I would like to deploy my Node.js app via GitHub to Azure.
I intend to make the app open source, thus no private info would be published in the repo; however, I still need to push the necessary credentials, API keys, etc. for the app to connect to other services.
How can I deploy the app without resorting to the private Git endpoint, and then awkward copy-pasting between the repos?
Typically you'll want to utilize an npm module like nconf to load environment variables from either a file or environment variables.
config.json is just a JSON document listing your key:value pairs. You'll want to add config.json to your .gitignore file to ensure you don't share your credentials publically.
Within the Azure Portal, you'll want to add your credentials as key:value pairs under Application Settings.
Note: You may be wondering what will happen if config.json is not found. nconf will simply move on to the next chained option. You could continue to chain config options together as in the following code snippet:
var nconf = require('nconf');
// Create nconf environtment
nconf
.file({ file: 'config.json' }) // Committed to repo; public settings
.file({file: 'local_config.json'}) // Not committed to repo; private or dev environment settings
.env();
Persistent data can be stored under d:\home, so I would recommend placing your private customizations there. If they need to be applied to the site in some way, you should do this by writing a deployment hook.
Set configuration as environment variables found in the "App Settings" section under Settings->Application Settings. Rationale here.
Your issue seems to be continuous deployment for Web App via Git from GitHub repo.
So I think #Dark Falcon 's answer is correct.
Azure continuous deployment support GitHub just need to do OAuth authentication in Azure Portal.
Find out the link "set up deployment from source control" at Azure WebApp Dashboard page and do it step by step, as the pictures below.
There is some blogs and vedio tutorials for details of helping you.
The blog explains how to use continuous deployment support for repo hosted on GitHub http://azure.microsoft.com/en-us/blog/using-app-service-web-apps-continuous-deployment-with-github-organizations/.
You also can follow these vedio tutorials to try to do it, as the references below.
http://azure.microsoft.com/en-us/documentation/videos/create-a-nodejs-site-deploy-from-github/
http://azure.microsoft.com/en-us/documentation/videos/deploying-to-azure-from-github/
https://channel9.msdn.com/Series/Windows-Azure-Web-Sites-Tutorials/Github-Continuous-Delivery-in-the-Preview-Portal.
Best Regards.
Related
How can I change the appsettings on the preview environemnts that are generated by the Azure Static Web Apps CI/CD Github Action for each pull request?
I can go to the portal, navigate to the generated environment and change its appsettings. Doing this manually for each new pull request is error prone and will become tedious really fast.
I couldn't find any reference to this in the Build Configuration For Azure Static Webapps docs so I'm assuming it can't be configured that way.
I also couldn't find any reference to SWA environments in the CLI docs.
I looked into deployment environments but it looks like this is some other kind of deployment environment as it keeps mentioning devcenter.
In Azure Portal, While Creating Static Web App, after providing the GitHub Repo and Branch details, we will get an option to preview the Workflow file.
I can go to the portal, navigate to the generated environment and change its appsettings
Yes, In Configuration Section we have an option to add the App settings. But it is a manual work, which is not advised to follow.
Once we click on Review + create and create the Static Web App, a new folder with name .github/workflows will be created in the GitHub Repository.
It contains the same workflow file (preview file), which we saw while creating the Static WebApp in Azure Portal.
We can edit the Workflow manually.
To update the appsettings/configurations in the workflow, we can specify the steps in the existing workflow file.
We can use either Powershell/Azure CLI commands to update the Appsettings.
az staticwebapp appsettings set --name YourStaticWebAppname --setting-names "message=HelloEveryOne"
***Sample code for Updating App settings: ***
Before Build and deploystep in Workflow, add the below steps.
- name: Build And Deploy
- run : Your Update appsettings Script
To edit the Workflow file, click on the .github/workflow => .yml file
References taken from MSDoc 1 and 2.
Update
As per the discussion in GitHub, adding appsettings to the preview environment is not currently supported in the default Azure Static Web Apps CI/CD.
Setting appsettings on a specific environment is not currently supported in the Azure Static Web apps CI/CD nor by the Azure CLI.
There is a discussion in GitHub about it.
I have my connection string inside a .env file, which I don't commit into the git repo. And I have my app up and running on Azure.
So the way my app works is, when I push my code to Github, Azure Container Registry will build the image on the committed code, and then Azure App Service is going to pull and build a container for my app.
