Home > Net >  Azure Function CI/CD deployment using GitHub loses important file in the .gitignore
Azure Function CI/CD deployment using GitHub loses important file in the .gitignore

Time:03-26

Odd question, but a question for which I have found no answers for. A classic "middleman" (Git) screwing the consumer problem.

I have an Azure Function (python, timer trigger), that I can successfully deploy straight from VS Code. It's the usual file structure, etc. BUT, when I assign a deployment slot in the Portal (Deployment Center), connecting to GitHub (using this example), I lose an important .py file that I have listed in my .gitignore file. The .gitignore file is in the root of the project folder.

This file has some API keys, Slack hooks, etc. - so it is essential to my Function. Obviously, I do not want those keys exposed on my GitHub page, but I need them in the Azure Function.

Am I SOL, if I want to do a CI/CD pipeline?

E.g., I'm not always around my personal laptop with VS Code, and I might want to fiddle with the timer schedule straight from GitHub on the fly - and this CI/CD connection is the best way to make sure my Function keeps running (it's a python function on a linux consumption plan, so I can't just edit CRON from the portal).

CodePudding user response:

When using VSCode for development you would normally store your secrets in the local.settings.json for local debugging and testing.

Code and test Azure Functions locally - Local Settings File

When you deploy from Visual Studio Code it publishes the local.settings.json file as app settings but since the file is in your .gitignore your github remote won't know about the file to publish it.

The app settings of your FunctionApp can be found under the configuration blade of your FunctionApop. Any app settings can then be referenced in your FunctionApp as env vars within your code.

Azure Functions Python developer guide - Environment Variables

Since the local.settings.json file is usually added to the .gitignore file you would need to find another way to seed the app settings as part of your github actions CI/CD process.

You have a couple of options. You could create repo secrets within github, reference those at deployment time and write a script that deploys the secrets to your app settings at the same time as your function code.

Github Actions - Encrypted Secrets

Alternatively you can pull your app settings from a key vault so that you don't need to manage the secrets at all, as long as they static and not dynamic you can pre-populate the key vault and use key vault references in the app settings of your Azure function.

Use Key Vault references for App Service and Azure Functions

There is a github action which lets you specify your app settings as JSON, which I've not used but looks like it could be just what you're looking for.

https://github.com/marketplace/actions/azure-app-service-settings

  • Related