search

Azure / ng-deploy-azure

Deploy Angular apps to Azure using the Angular CLI
MIT License
79 stars 37 forks source link

Disable interactive login mode on CI #52

Closed manekinekko closed 4 years ago

manekinekko commented 4 years ago

Describe the bug When trying to run a continuous deployment process (eg. from GitHub Actions), the interactive login mode blocks the CI.

Additional context (copy of internal discussion)

Wassim Chegham 4 days ago

Last time I investigated this, I hit an issue regarding the login process while trying to deploy from the Github Action. TBH, I was expecting this! So the issue is that we are using an interactive login method interactiveLoginWithAuthResponse on @azure/ng-deploy.

I was thinking we should switch to a loginWithServicePrincipalSecretWithAuthResponsez login method when we are in a CI environment. See https://github.com/Azure/ms-rest-nodeauth#service-principal-and-secret-based-login

Then, in the pipeline or CI config, we should create and use Github secrets like this:

- name: deploy to Azure
      env:
        AZURE_SERVICE_PRINCIPAL: ${{ secrets.AZURE_SERVICE_PRINCIPAL }}
        AZURE_SERVICE_PRINCIPAL_PASSWORD: ${{ secrets.AZURE_SERVICE_PRINCIPAL_PASSWORD }}
        AZURE_TENANT: ${{ secrets.AZURE_TENANT }}
      run: |
        ng run angular-demo-app:deploy --service-principal -u $AZURE_SERVICE_PRINCIPAL -p $AZURE_SERVICE_PRINCIPAL_PASSWORD --tenant $AZURE_TENANT

I had this feature on my todo list for some time now. I'd be happy to send a PR, I just need to find some time to work on it.

Wassim Chegham 4 days ago

I forgot to mention that prior to this, we need to create a SP. We can do it from the CLI:

az ad sp create-for-rbac --name GithubActionDeployToAzure

which will give us the following content

{
  "appId": "aa1307xx-11xx-41xx-8bxx-e4xxbd2xxb52",
  "displayName": "GithubActionDeployToAzure",
  "name": "http://GithubActionDeployToAzure",
  "password": "e0xx8cxx-xxxx-xxxx-xxx-xxbxx56xxcxx",
  "tenant": "72xx88xx-86xx-41xx-91xx-xx7xx0xxdbxx"
}

Demo repo

See https://github.com/manekinekko/github-action-deploy-to-azure/blob/c7ec9ec03919554c24b221bfc560dd5221927fa8/.github/workflows/nodejs.yml#L1-L34

elvirdolic commented 4 years ago

For Azure Devops: Would it make sense to use existing Service Connections instead of creating new.

https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops