search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.24k stars 21.41k forks source link

Deployment to Azure Functions via GitHub Actions Fails for Production Slot #121142

Open boris-cdm opened 6 months ago

boris-cdm commented 6 months ago

Issue

When following the steps described in the official Microsoft documentation at https://learn.microsoft.com/en-us/azure/azure-functions/functions-how-to-github-actions, the GitHub Actions workflow fails to deploy to the Azure Function App if the publish profile used corresponds to the Production slot. The error encountered is:

Error: Execution Exception (state: ValidateAzureResource) (step: Invocation)
Error: When request Azure resource at ValidateAzureResource, Get Function App Settings : Failed to acquire app settings from https://<scmsite>/api/settings with publish-profile
Error: Failed to fetch Kudu App Settings.
Unauthorized (CODE: 401)
Error: Error: Failed to fetch Kudu App Settings.
Unauthorized (CODE: 401)

Root Cause

The documentation does not explicitly mention that deploying directly to the Production slot is not recommended. As a result, users may encounter error and the error description on Github side doesn't provide a specific cause.

Solution

To successfully deploy an Azure Function App via GitHub Actions, a separate Deployment Slot (e.g., Staging) should be created and utilized. The publish profile for this Deployment Slot can then be used in the GitHub Actions workflow without encountering the unauthorized error.

Recommendation

  1. Update the official Microsoft documentation at https://learn.microsoft.com/en-us/azure/azure-functions/functions-how-to-github-actions to include a note or warning about avoiding the use of the Production slot's publish profile for GitHub Actions deployment. Instead, the documentation should suggest creating a separate Deployment Slot (e.g., Staging) and using its corresponding publish profile in the GitHub Actions workflow.

  2. Provide a warning to Azure user when exporting the publish profile for the Production slot, indicating that it should not be used for setting up continuous deployment via GitHub Actions or other CI/CD tools.

  3. Document the process of swapping deployment slots and best practices for promoting changes from the Staging slot to the Production slot after successful deployment and testing. This could be added as a separate section in the official documentation or linked to existing documentation on this topic, such as https://learn.microsoft.com/en-us/azure/azure-functions/functions-deployment-slots.

This small addition to the documentation would help prevent users from encountering the unauthorized error and streamline the process of setting up continuous deployment for Azure Functions via GitHub Actions.

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

SaibabaBalapur-MSFT commented 6 months ago

@boris-cdm Thanks for your feedback! We will investigate and update as appropriate.