如何使用VSTS版本管理部署到Azure资源组(How to deploy to Azure Resource Group using VSTS release management)

我是Visual Studio Team Services Release Management的新手。 我的目标是自动将ASP.NET MVC应用程序部署到Azure App Service。

尝试不同的方法，我创建了一个基于证书的服务端点和一个使用服务主体（SPN）的服务端点。 我的构建定义已经构建了一个Web部署包，并且发布定义与之链接，并且可以使用此工件。

成功1：使用Azure Web App部署任务部署应用程序已经成功 - 差不多。 缺点1：我不明白如何使用此任务指定正确的资源组。 这使用基于证书的端点，对于此任务，我不能使用其他（SPN）端点。

成功2：使用Azure资源组部署任务，我能够使用JSON ARM模板创建一个包含Web应用程序的新资源组。 这样我就可以指定资源组，解决缺点1 缺点2：但现在我不明白我如何实际部署已与我的发布定义链接的构建定义的二进制文件。 由资源组部署创建的Web应用程序为空，后续Web应用程序部署任务似乎无法定位此新创建的Web应用程序，因为它可能不是基于ARM的。

我觉得我错过了一些明显的东西 - 任何帮助都是值得赞赏的。

更新1

感谢@ bmoore-msft，我使用他链接到的子资源扩展示例进行了部署。 基本上，我的ARM模板的相应片段现在看起来像这样：

"resources": [ { "apiVersion": "2015-08-01", "type": "Microsoft.Web/sites", "name": "[variables('fullEnvName')]", "location": "[parameters('siteLocation')]", "properties": { "name": "[variables('fullEnvName')]" }, "resources": [ { "apiVersion": "2014-06-01", "name": "MSDeploy", "type": "Extensions", "dependsOn": [ "[concat('Microsoft.Web/Sites/', variables('fullEnvName'))]" ], "properties": { "packageUri": "https://dl.dropboxusercontent.com/u/<myId>/<WebDeploymentPackage>.zip", "dbType": "None", "connectionString": "", "mode": "Complete" } } ] } ]

但问题是这会在我的模板中放置一个静态链接 - 正如您所看到的，我使用Dropbox作为临时解决方案。 但当然我不想手动或自动将我的Web部署包上传到Dropbox。 我想链接到我的构建定义创建的工件，遗憾的是它是动态的，我找不到有关如何构建此链接的​​任何信息。 例如，构建1位于以下路径 https://<tenant>.visualstudio.com/DefaultCollection/_apis/resources/Containers/800850?itemPath=<PathToWebDeploymentPackage>.zip 虽然build 2可以在这里找到 https://<tenant>.visualstudio.com/DefaultCollection/_apis/resources/Containers/801968?itemPath=<PathToWebDeploymentPackage>.zip

所以链接里面有一个数字变化，这意味着我在模板中引用的链接必须是动态的，这意味着我需要了解从哪里获取该数字，我不知道。

也许还有另一种引用工件上传的方法？

I am new to Visual Studio Team Services Release Management. My goal is to automate a deployment of an ASP.NET MVC application to the Azure App Service.

Trying different approaches, I created a Service Endpoint that is certificate based and one that uses a service principal (SPN). My build definition already builds a web deploy package, and the release definition is linked against that and can use this artifact.

Success 1: A deployment of the app using the Azure Web App Deployment Task already succeeded - almost. Shortcoming 1: I do not understand how I can specify the correct Resource Group using this task. This uses the certificate based endpoint, and for this task I cannot use the other (SPN) endpoint.

Success 2: Using the Azure Resource Group Deployment task, I was able to use a JSON ARM template to create a new resource group with a web app in it. This way I can specify the resource group, addressing Shortcoming 1 Shortcoming 2: But now I don't understand how I can actually deploy the binaries of the build definition that has been linked against my release definition. The web application that gets created by the resource group deployment is empty, and a subsequent Web App Deployment Task seemingly cannot target this newly created web app, since it is probably not ARM based.

I get the feeling that I am missing something obvious here - any help is appreciated.

Update 1

Thanks to @bmoore-msft, I got a deployment working using the child resource extension example he linked to. Essentially, the corresponding snippet of my ARM template now looks like this:

"resources": [ { "apiVersion": "2015-08-01", "type": "Microsoft.Web/sites", "name": "[variables('fullEnvName')]", "location": "[parameters('siteLocation')]", "properties": { "name": "[variables('fullEnvName')]" }, "resources": [ { "apiVersion": "2014-06-01", "name": "MSDeploy", "type": "Extensions", "dependsOn": [ "[concat('Microsoft.Web/Sites/', variables('fullEnvName'))]" ], "properties": { "packageUri": "https://dl.dropboxusercontent.com/u/<myId>/<WebDeploymentPackage>.zip", "dbType": "None", "connectionString": "", "mode": "Complete" } } ] } ]

But the problem is that this places a static link into my template - as you can see, I used Dropbox as temporary solution. But of course I don't want to upload my web deployment package to Dropbox, neither manually nor automatically. I want to link to the artifact created by my build definition, which unfortunately is dynamic and I can't find any information on how to construct this link. For example, build 1 is located at the following path https://<tenant>.visualstudio.com/DefaultCollection/_apis/resources/Containers/800850?itemPath=<PathToWebDeploymentPackage>.zip while build 2 is available here https://<tenant>.visualstudio.com/DefaultCollection/_apis/resources/Containers/801968?itemPath=<PathToWebDeploymentPackage>.zip

So there is a number changing inside the link which means the link I refer to in my template must be dynamic which means I need to understand where to get that number from, which I don't.

