How To Set Up Continuous Deployment to Azure from Circle-CI

Continuous delivery and continuous deployment are exciting frontiers in software development. If set up properly, any code committed to a project's repository can pushed live after passing a series of defined tests in a simulated environment. As part of my first group project at Hack Reactor, I wanted to learn how to set up a continuous deployment system, so that we could concentrate on developing great software rather than deploying it. For this, I chose Circle-CI, which was initially easy to set up and had a great user interface.

We chose to host our project on Microsoft's Azure platform, for no better reason than the fact that they've been very generous with credits for Hack Reactor students (and YCombinator startups). Without that incentive, we certainly wouldn't have chosen them - they're behind the ball on some key features.

One area in which they're lagging is authentication for git-based deployment. Unlike every other major service, Azure doesn't allow authentication via SSH certificates, instead requiring a username and password. This is fine if you're manually entering the password, but fails in an automated environment.

(If you came here looking for the soulution, skip down to the bottom; this story gets a bit long).

Problem 1: I didn't want to commit my username or password to a public (or, frankly, private) repository, particuarly one I'm working on with colleagues.

Problem 2: Environment variables are typically the solution in a case like this, but Azure's site-specific credentials include dollar signs ("$"), which cause problems with escaping in the terminal, as well as in URL formatting. Because I needed to construct a URL to push to from the environment variables, this option was a no-go.

Problem 3: One option remained, and that was constructing a URL string without substitution, directly from my personal credentials (rather than the site-specifc credentials). This avoided the problems with the "$" character, but was unacceptable due to my colleagues then having access to my credentials for every Azure site on my account.

After spending several hours working through various permutations of environment variables and URL encoding, I finally hit upon an outside-the-box solution:

First, make sure you've set up Circle-CI to access your Github account and run the appropriate tests for each build.

Then, set up a deployment script to push back to your Github repository on a different branch. In my case, we're using the Yeoman Angular-Fullstack generator, which comes with a great Gruntfile. I added these lines to the Gruntfile under the Buildcontrol section:

    github: {
        options:{
              remote: 'git@github.com:YourOrganizationHere/Repository.git',
              branch: 'production'
            }
          }

Note that production is just the name I chose; you can use any branch name.

Then add the following to your circle.yml file (you may have to create one if you don't already have it in your repo):

    deployment:
          production:
            branch: master
                commands:
              - git config --global user.email 'your-email@host.com'
              - git config --global user.name 'Your Name'
              - grunt build && grunt buildcontrol:github

You may have different build scripts, but these should work if you're using Grunt with Buildcontrol.

Normally you'd have to add SSH keys to push to a remote repository, but since Circle-CI already has access, you shouldn't need to.

At this point you may want to test your build; committing to master should run your tests in CircleCI and then push it back to your Github repository under the branch name that you chose.

From here, you'll need to sign into the Azure management console and open up the site you'd like to deploy. On the right sidebar, select "Set up deployment from source control."

Then select "Github," followed by choosing the repository and branch name (in my case, "production") that you want to deploy. After clicking OK, Azure should begin continuously deploying from that branch of the repository.

Yes, this is a total hack. Microsoft is totally remiss from both a security and usability standpoint in not allowing connection to Azure repositories via SSH. But, if you're using Circle-CI and Azure, you can set up continuous deployment by using Github as an intermediary.

Bradley Portnoy

Bradley Portnoy

I'm a recovering politico and brand marketer diving head-first into the world of software development, and always searching for ways to impact the world for the better.

View Comments
Navigation