Reputation: 17654
Zip-deploy Azure functions while public access is disabled (access restrictions are in place)
I disabled Allow public access on an Azure Function App for security reasons:
However after that, zip deploys from Visual Studio (publish functionality) and via Github Actions fail, as the API for deployment isn't publicly reachable anymore. In that case, how would one zip deploy updated Azure functions?
Upvotes: 2
Views: 1511
Answers (1)
Reputation: 18536
If you need ZIP deployment, you need to deploy the code from inside the VNET to the private endpoint of the AppService. For GitHub Actions, this means deploying a self-hosted runner on a VM inside the VNET to push the new code to AppService. There is an example for Azure DevOps self-hosted agents.
As an alternative, you can publish your ZIP to a storage account and let the function pull the new application code to run. There is also a full example including GitHub Actions.
The most relevant quotes from the second example are:
This article shows how to deploy to a Private Endpoint-enabled site from a Continuous Integration pipeline (such as GitHub Actions, Circle CI, Jenkins, or Travis CI) without having to self-host the CI service on a VM. Since Private Endpoints disables all inbound traffic from the internet, our CI pipeline will publish the files to a storage account and give the web app a SAS URL to files. Once the web app is given this SAS URL, it will pull the files from the storage account.
- name: Set SAS token expiration
run: echo "expiry=`date -u -d "$EXPIRY_TIME" '+%Y-%m-%dT%H:%MZ'`" >> $GITHUB_ENV
- name: Azure CLI script
uses: azure/CLI@v1
with:
azcliversion: 2.19.1
inlineScript: |
az extension add --name webapp
az storage account create -n $ACCOUNT -g $GROUP -l westus
az storage container create -n $CONTAINER --account-name $ACCOUNT
az storage blob upload -f app.zip --account-name $ACCOUNT -c $CONTAINER -n $ACCOUNT
ZIP_URL=$(az storage blob generate-sas --full-uri --permissions r --expiry ${{ env.expiry }} --account-name $ACCOUNT -c $CONTAINER -n $ACCOUNT | xargs)
az webapp deploy --name $WEBAPP --resource-group $GROUP --type zip --src-url $ZIP_URL --async false
az storage container delete -n $CONTAINER --account-name $ACCOUNT
Upvotes: 3
Related Questions
- Merge dataframes returned from applying function to DataFrame?
- How to refactor function which concatenates dataframes multiple times?
- Pandas - Concatenating Dataframes
- Iterate over function and concatinate results
- How can I combine the dataframes returned by a function efficiently in python?
- merging pandas dataframes with respect to a function output
- Concatenating Dataframe Inside Loop
- Merge dataframes inside a function
- refactoring python function that uses pandas dataframes
- Concatenating DataFrames through function calls