How to configure Azure DevOps pipeline to deploy in Azure app service container?

Today three major companies are sharing the cloud market: AWS, GCP, and Azure. In this article, we are going to see one example of how to use Azure DevOps, the Azure tool for CI/CD.

Here is a tutorial to explain the basis of Azure DevOps pipeline configuration.

In this tutorial we will set up a pipeline that will do the following actions:
- When a Pull Request is created on master the tests are run
- When a commit (thus a merge) is done on the master 
- In parallel, a docker image is built, scanned, and pushed to an Azure Container Registry (ACR)
- When those two jobs are completed, deploy the application in your production environment using Blue/Green deployment.

Summary

Prerequisites

 

- In Azure, have a service principal to have the rights to connect to subscription

- In Azure Devops, a service connection using this service principal

- Resource group created in Azure where resources are created (MYRG)

- Azure Container Registry (ACR) set up in Azure name "ACR01" and authorized to be used by this pipeline (create a service connection in **Project settings > Pipelines > service connection**)

- App service with a staging slot created in Azure 

Trigger the pipeline

 

Here is the declaration of the action which triggers the pipeline:

 

With this declaration, the pipeline will be triggered with a commit on the master branch and for the creation of a pull request on the master branch.

CI

 

In the CI stage we want to declare:

  1. Tests should be run for each pipeline
  2. Build, scan, and push images in ACR only when a commit on master

These two operations shall be done in parallel to save time.

Warning: Make sure you have at least 2 agents declared in Project settings > Pipelines > Parallel jobs. See example if you are going to use Azure DevOps agents:

project-settings

 

Parallel jobs

Here is the configuration to have parallel jobs:

 

Here we are using Azure DevOps agents "ubuntu-latest"

In job Build_scan_push there is a condition saying that this job is executed only for a commit on the master branch.

 

Tests

 

The tests are described in the file tests.yaml and depend on your application. Here is an example:

 

Build

Here is how to build your image (file build.yaml):

 

Scan

In order to avoid any vulnerability in your image a scan is required. Here we use the Trivy solution (file scan.yaml):

 

Push

Once the image is built and scanned we can push it in the ACR (file push.yaml):

 

Deployment

Now we are going to describe the second stage where the application will be deployed in an Azure app service using the blue/green process. So first we will deploy the container in the app service staging slot. Then, when the application is fully started on the staging slot, swap the production slot and the staging slot.

 

This stage is executed only if the CI is succeeded and if the pipeline is triggered by a commit on master.

Final file

 

So here is the final file:

 

You have now set up a pipeline in Azure Devops to deploy your containered code in an App service. Your pipeline triggers automatically on different events on your repository. And you have optimized the time deployment using parallel jobs. 
back to top
Cyprien Lecallier

Cyprien Lecallier

Cyprien is a Site Reliability Engineer (SRE) at Padok. He is passionate about DevOps technologies, and he loves facing new challenges every day.

Contact Us

What do you think? Leave your comments here !

Copyright © 2019 Padok
Designed by Ideagency

PADOK, Expert DevOps & Cloud à Paris

48 Boulevard des Batignolles
Paris 75017