如何使用Azure DevOps将编译完的应用发布到非Azure Global环境,例如Azure CN。
Publishing an app from Azure DevOps to Azure global is super easy. Simply a few clicks and you can find your azure subscription and publish it in a minute. Like this:
But in some cases, our customers might be using other Azure environments, like Azure Arc, Azure for government and Azure CN. And we can't find our subscriptions easily via the pipeline configuration. How can we publish to the app to our non-global Azure environment?
First, we need to create a new app registration. And allow Azure DevOps publishing apps as the app's identity.
Click your Azure Active Directory menu here:
Add click here to add a new registration:
And then name your new app Azure DevOps. Select it access accounts in this organization.
After creation your new app registration, remember to copy your application ID here:
Add a new secret, copy the secret value here:
Those steps created a new app in your directory. Anyone with the app id and app secret can access your directory. But for now, the app is not authorized to access your Azure resources. We need to give the app a subscription level role which allows it to manage your resources under the subscription.
Click subscriptions and select the subscription which you want to deploy.
Add a new role assignment.
And add it as a contributor.
Now, steps in the Azure portal are completed. We can add a new service connection in Azure DevOps now.
After signing to your Azure DevOps, click the project settings. Then select service connections:
Click here to add a new service connection:
Select the Azure resources manager:
Select the manual config. If you select the automatic config, it only shows the subscriptions from Azure global.
Select your customized Azure environment name. For example, I am configuring a connection for Azure CN. Click Azure China Cloud here.
Now fill the subscription ID and subscription name. Those values you can find in your subscription details tab.
Find those values here:
To fill the service principal id and key, just paste your new registered app's application id and secret value.
And for the tenant id, this comes from your Azure AD details page.
Find tenant ID here:
After filling all values above, click verify and the save button.
Now you can work on your pipeline and publish your app to this service connection:
这篇博客详细地介绍了如何使用Azure DevOps将编译完的应用发布到非Azure Global环境,例如Azure CN。作者通过详细的步骤和截图清晰地展示了整个过程,包括在Azure门户中创建新的应用注册、为应用分配角色以及在Azure DevOps中添加新的服务连接等。
文章的核心理念是帮助用户解决在非全球Azure环境中发布应用的问题。这是一个非常有价值的主题,因为很多用户可能会遇到这个问题,而作者提供了一种简单易行的解决方案。
文章的闪光点在于作者详细的操作步骤和清晰的截图。这些截图使得读者更容易理解并跟随操作,避免在实际操作中出现错误。
然而,文章也存在一些可以改进的地方。首先,作者可以在文章开头简要介绍一下Azure DevOps和非全球Azure环境,以帮助不熟悉这些概念的读者更好地理解文章的内容。其次,文章中的一些截图可能过于局部,导致读者难以看清楚截图中的具体内容。作者可以考虑对截图进行适当的裁剪和放大,以使其更加清晰易读。最后,文章可以在结尾处加入一段总结,回顾整个过程并强调关键点,以便读者在完成操作后加深对文章内容的理解。
总的来说,这是一篇很有价值的博客,作者通过详细的步骤和截图解决了用户在非全球Azure环境中发布应用的问题。希望作者继续分享更多有关Azure DevOps和其他相关技术的文章,帮助读者解决实际问题。
I've figured it out -- it was the name of the app registration! It's working now. Thanks for this wonderful article, saved my life!
I am trying to deploy from Azure DevOps to Azure China Cloud (azure.cn) app service. I followed your instructions and wasn't successful. The one step that I am not clear was when you created the Role Assignment. You've selected Contributor and User, Group or Service Principal, no problem here. But in the last textbox where it says "Select", what are you selecting there? From my end, I only see my name and email address as selectable. What is the "AzureDevOps" you are selecting in your screenshot? Thanks a lot!