The first thing we need to do is add a deployment slot to the website. You can think of a deployment slot as simply a copy of your website, complete with its own host name.
They are useful for scenarios like blue-green or canary. For example, you could deploy a change to your staging website, divert a percentage of real user traffic to it, and observe and monitor how users interact with it. The staging slot can then be swapped with production once the change has been validated. You can also roll back changes simply by swapping the slots back again.
-
Navigate to your web app in the Azure portal, and find Deployment Slots in the left hand pane. Click it, and then click on Add Slot.
-
Call your new slot staging, click Clone Settings and then click Add.
You will see your new slot - note that currently 0% of traffic is going to the slot. Feel free to click on it, and browse to the site. It's the same as your production site right now.
While we are here, we need to create a service principal so that we can use it to deploy changes to the web app using GitHub Actions.
-
Open Cloud Shell from the Azure Portal (top right hand side - see below for the icon. If you have never used it before, you will be prompted to create a storage account - go ahead and do that.)
-
Paste the following into the Cloud Shell (make sure you are in a bash session). Be sure to replace:
- GitHubWorkShop******** with your resource group name
- {SubID} with your subscriptionId (you will find this in the Overview section for your Resource Group)
az ad sp create-for-rbac -n "GitHubWorkShop********" --role Contributor --scopes /subscriptions/{SubID}/resourceGroups/GitHubWorkShop******** --sdk-auth -
After a few seconds, you will get the details of your newly created service principal. Copy and paste them into notepad, you will need them shortly.
GitHub Environments allow you to deploy to specific environments that you specify - like staging or production. You can do things like:
- ensure that only specific branches can be deployed to an environment (e.g. only main can be deployed to production)
- create environment specific secrets only accessible to the job carrying out the deployment
- assign people or teams to approve environment deployments
- set delays
-
In your GitHub repo, navigate to Settings and then Secrets.
-
Add a new secret called AZURE_CREDENTIALS and paste in the service principal you just created. Save it.
-
Navigate to Environments in the Settings pane and click New environment. On the next page, name your environment Staging then proceed to Configure environment.
-
We actually don't need to set any protection rules here, so go back and create another environment, this time called Production.
-
Configure the Production environment so that it has one required reviewer (you!) and make sure that you limit deployment branches to main. Be sure to click Save protection rules.
We now need to update the workflow file to add two new jobs:
- One to deploy the new container image to the staging website
- One to swap the staging slot with the production slot
-
Navigate to your workflow file in the repo, and click the edit button.
-
At the end of the file, add in a new job:
deployStaging: runs-on: ubuntu-latest needs: buildPushAppImage environment: staging steps:Note: We set a dependency between this job and the one before it using a needs statement.
-
Copy the action you used earlier to login to the Container Registry and paste it in below steps:.
-
In the marketplace to the right, find the Azure Login action, then copy and paste it into the bottom of your workflow file.
-
Remove everything under with: except for creds. Here, we need to reference the service principal secret you saved earlier, like this:
-
In the marketplace to the right, search for Azure web app and find the action called Azure WebApp. Click on it, then copy and paste the action into your workflow file.
-
Underneath with, delete everything except:
- app-name:
- slot-name:
- images:
-
Set the app-name to your webapp name (it should be GitHubWorkShop*******, replacing the asterix with your unique suffix).
-
Set the slot-name to staging
-
Set images to the image name. This will look like in the below:
Your job should now look like this:
-
Add another job, this time for production:
deployProduction: runs-on: ubuntu-latest needs: deployStaging environment: production steps: -
Add in a step for Azure login as before.
-
Create a new step to run a single line command. Copy and paste in the below, replacing the name and resource group with your own:
- name: Swap staging to production run: | az webapp deployment slot swap --name GitHubWorkShop12345678 --resource-group GitHubWorkShop12345678 --slot staging --target-slot production -
Your job should now look like this:
-
Commit your changes and then navigate to the Actions tab. You should see your workflow in progress:
After a few minutes, you should see that the workflow will stop before the deployProduction stage. Go ahead and click into it and approve.
Here are some ideas for improving your current workflow:
- Introduce branch policy to protect main.
- Improve your workflow to run build and test of your code for each pull request.
MS Learn: GitHub Actions Learning Path - Taking approximately 5 hours to complete, this learning path covers many key areas for automating workflows and contains a bunch of hands on labs from GitHub Learning Lab.
GitHub Actions for Project Management - Go beyond just CI/CD and learn how to use Actions for Project Management tasks.
GitHub Public Roadmap - Actions is improving all the time - keep an eye out on the public roadmap for upcoming features.