Build on Linux and deploy Python project to Azure Function App on Flex Consumption using OIDC #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy Python project to Azure Function App using OIDC | |
| # CONFIGURATION | |
| # | |
| # This workflow can be used to deploy your Python project to a function app on any hosting plan, except for Container Apps (which uses functions-container-action). | |
| # | |
| # 1. Configure a federated identity credential to your GitHub branch on an Azure user-assigned managed identity. | |
| # For instructions, follow the README at https://github.com/Azure/functions-action#use-oidc-recommended | |
| # | |
| # 2. Add the following values from the managed identity to your repo's variables: | |
| # AZURE_CLIENT_ID | |
| # AZURE_TENANT_ID | |
| # AZURE_SUBSCRIPTION_ID | |
| # For instructions on creating repo variables, see https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#defining-configuration-variables-for-multiple-workflows | |
| # | |
| # 3. Ensure your workflow is triggered by your desired event. By default, it is triggered when a push is made to main, and it can be manually run. | |
| # For guidance on event triggers, see https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#using-events-to-trigger-workflows | |
| # | |
| # 4. Change the variables in the `env` section according to your project: | |
| # For the latest list of supported runtimes, see https://learn.microsoft.com/azure/azure-functions/supported-languages | |
| on: | |
| push: | |
| tags: | |
| - 'v1' | |
| # branches: [ main ] | |
| workflow_dispatch: | |
| inputs: | |
| logLevel: | |
| description: 'Log level' | |
| required: true | |
| default: 'warning' | |
| type: choice | |
| options: | |
| - info | |
| - warning | |
| - debug | |
| env: | |
| AZURE_FUNCTIONAPP_NAME: 'gae-fa-python310-flexcon' # Set this to your function app name on Azure | |
| AZURE_FUNCTIONAPP_PROJECT_PATH: './tests/e2e/python310' # Set this to the path to your function app project, defaults to the repository root. The deploy action will package the contents of this path. | |
| PYTHON_VERSION: '3.10.x' # Set this to the Python version of your project | |
| BUILD_ARTIFACT_NAME: 'released-package' # Set this according to your team's naming convention | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest # Python function apps are Linux-based | |
| permissions: | |
| id-token: write # Required for OIDC | |
| contents: read # Required for actions/checkout | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} | |
| steps: | |
| - name: 'Checkout repository' | |
| uses: actions/checkout@v4 | |
| - name: 'Set up Python version: ${{ env.Python_VERSION }}' | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: 'Install project dependencies' | |
| run: pip install -r requirements.txt --target ".python_packages/lib/site-packages" # Ensure requirements.txt contains all dependencies | |
| # Perform additional steps such as running tests, if needed | |
| - name: 'Upload artifact for the deployment job' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.BUILD_ARTIFACT_NAME }} | |
| path: ${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }} | |
| deploy: | |
| runs-on: ubuntu-latest # Python function apps are Linux-based | |
| needs: build | |
| permissions: | |
| id-token: write # Required for OIDC | |
| steps: | |
| - name: 'Download artifact from build job' | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.BUILD_ARTIFACT_NAME }} | |
| path: '${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }}/downloaded-artifact' | |
| - name: 'Log in to Azure with AZ CLI' | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID_FA_PYTHON310_FLEXCON }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID_FA_E2E_TESTS }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_FA_E2E_TESTS }} | |
| - name: 'Run the Azure Functions action' | |
| uses: Azure/functions-action@v1 | |
| id: deploy-to-function-app | |
| with: | |
| app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} | |
| package: '${{ env.AZURE_FUNCTIONAPP_PROJECT_PATH }}/downloaded-artifact' | |
| # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples |