0

I'm trying to do a zip deploy for function app. Because my Function App is firewalled inside VNet, az cli fails so I'm following Kudu documentation to deploy manually. I have a bash script

CREDS="..from publish profile..."
SCMURL="https://${fnapp}.scm.azurewebsites.net/api/zipdeploy"
echo "deploy zip ${SCMURL}"
curl --fail -X POST -H "Content-Type:application/zip" -u "$CREDS" -T functionapp.zip "$SCMURL" || exit 1

and I get a response

deploy zip https://func-mytestsomething-001.scm.azurewebsites.net/api/zipdeploy
curl: (22) The requested URL returned error: 404

All the examples I've seen use exactly this URL. If I do the same against /api/publish?type=zip I get an OK response, but the functions never get deployed, even if I do manual syncing and restart.

My SKU is flex consumption, does that make the situation somehow special?

I think my zip package is fine, because it is deploying ok when using az cli or github action. For my use case, I would just need to use kudu api.

Improve this question
6
  • You are using a Flex Consumption plan, which doesn't support Kudu or /zipdeploy, use az functionapp deployment source config-zip instead from inside the VNet. Commented May 6 at 14:27
  • How can I do that from inside the vnet? are people seriously deploying expensive virtual machines just for running that during deployments Commented May 6 at 16:18
  • Also, does anybody know what rest apis config-zip calls under the hood? clearly that works from outside the vnet Commented May 6 at 16:19
  • Try using the zip deployment commands: 1.tar -a -c -f functionapp.zip * to zip your project. 2. az login 3. az functionapp deployment source config-zip --resource-group <ResourceGroupName> --name <FunctionAppName> --src functionapp.zip Commented May 7 at 9:03
  • If possible, can you share your code and requirement.txt file? Commented May 7 at 9:08

1 Answer 1

Reset to default
0

In the end I reverse-engineered what the github action for function deployments does, since that worked the best. I just need to embed this inside a single action because terraform.

I also created a bug ticket for az cli repo about the mandatory "health check" that fails due to networking firewalls: issue 31394

#!/bin/bash

# param 1: resource group name
# param 2: func app name
# param 3: zip file to deploy

echo "get credentials"
AZ_TOKEN=$(az account get-access-token | jq -r .accessToken)
PUBLISHPROFILE=$(curl -s -X POST -H "Content-Length:0" -H "Authorization:Bearer $AZ_TOKEN" "https://management.azure.com/subscriptions/$ARM_SUBSCRIPTION_ID/resourceGroups/$1/providers/Microsoft.Web/sites/$2/publishxml?api-version=2022-03-01")
PWD=$(echo $PUBLISHPROFILE | xmllint --xpath 'string(//publishProfile[@publishMethod="ZipDeploy"]/@userPWD)' -)
USER=$(echo $PUBLISHPROFILE | xmllint --xpath 'string(//publishProfile[@publishMethod="ZipDeploy"]/@userName)' -)
CREDS="${USER}:${PWD}"
SCMURL="https://$2.scm.azurewebsites.net/api"

echo "deploy zip ${SCMURL}"
DRESP=$(curl -sS -X POST -H "Content-Type:application/zip" -u "$CREDS" -T $3 "$SCMURL/publish")
DEPLO_ID=$(echo $DRESP | tr -d '"')
echo "deployment id: $DEPLO_ID"
echo -n "waiting for deployment to complete..."
COMPLETE="false"
while [ "$COMPLETE" = "false" ]; do # poll for status with deployment id
sleep 5
DSTATUS=$(curl -sS --fail -u "$CREDS" "$SCMURL/deployments/$DEPLO_ID") # .complete, .status, .status_text
COMPLETE=$(echo $DSTATUS | jq -r ".complete")
echo -n "."
done
echo ""
echo "deployment complete"

It needs jq, xmllint, az cli installed. And of course the SCM configuration must be public and basic auth. Otherwise you could do this from inside the vnet easier, with e.g. hosted github runner in a container.

I think this may only work with Flex Consumption tier, haven't tested on another types.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.