Technology DevOps
• 1 min

How to configure Azure DevOps pipeline to deploy in Azure app service container?

Cyprien Lecallier

Cyprien Lecallier

27 January 2021

Today three major companies are sharing the cloud market: AWS, GCP, and Azure. In this article, we are going to see one example of how to use Azure DevOps, the Azure tool for CI/CD.

Here is a tutorial to explain the basis of Azure DevOps pipeline configuration.

In this tutorial we will set up a pipeline that will do the following actions:
– When a Pull Request is created on master the tests are run
– When a commit (thus a merge) is done on the master 
– In parallel, a docker image is built, scanned, and pushed to an Azure Container Registry (ACR)
– When those two jobs are completed, deploy the application in your production environment using Blue/Green deployment.

Prerequisites

- In Azure, have a service principal to have the rights to connect to subscription

- In Azure Devops, a service connection using this service principal

- Resource group created in Azure where resources are created (MYRG)

- Azure Container Registry (ACR) set up in Azure name "ACR01" and authorized to be used by this pipeline (create a service connection in **Project settings Pipelines service connection**)

- App service with a staging slot created in Azure

Trigger the pipeline

Here is the declaration of the action which triggers the pipeline:

With this declaration, the pipeline will be triggered with a commit on the master branch and for the creation of a pull request on the master branch.

CI

In the CI stage we want to declare:

  1. Tests should be run for each pipeline
  2. Build, scan, and push images in ACR only when a commit on master

These two operations shall be done in parallel to save time.

Warning: Make sure you have at least 2 agents declared in Project settings Pipelines Parallel jobs. See example if you are going to use Azure DevOps agents:

project-settings

Parallel jobs

Here is the configuration to have parallel jobs:

Here we are using Azure DevOps agents "ubuntu-latest"

In job Build_scan_push there is a condition saying that this job is executed only for a commit on the master branch.

Tests

The tests are described in the file tests.yaml and depend on your application. Here is an example:

Build

Here is how to build your image (file build.yaml):

Scan

In order to avoid any vulnerability in your image a scan is required. Here we use the Trivy solution (file scan.yaml):

Push

Once the image is built and scanned we can push it in the ACR (file push.yaml):

Deployment

Now we are going to describe the second stage where the application will be deployed in an Azure app service using the blue/green process. So first we will deploy the container in the app service staging slot. Then, when the application is fully started on the staging slot, swap the production slot and the staging slot.

This stage is executed only if the CI is succeeded and if the pipeline is triggered by a commit on master.

Final file

So here is the final file:

You have now set up a pipeline in Azure Devops to deploy your containered code in an App service. Your pipeline triggers automatically on different events on your repository. And you have optimized the time deployment using parallel jobs.