permission if you are using a Federated Credential.
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
# azd build-in variables.
# This variables are always set by `azd pipeline config`
# You can set them as global env (apply to all steps) or you can add them to individual steps' environment
env:
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
## Define the additional variables or secrets that are required globally (provision and deploy)
# ADDITIONAL_VARIABLE_PLACEHOLDER: ${{ variables.ADDITIONAL_VARIABLE_PLACEHOLDER }}
# ADDITIONAL_SECRET_PLACEHOLDER: ${{ secrets.ADDITIONAL_SECRET_PLACEHOLDER }}
steps:
- name: Checkout
uses: actions/checkout@v4
# using the install-azd action
- name: Install azd
uses: Azure/setup-azd@v1.0.0
# # If you want to use azd-daily build, or install it from a PR, you can remove previous step and
# # use the next one:
# - name: Install azd - daily or from PR
# # Update this scrip based on the OS - pool of your pipeline. This example is for a linux pipeline installing daily build
# run: curl -fsSL https://aka.ms/install-azd.sh | bash -s -- --version daily
# shell: pwsh
# azd set up Federated Credential by default. You can remove this step if you are using Client Credentials
- name: Log in with Azure (Federated Credentials)
if: ${{ env.AZURE_CLIENT_ID != '' }}
run: |
azd auth login `
--client-id "$Env:AZURE_CLIENT_ID" `
--federated-credential-provider "github" `
--tenant-id "$Env:AZURE_TENANT_ID"
shell: pwsh
## If you set up your pipeline with Client Credentials, remove previous step and uncomment this one
# - name: Log in with Azure (Client Credentials)
# if: ${{ env.AZURE_CREDENTIALS != '' }}
# run: |
# $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
# Write-Host "::add-mask::$($info.clientSecret)"
# azd auth login `
# --client-id "$($info.clientId)" `
# --client-secret "$($info.clientSecret)" `
# --tenant-id "$($info.tenantId)"
# shell: pwsh
# env:
# AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
- name: Provision Infrastructure
run: azd provision --no-prompt
env:
# # uncomment this if you are using infrastructure parameters
# AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }}
## Define the additional variables or secrets that are required only for provision
# ADDITIONAL_VARIABLE_PLACEHOLDER: ${{ variables.ADDITIONAL_VARIABLE_PLACEHOLDER }}
# ADDITIONAL_SECRET_PLACEHOLDER: ${{ secrets.ADDITIONAL_SECRET_PLACEHOLDER }}
- name: Deploy Application
run: azd deploy --no-prompt
env:
## Define the additional variables or secrets that are required only for deploy
# ADDITIONAL_VARIABLE_PLACEHOLDER: ${{ variables.ADDITIONAL_VARIABLE_PLACEHOLDER }}
# ADDITIONAL_SECRET_PLACEHOLDER: ${{ secrets.ADDITIONAL_SECRET_PLACEHOLDER }}