Deploy job fails in GitHub automated CI pipeline

Question

Deploy job fails in GitHub automated CI pipeline

Menghua1 opened this issue a year ago · 9 comments

Describe the issue:
The status of the pipeline in GitHub Actions is failed after pushing commit. The error is shown as following:

Repro Steps:

Run azd auth login.
Run azd init -t Azure-Samples/azure-search-openai-demo-java.
Run azd up.
Fork this repository on GitHub.
Create an environment called 'Development' .
Create 'Development' environment secrets for the azure web app hosting both frontend and backend publish profiles.
Create 'Development' environment variables for azure web app resource name.
Push commit.

Expected behavior:
Results for Deploy backend to Azure Web App is passed.

@dantelmomsft and @hemarina for notification.

Answer 1 · 2023-09-27T16:12:45.000Z

@Menghua1 it works on the current repo setup using the guides provided in the README.
this is a last deploy from current CI: https://github.com/Azure-Samples/azure-search-openai-demo-java/actions/runs/6328447643/job/17186675819

can you please check if you are using the correct publishprofile for the webapp and you have pasted the xml content correctly when creating the environment secret?

Answer 2 · 2023-09-28T08:20:11.000Z

@dantelmomsft Here are the steps I took to create the environment secret:

Download publish profile.
Create 'Development' environment secret with the name AZUREAPPSERVICE_PUBLISHPROFILE and set the value field to the content of publish profile.
Create 'Development' environment variables with the name AZUREAPPSERVICE_APP_NAME and set the value field to the azure web app resource name

Answer 3 · 2023-09-28T11:08:26.000Z

variables/secrets configuration looks good. further checks:

check the App service - General Settings in Azure portal look like this:
try to reset the publish profile on App Service from Azure Portal, download the new one and update the secret value

Answer 4 · 2023-10-03T13:25:54.000Z

@Menghua1 just tried to create the env from scratch. and I've followed the guide to change appname and secrets.
It worked.

Answer 5 · 2023-10-07T06:51:13.000Z

@dantelmomsft Check the App service - General Settings in Azure portal, the status of "Basic Auth Publishing Credentials" is "off". After turning on "Basic Auth Publishing Credentials", clicked "Save Settings" and re-run the action on GitHub, it works fine.
But after a while, it automatically goes back to "off" and re-run the action on GitHub, it failed. Is it an expected result?
Do you have any ideas about it?

Answer 6 · 2023-10-09T08:13:50.000Z

at the end of azd up, such App configuration should be on. it's quite strange it's on 'Off' on your instance.
Can you please retry a fresh azd environment installation?
The bicep code which configures this property is here.
Check that you are running the last repo version containing the above lines.

Answer 7 · 2023-10-11T03:06:03.000Z

@dantelmomsft Tested using a new azd environment, the latest repo version and different machines, the "Basic Auth Publishing Credentials" is still off.
After investigation, we found it may be a security policy issue as documented in https://learn.microsoft.com/en-us/azure/app-service/deploy-configure-credentials?tabs=cli#disable-basic-authentication. And the FTP authentication of our webapp has been disabled as shown in the figure below. When run command az resource update --resource-group <resource-group> --name ftp --namespace Microsoft.Web --resource-type basicPublishingCredentialsPolicies --parent sites/<site-name> --set properties.allow=true to enable FTP authentication, "Basic Auth Publishing Credentials" remains on, but GitHub actions still have this issue.
Do you have any suggestions for this?

Answer 8 · 2023-10-11T08:24:08.000Z

@Menghua1 I guess you mean you've tried to enable auth using az cli.
Try also to enable the WebDeploy (not only the FTP) using:

az resource update --resource-group --name scm --namespace Microsoft.Web --resource-type basicPublishingCredentialsPolicies --parent sites/ --set properties.allow=true
after that check that in the portal the auth configuration is on.

However, at this point, I think we can just mention this in the troubleshooting section as a potential issue and suggest to enable auth through the portal ( or using az cli if you are able to make it work using my last suggestion above)

Answer 9 · 2023-10-11T09:12:32.000Z

@dantelmomsft Based on your suggestion, it works fine. Please help add this issue in the troubleshooting section as a potential issue. Thanks a lot.