How to configure Azure DevOps pipeline to deploy in Azure app service container?

Today three major companies share the cloud market: AWS, GCP and Azure. In this article we are going to see one example of how to use Azure Devops, the Azure tool for CI/CD.

Here is a tutorial to explain the basis of Azure DevOps pipeline configuration.

In this tutorial we will set up a pipeline which will do the following actions:

- When a Pull Request is created on master the tests are run

- When a commit (thus a merge) is done on master:

 - Tests are run

 - In parallel, a docker image is build, scanned and pushed to an Azure Container Registry (ACR)

 - When those two jobs are completed, deploy the application in your production environment using Blue/Green deployment.

Prerequisites

 

- In Azure, have a service principal to have the rights to connect to subscription

- In Azure Devops, a service connection using this service principal

- Resource group created in Azure where resources are created (MYRG)

- Azure Container Registry (ACR) set up in Azure name "ACR01" and authorized to be used by this pipeline (create a service connection in **Project settings > Pipelines > service connection**)

- App service with a staging slot created in Azure 

Trigger the pipeline

 

Here is the declaration of the action which trigger the pipeline:

 

With this declaration the pipeline will be triggered with a commit on master branch and for the creation of a pull request on master branch.

CI

 

In the CI stage we want to declare:

  1. Tests should be run for each pipeline
  2. Build, scan and push images in ACR only when a commit on master

These two operations shall be done in parallel to save time.

Warning: Make sure you have at least 2 agents declared in Project settings > Pipelines > Parallel jobs. See example if you are going to use Azure DevOps agents:

Project Settings

 

Parallel jobs

Here is the configuration to have parallel jobs:

 

Here we are using Azure DevOps agents "ubuntu-latest"

In job Build_scan_push there is a condition saying that this job is executed only for a commit on master branch.

 

Tests

 

The tests are described in the file tests.yaml and depend on your application. Here is an example:

 

Build

Here is how to build your image (file build.yaml):

 

Scan

In order to avoid any vulnerability in your image a scan is required. Here we use Trivy solution (file scan.yaml):

 

Push

Once the image is build and scanned we can push it in the ACR (file push.yaml):

 

Deployment

Now we are going to describe the second stage where the application will be deployed in an Azure app service using the blue/green process. So first we will deploy the container in the app service staging slot. Then, when the application is fully started on staging slot, swap the production slot and the staging slot.

 

This stage is executed only if the CI is succeeded and if the pipeline is triggered by a commit on master.

Final file

 

So here is the final file:

 

You have now set up a pipeline in Azure Devops to deploy your containered code in an App service. Your pipeline triggers automatically on different events on your repository. And you have optimized the time deployment using parallel jobs. 

Cyprien Lecallier

Cyprien Lecallier

Cyprien is a Site Reliability Engineer (SRE) at Padok. He is passionate about DevOps technologies, and he loves facing new challenges every day.

What do you think? Leave your comments here !