Maybe there is another way of referencing artifact uploads?

最满意答案

看一下这个样本：

https://github.com/Azure/azure-quickstart-templates/blob/75d0588fbd2702288bd35ed24cb00e43dcf980c2/wordpress-mysql-replication/website.json

该模板资源中的网站具有名为“MSDeploy”的子资源扩展。 这将在部署期间将包部署到网站。 因此，在执行部署的任务中，您可以创建Web应用程序，并将所有程序包部署在RM中的一个部署任务中。

对于使用ARM（无证书）的任何内容，您将需要使用用户或SPN authn。

更新：暂存程序包

好的，通常我在这里做的是“暂存”我在Azure存储中的工件（用sasToken保护）。 您在模板中提供的uri必须可供AzureRM访问。 您的VSTS构建输出可能是安全的，因此即使您可以以交互方式访问它，AzureRM也不能。

基本上你需要的是RM（或构建）中的任务1）将工件复制到Azure（安全），然后2）告诉下一个任务这些工件的位置......这里有一个选项：

https://azure.microsoft.com/en-us/documentation/articles/vs-azure-tools-resource-groups-ci-in-vsts/

本文档使用的是VSTS版本，但RM的工作方式相同。 另一个不同的部分是doc使用Azure资源组项目中Visual Studio使用的PS脚本。 这个脚本没什么特别的（它可以像任何其他PS脚本一样在任何地方工作），但这就是例子。 它不使用Azure资源组部署任务，因为该任务无法执行工件的暂存。

基本上你需要做的是：

参数化该URI属性（参见下面的示例＆repo） 将webdeploy包复制到Azure（在本例中为PowerShell） 部署模板并传入包的uri

例如“packageUri”：“[concat（parameters（'artifactsLocation'），webdeploy.zip，parameters（'sasToken'）]”

该文档向您展示了VS是如何做到的，并且您应该能够针对您的场景进行调整。 如果您使用此路由，则将使用Azure PowerShell任务，不再需要Azure资源组部署任务。

另一种方法是使用Azure文件复制任务，但当前该任务不输出URI或sasToken，因此您无法将其传递给部署任务（队列中有一个PR可以使其工作）。

如果您无权访问Visual Studio，则另一个选项是此repo：

https://github.com/Azure/azure-xplat-arm-tooling/tree/master/PowerShell

它具有VS使用的相同PS脚本，模板显示参数化URL的示例（对于此示例中的dsc.zip文件），但对于msdeploy将以相同的方式工作。

你实际上已经遇到了一个比较复杂的场景，而且目前还没有真正做好，但是当它工作时它非常酷。 LMK如果您需要更多帮助。

Take a look at this sample:

https://github.com/Azure/azure-quickstart-templates/blob/75d0588fbd2702288bd35ed24cb00e43dcf980c2/wordpress-mysql-replication/website.json

The website in that template resource has a child resource extension named "MSDeploy". This will deploy a package to the web site during deployment. So in your task that does the deployment you can create the web app, and deploy the package all in the one deployment task in RM.

You will need to use user or SPN authn for anything using ARM (no certs).

Update: Staging the Package

Ok, usually what I do here is "stage" my artifacts in Azure Storage (secured with a sasToken). The uri you provide in the template must be accessible to AzureRM. You VSTS build output is likely secured, so even though you could access it interactively, AzureRM cannot.

Essentially what you need is a task in RM (or build) that will 1) copy the artifacts to Azure (securely) and then 2) tell the next task where those artifacts are... Here's one option:

https://azure.microsoft.com/en-us/documentation/articles/vs-azure-tools-resource-groups-ci-in-vsts/

This doc is using VSTS build, but RM works the same way. The other part that's different is the doc is using a PS script used by Visual Studio in the Azure Resource Group projects. There's nothing special about that script (it will work anywhere just like any other PS script) but that's the example. It doesn't use the Azure Resource Group Deployment Task because that task cannot do the staging of the artifacts.

Essentially what you need to do is:

parameterize that URI property (see example & repo below) copy the webdeploy package to Azure (PowerShell in this case) deploy the template and pass in the uri of the package

e.g. "packageUri": "[concat(parameters('artifactsLocation'), webdeploy.zip, parameters('sasToken')]"

That doc shows you how VS does it, and you should be able to adapt that for your scenario. If you go this route, you would use the Azure PowerShell task and no longer need the Azure Resource Group Deployment Task.

Another way to do this is with the Azure File Copy task, but currently that task does not output the URI or sasToken, so you couldn't pass it in to the deployment task (there's a PR in the queue to make that work).

Another option if you don't have access to Visual Studio is this repo:

https://github.com/Azure/azure-xplat-arm-tooling/tree/master/PowerShell

It has the same PS script that VS uses, and the templates show an example of the parameterized URL (for a dsc.zip file in this example) but would work the same way for msdeploy.

You've actually hit on one of the more sophisticated scenarios and at the moment not doc'd real well, but it's pretty cool when it works. LMK if you need more help here.