So my question is, how do I pass that connection string to the Docker container? What I could do is put the .env file into the git repo, but I don't think I should put it up there.
Thank you Rimaz Mohommed. Posting comment section discussion into Answer section to help other community users.
Couple of approaches
Add the Variables directly as part of the app settings and it should be available as part of your app environment.
Reference : https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment?view=azure-devops
You can pass/set your environment variables by Configure environment variables.
You can run this Azure CLI command as part of your devops pipeline (https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-cli?view=azure-devops)
I've a WebAPI project and I'm using Azure CI/CD pipeline to deploy it in azure. The project contains unit testing and integration testing. And for integration testing it needs to access database. But since I don't want to check in my connectionstring to source control, the build pipeline will always fail.
So, the question is what solutions/features or workaround exist that can help me accomplish this scenario?
You can use token replace task to feed your config file with connection string. For that you need to install and add token replace task
and for this configuration:
you need to have such appsettings.json
{
"ConnectionStrings": {
"BloggingDatabase": "#{ConnectionString}#"
},
}
and in your pipeline please variable ConnectionString:
You can also use variable groups with Azure KeyVault. For that appeoach please check this blog post.
Azure Key Vault is a good place to securely store secrets such as db server credentials; this keeps them out of source control.
The general approach is:
in advance, save the db server password as a keyvault secret
in the pipeline, get the db server password using the Azure Key Vault task; it is now available as a secret variable in the pipeline
use the db server password in subsequent tasks; either directly, or by substituting into app settings as described in Krzysztof Madej's answer
I'm using CircleCI for the first time and having trouble publishing to Azure.
The docs don't have an example for Azure, they have an example for AWS and a note for Azure saying "To deploy to Azure, use a similar job to the above example that uses an appropriate command."
If anybody has an example YAML file that would be great, if not a nudge in the right direction would be handy. So far I think I've worked out the following.
I need a config that will install the Azure CLI
I need to put my Azure deployment credentials in an environment variable and
I need to run a deploy command in the YAML file to zip up all the right files and deploy to my Azure app service.
I have no idea if the above is correct, or how to do it, but that's my understanding right now.
I've also posted this on the CircleCi forum.
EDIT: Just to add a little more info, the AWS version of the config file used the following command:
- run:
name: Deploy to S3
command: aws s3 sync jekyll/_site/docs s3://circle-production-static-site/docs/ --delete
So I guess I'm looking for the Azure equivalent.
The easiest way is that on the azure management console you setup as deployment from source control and you can follow this two links
https://medium.com/#strid/automatic-deploy-to-azure-web-app-with-circle-ci-v2-0-1e4bda0626e5
https://www.bradleyportnoy.com/how-to-set-up-continuous-deployment-to-azure-from-circle-ci/
if you want to do the copy of the files from ci to the iis server or azure you will need ssh access the keys etc.. and In the Dependencies section of circle.yml you can have a line such as this:
deployment:
production:
branch: master
commands:
- scp -r circle-pushing/* username#my-server:/path-to-put-files-on-server/
“circle-pushing” is your repo name, which is whatever it’s called in GitHub or Bitbucket, and the rest is the hostname and filepath of the server you want to upload files to.
and probably this could help you understand it better
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/copy-files-to-linux-vm-using-scp
I have a project which I plan to open-source at some point. Currently I keep all of my API keys in a class which is not checked in - I have just linked the project to Azure but the API key class not being present causes the deployment to fail.
How can I hide secret API keys in a public project and still have it deploy to Azure?
I have read quite a few posts (this one for instance) but cannot find a solution that allows me to do what I want - does anyone know what I should do here? Is it possible?
For an Azure Web App, you can specify config values on the Configure tab in the portal (under "app settings"). These will override values specified in your Web.config file.
This means you can leave these settings out of your public repository.
For developing locally, you can put the settings in a separate XML file. To do this, update the appSettings in your Web.config like this:
<appSettings file="mysettings.xml" />
Then create mysettings.xml and put your actual settings in a new <appSettings> element there.
You can then add mysettings.xml to your .gitignore file so it won't be checked in to your public repository.
Azure doesn't mind that your mysettings.xml file doesn't exist, and will pick up the settings you specify in the portal instead.