Introduction:
Azure DevOps is a cloud-based platform that provides tools and services for software development, delivery, and operations. One of the key features of Azure DevOps is Azure Pipelines, which enables you to create and manage continuous integration (CI) and continuous delivery (CD) pipelines for your applications.
A CI/CD pipeline is a workflow that automates the steps involved in building, testing, and deploying your code to your target environment. A CI/CD pipeline can help you deliver value faster to your customers, improve the quality and reliability of your code, and reduce the manual effort and errors involved in the software development lifecycle.
In this article, you will learn how to configure Azure DevOps CI/CD pipeline for a simple ASP.NET Core web API app and deploy it to Azure App Service which is secured (application restricted for public access). Azure App Service is a fast and simple way to create web apps using ASP.NET, Java, Node.js, Python, and other languages and frameworks. You will use the Azure Web App task to deploy your web app to Azure App Service in your pipeline.
Refer Microsoft Learn document to get started with the Azure DevOps CI/CI pipeline.
Handling Ip Forbidden (CODE: 403) Issue:
Whenever you run the CI/CD pipeline, you will get the Ip Forbidden error given below during the deployment. This error is pretty obvious because we are trying to deploy the package to the Azure web app service secured from public access.
We can resolve this problem in multiple methods. In this article, I’m going to explain two ways where you can resolve this process.
- Provide access to scm.azurewebsites.net
Azure DevOps tries to access the scm.azurewebsites.net site to deploy the package. With the Azure portal, we can allow all access only to the Advanced tool site for successful deployment.
Log in to the Azure portal, go to the web app – > select networking from settings blade, switch to Advanced tool site, and enable the access, as shown in the below figure.
Note: Make sure to turn off the access once the deployment is complete, whenever no site access rule is set.
2. Modifying the task in the pipeline
From the YML file in the pipeline, we can add an Azure CLI task to enable public access before the deployment and disable access after the deployment.
task: AzureCLI@2
inputs:
azureSubscription: '[Your subscription]'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: 'az webapp update --name [your web app name] --resource-group [resource group name] --set publicNetworkAccess=Enabled'
In this way, you can automate the process. If something goes wrong with deployment, the public access disable task will be always executed.
Complete yml code available in GitHub Gist
Summary:
We have seen how to overcome the deployment issue with the Azure DevOps CI/CD pipeline when the Azure web app service public access is restricted.
Happy coding!!
Please share your valuable feedback.