We currently have this architecture :
production servers with limited access
Subversion server where developpers can commit
Teamcity server that build the websites from SVN and deploy it to the production server
The purpose is to make it impossible to deploy a website without commiting the code to the appropriate branch. And it's working very well.
Now we're moving some stuff to azure. And I don't want to put my publish profile in the project because if I do so any one can publish from his visual studio instance.
I thought about this : create publish profiles from the azure account, upload them to the CI server and passe an absolute path to the publishprofile msbuild parameter.
Do you think there is a cleaner way to do this : I'd prefer to do the profile uploading directly in teamcity.
Related
what I did;
I have my c# windows form application on Azure Repo and I created a build.
I assigned my physical test server to Azure DevOps under the Deployment groups page. And it is online.
I defined a release, I added an artifact that refers to the build pipeline from the Azure repo.
Now I want to transfer my windows form app release files to my physical test server (windows) under the Desktop folder and run. (also stop and delete previous app if it is already running)
For that, I tried to add a stage. But for the stage templates, I don't know which one to choose. There are deployment options for IIS and Azure services.
Bufre, I published my ASP.NET app using IIS website deployment. Worked fine. But how to do it for a desktop application? How to transfer and run?
I see a as a similar issue here, But I am new to YAML files and I could not produce.
Where to mention target physical path, which template to choose? Could you please advise on the steps?
You must install the DevOps agent on this server, then add it to the agent pool and then use any task that allows to install your app (depends on what kind of app you have). All tasks will be executed on the server directly, so you can use PowerShell, cmd or what ever.
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues?view=azure-devops&tabs=yaml%2Cbrowser
Short version: How can I deploy a new version without first manually stopping the app-service?
Long version:
I'm using the following workflow to publish a new version of my ASP.NET Core app to an Azure App-Service.
The App-Service is running on a basic instance. I understand this is not intended for real use but I hope there is a good way to get this workflow running before we go into production(standard instance).
This works but how can I avoid step 4 to 7?
Publish the solution into a local folder.
Move the published content into a local git repo.
Commit all files and push to the app-service.
Stop the app-service from the portal
Enter the console and delete all files in the wwwroot folder
Redeploy the commit from the portal
Start the app-service
I was hoping that the push in step 3 would automatically trigger the remaining steps.
After step 3 I can see that the files have been updated, the new static files are served to the browser but the old binary is still running.
Similarly I can switch between deployment slots on the portal. I get the new static files served but the previous deployed binary is still answering all calls.
This doesn't work, the static files are changed but the old binary is still responding to calls.
Redeploy from portal
Restart app-service
The old binary is still served.
This works.
Stop app-service
Deploy from portal
Start app-service
It appears the running binary is blocking the deployment.
How can I automate deployment using git push or from the portal without manually having to stop the service?
Application settings:
You need to enable msdeploy flag MSDEPLOY_RENAME_LOCKED_FILES=1 in Azure App Service application settings. The option if set enables msdeploy to rename locked files that are locked during app deployment
Click application settings and scroll down until you see app settings.
set this key: MSDEPLOY_RENAME_LOCKED_FILES and for its value put 1
How can I deploy a new version without first manually stopping the app-service?
When I develop my .Net Core Web application via VS, I would leverage the publish wizard, check the option Remove additional files at destination and use the App offline support by setting EnableMSDeployAppOffline to true under the publish profile for publishing my application to Azure Web App.
Based on your current deployment workflow, I assume that you are using the Continuous Deployment to your Azure App Service with your local Git Repository. After I changed the source code, then commit the changes to the local repository, then push the source code to my web app remote repository, the source code would be built and copied to D:\home\site\wwwroot on Azure side. Details you could follow Local Git Deployment to Azure App Service.
For your step 1 to 3, I just push the code changes from the local repository to my app service remote repository. Azure would generate the deployment script for you to build your source code project and move the built content to D:\home\site\wwwroot. Moreover, you could Custom Deployment Script for your additional requirement.
