Azure Devops: agentless deployment to Azure App Service - azure

I´m preparing a release to deploy a web app to a Azure App Service and seems that this task is not available as part of an agentless job. Thinking a bit about it, I wonder why. I mean: In my understanding, deploy to Azure is essentially take the artifact (assuming that is already stored in Azure devops) and deploy in the resource provided in the service connection through the actions performed by the Deployment task.
I would say that this process does not (necessarily) requires an agent out of the Azure Devops environment to be done (at the end, we are moving things between PaaS) but seems that we are enforced to use it.
Is my thought correct or I'm missunderstanding anything?
Any way to perform this kind of deployment without agents? (my Azure App Service has a private endpoint, so only self-hosted agents are able to reach it and I would like to avoid create them)

Any Azure DevOps Pipeline needs an Agent to run it (the workload must run somewhere, right?). If you use private endpoints and you want to PUSH your deployment to Azure App Services, you will have to create a self-hosted Agent that is connected to the App Service VNET. There is no way around it.
However, Azure App Service enables continuous deployment from Azure Repos repositories by pulling the sources (See Continuous deployment to Azure App Service. This will probably also work with private endpoints (not tested it).

Related

Is there a way to deploy an Azure DevOps repo to an Azure VM?

Essentially what I'm wanting to happen is the following:
Push changes to .NET Core app in Azure DevOps repo
Changes get pulled down to an Azure VM
dotnet publish the pulled down code to a directory
I've tried creating a Release pipeline and I'm able to create an IIS website, etc. but there aren't any options for deploying a .NET Core app
The Azure DevOps Project simplifies the setup of an entire continuous integration (CI) and continuous delivery (CD) pipeline to Azure with Azure DevOps. You can start with existing code or use one of the provided sample applications. Then you can quickly deploy that application to various Azure services such as Virtual Machines, App Service, Azure Kubernetes Services (AKS), Azure SQL Database, and Azure Service Fabric.
it is explained in the below link.
https://www.azuredevopslabs.com/labs/vstsextend/azuredevopsprojectdotnet/

Use approval with deployment to azure app service from azure pipeline

We are creating a yaml pipeline that uses the AzureRmWebAppDeployment#4 task to deploy the code to an app service.
Before, we deployed to our own virtual machines, and we could register the virtual machine as an environment in azure devops, and register a deployment agent as a resource to it. Then we could add an approval gate to the environment to make sure approval is required to be able to deploy to the environment.
Now with azure app services, there doesn't seem to be a way to register the app service as an environment, so we have not Environment to set the approval gate on.
How can we add an approval to the deployment of our app? I find it hard to believe it is not possible for app services.
I discovered it's possible to add approvals to a service connection in the same way you can with environments. This allows me to add a gate to my deployment!

How to deploy Azure Logic App and prerequisite?

I've built a Logic App on Azure and it's working fine, this app connects to an API and then puts the data into an SQL server.
This app will need to be deployed to another subscription/resource group entirely at some point, I'm just wondering about the recommended methods for this, at the moment I'm attempting to use Azure DevOps to automate this process, and while I can run SQL against databases that are already there, I'm having trouble with deploying the logic app and then linking it to the SQL database previously deployed.
I'm using Power Shell on Azure DevOps as there doesn't seem to individual actions that I can use to deploy a particular resource (such as a Logic App).
Is Azure DevOps the way to go? Am I just missing something simple?
Logic app requires connection resources which have the credential information for talking to mail or Azure blob. These have to be created in the target resource group.
You can download the logic app and connections as an ARM template using Logic app VS tools.
You can then deploy this ARM template any other subscription or resource group.
However, OAuth based connections like "mail" will have to be authenticated manually in the new resource group.

Understanding Azure Release Pipeline

I'm very new with Azure DevOps and I need some help to understand how to create a Release Pipeline. The Microsoft Doc is very extensive but I can't find what I'm looking for.
I've created a Build Pipeline with the sample python repository. Then I would like to create a Release Pipeline. I linked my account with my subscription, select the App type, but then I'm asking for App service name.
What is this App service ? How can I create it ?
On their documentation (here) they are just saying
App Service Name: Select the name of the web app from your subscription..
No more explanation.
Could someone please give me more information about that ?
Thanks a lot
An Azure DevOps release pipeline deploys the artifacts that are the output of a build pipeline to some environment that you define (Test, QA, Production, etc.).
For web apps the environment will be a "web hosting" (for other apps it could be something different).
The "web hosting" can be a 3rd party (you would deploy using tasks for FTP, WebDeploy, etc.) or it can be Azure "web hosting" PaaS offering, which is named Azure Web Apps.
Azure Web Apps require an Azure App Service Plan (which defines its characteristics and pricing): https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
Note: an Azure App Service can be used not only to host web apps but also to host the back-end (Web APIs) of mobile apps, containers and serverless functions apps. See App Service overview and for high scale and security see Introduction to the App Service Environments
The template for the Release Pipeline that you have chosen (assuming is the one named "Deploy a Python app to Azure App Service and Azure database for MySQL") is intended to "Deploy a Python Django, Bottle, or Flask application to an Azure Web App and database to Azure Database for MySQL." Since it's deploying to an Azure Web App, the task asks you for its Azure Subscription and its App Service Plan within that subscription.
So, if you plan to deploy to an Azure Web App, create a Service Plan in your Azure subscription (you can use the Azure Portal, Azure CLI, etc.). Otherwise remove the task and use a different task to deploy to your 3rd party web hosting.
If you are new to Azure DevOps and want to try out all the cool things, I suggest you to follow Azure DevOps Labs which has a great content to get started from Zero to Advanced.

Can I connect VSTS to multiple Azure Accounts using Service Connections?

I want to deploy a web app using CI/CD from VSTS to multiple (customer) Azure accounts. So not multiple subscriptions within the same Azure account, but multiple different Azure accounts owned by customers.
The app is a managed app from the Azure Marketplace so I have full access to the resource group in which the app resides.
Is there an easy way to do this using service connections and the web deploy task or should I be using Powershell to do this and script it myself?
Please create multiple Service Connections in your VSTS which used to connect to these Azure account first.
Then please create a Release pipeline with multiple environments. Then add Deploy task for every environment and choose different Azure Service Connections in different environment. Then you could deploy one app to different Azure environment through one release pipeline.
It turns out that with a Managed App, for every customer deployment a resource group is created that I own and therefore shows up in my Azure account.
So from VSTS I can just use Service Connections to those resource groups, no need to connect to these other Azure accounts.

Resources