danielrbradley
commented
1 month ago Thanks for getting in touch @1oglop1
I've re-titled this as I think the main ask here to be able to pass an Asset (or Archive) directly into an Azure Function, something similar to:
const app = new web.WebApp("fa", {
resourceGroupName: resourceGroup.name,
serverFarmId: plan.id,
kind: "functionapp",
source: new pulumi.asset.FileArchive("./javascript")
siteConfig: {
appSettings: [
{ name: "FUNCTIONS_EXTENSION_VERSION", value: "~3" },
{ name: "FUNCTIONS_WORKER_RUNTIME", value: "node" },
{ name: "WEBSITE_NODE_DEFAULT_VERSION", value: "~14" },
],
http20Enabled: true,
nodeVersion: "~14",
},
});To know if this could be added directly to the WebApp, or if it's a more specialised resource type, we would need to confirm if the SCM upload route is available for all kinds of WebApp.
An additional consideration to take into account is the security around the SCM endpoints. It's possible that a user could configure the security so the provider would not have access to upload to the SCM endpoint. We would need to ensure the failure mode is robust and communicates the issue effectively.
Workarounds
In the short term, I think we can improve the linked example to ensure that each upload of the code is written to a new blob, so it gets a new blob URL, and automatically triggers a re-deployment of the WebApp. This might be as simple as adding the replaceOnChanges for the codeBlob. E.g.
// Upload Azure Function's code as a zip archive to the storage account.
const codeBlob = new storage.Blob("zip", {
resourceGroupName: resourceGroup.name,
accountName: storageAccount.name,
containerName: codeContainer.name,
source: new pulumi.asset.FileArchive("./javascript"),
}, {
replaceOnChanges: ["source"],
},
);Secondly, it might be helpful to add a built-in invoke (function) to the provider for calculating the signed URL to reduce the amount of code required in user programs.
1oglop1
Hello!
Issue details
Would it be possible to extend or create a completely new resource, for Azure functions deployment? The scm API seems to be poorly documented but it seems that all it takes is to POST the zip file and wait.
Motivation: Azure Functions can use
WEBSITE_RUN_FROM_PACKAGE, see pulumi example https://github.com/pulumi/examples/blob/master/azure-ts-functions/index.ts, but there are hidden problems with that example:1) when the blob object is updated (resource:
replace) the blob url does not change and after the blob update the function keeps using the old code. For this problem Microsoft recommends restarting the function app - which is not possible to do via pulumi. ... there are possible workarounds, eg. cleverly update AppSettings every time the source code changes. 2) according to the documentation:WEBSITE_RUN_FROM_PACKAGE = urlhas a slight performance impact during the cold start to negate this, users are asked to upload zip directly to the runtime - but it can only be done viaaz clior other programs implementing SCM. 3) there is a that Blob url may expire and AzF won't be able to load the code anymore. 🤦This would improve user experience of
azure-native.web.WebAppresource https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapp/So that pulumi user could use an Asset or AssetArchive or even just a path to the zip file as an input and update.
the resource could take the same parameters as this url:
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/publishingcredentials/list?api-version=2023-12-01webapp->webapp.nameorwebapp.repositorySiteNameBits around SCM API:
What azure cli does. https://github.com/Azure/azure-cli/blob/29564830498870c401679e0059fddbbf5851f10c/src/azure-cli/azure/cli/command_modules/appservice/custom.py#L771-L783
Where scm uri comes from https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/list-publishing-credentials?view=rest-appservice-2023-12-01
Affected area/feature
Azure Functions/ Web apps