I have an existing website that I would like to deploy on Azure, using Visual Studio Team Services. The website is made up of static files, there's no ASP.NET or anything else involved.
Within Visual Studio Team Services, I created a build which executes npm install and a gulp build. This results in a dist folder containing all the files for the website. In Azure, everything is set up correctly (subscription, web app,...).
However, I'm unsure on how to push my code to Azure. Exploring the options in the Release tab in VSTS, an 'artifact' always seems to be required, but I just have a bunch of files. I need to publish the files in the dist folder and make sure index.html is served.
How can I do that?
This question is related to this one, however, the answers all state to start from Azure, and do not mention how to deploy existing code using Visual Studio Team Services.
The trick is to create the artifact yourself, which can be as simple as a zip file containing the static website files. The zip file should be copied as an artifact to the $(build.artifactstagingdirectory) target directory. Next, you can use a simple Web App deployment task to publish the zip file to Azure. If index.html is in the root directory, Azure is smart enough to serve it.
Below is a working build and deploy flow. It assumes gulp is used to build the website and write the build output (i.e. the static files) to a dist folder.
The easiest way is to deploy from a source control, if you take a look under "Settings" for your Website in the Azure portal you will probably see "Continuous deployment".
From there you can deploy from Visual Studio Team Services, Github, etc.
Every check-in will be deployed, also wrong ones, so you may want a introduce a staging environment as a deployment slot as well, where you can swap staging with production whenever you feel your site is ready for production.
Without the need to create an artifact, another solution could be FTP deployment after creating an Service Endpoint in VSTS
I have to create a Visual Studio project with the following functionality,
Once the project is created, the service should automatically upload the project files in to cloud storage (using windows azure or amazon s3 server).
If any changes in the project files, instead of uploading the whole project, only the modified files has to be uploaded. ( like SVN commit).
Could anyone please let me know if you have any ideas on this?
What you describe is more-or-less what "git deployment" is about - deploying changes to a web site or application by pushing the changes from a local git repository to a remote one. The deployment triggers a service or script on the remote repository that updates your site.
Azure supports this for Azure Web Sites. See for example Continuous deployment using GIT in Azure App Service for a step-by-step guid on how to create a new site, deploy and update it using Git.
The engine that automates git deployments in Azure is available as an open source project, Project Kudu which can be hosted outside Azure, eg on your own web server.
Amazon doesn't offer all of this out of the box. Its Elastic Beanstalk offering allows you to publish an ASP.NET MVC project to a specific configuration (VMs, settings etc) right from Visual Studio but it's a manual process and doesn't deploy only changes. Check How to Deploy an Application Using Elastic Beanstalk for a step-by-step guide.
You can use Project Kudu on an Amazon VM to use git deployment. This won't set up the VMs as Beanstalk does, but it will deploy only the changes to your site.
My team uses TeamCity for continuous integration. It will build, test and deploy web applications via Web Deploy to dev and qa web servers. The tricky part is deploying to a production web server - our policy dictates that developers cannot deploy to production, only a system administrator can.
Our current approach is to have TeamCity build a web deployment package, which the administrator can download and install on the production web server. However, we'd like to allow them to simply click "Run" on a build configuration, but we're not sure how to secure that button.
We could create a TeamCity project that only administrators have access to, but we also have to address Web Deploy security. The Web Deploy service needs to be authenticated with a local admin account on the production server. We don't want developers having access to the username/password in a build script, nor do we want every build agent running as this account since developers could create a build that uses it to deploy to production.
I've haven't had much luck finding resources on TeamCity security/deployment best practices, but I can't imagine we're the only company in this situation. How do others manage automated deployment security?
First of all auto deployment on live server is not a good idea. Deployments should be automated till staging. If you still want to do it, ez, short and secure way is to use Ant script. Write a short script to use SSH or sftp and deployment is done. You can create two profiles for your project and add an extra step in "Build steps" for Pro deployment by admin.