我正在尝试更新发布到 Azure Web 应用程序的 Github 操作脚本,并且我添加了指向相关 Web 应用程序的专用链接 - 导致我大幅更新了脚本。但我仍然看到错误。
我最初看到一个错误,说明我的应用程序使用私有链接,因此我无法再像以前那样进行部署。文章在这里:https://azure.github.io/AppService/2021/03/01/deploying-to-network-secured-sites-2.html
这是 Github 操作脚本的一部分:
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Download artifact from build job
uses: actions/download-artifact@v2
with:
name: java-app
- name: Zip the app contents
uses: papeloto/action-zip@v1
with:
files: app.jar
dest: app.zip
- name: Set SAS token expiration
run: echo "expiry=`date -u -d "$EXPIRY_TIME" '+%Y-%m-%dT%H:%MZ'`" >> $GITHUB_ENV
- name: Azure CLI script
uses: azure/CLI@v1
with:
azcliversion: 2.19.1
inlineScript: |
az extension add --name webapp
echo "Added Extension"
az storage container create -n $CONTAINER --account-name $ACCOUNT --resource-group $BASE_GROUP
echo "Created Container"
az storage blob upload -f app.zip --resource-group $BASE_GROUP --account-name $ACCOUNT -c $CONTAINER -n $ACCOUNT
echo "Blob Upload Step Completed"
ZIP_URL=$(az storage blob generate-sas --full-uri --permissions r --expiry ${{ env.expiry }} --resource-group $BASE_GROUP --account-name $ACCOUNT -c $CONTAINER -n $ACCOUNT | xargs)
echo "ZIP_URL Created"
az webapp deploy --name $WEBAPP --resource-group $TEST_GROUP --type zip --src-url $ZIP_URL --async false
echo "Deployment Completed"
az storage container delete -n $CONTAINER --account-name $ACCOUNT
这是我当前看到的输出:
Run azure/CLI@v1
Starting script execution via docker image mcr.microsoft.com/azure-cli:2.19.1
WARNING: The installed extension 'webapp' is in preview.
Added Extension
WARNING: There are no credentials provided in your command and environment, we will query for the account key inside your storage account.
Please provide --connection-string, --account-key or --sas-token as credentials, or use `--auth-mode login` if you have required RBAC roles in your command. For more information about RBAC roles in storage, visit https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli.
Setting the corresponding environment variables can avoid inputting credentials in your command. Please use --help to get more information.
ERROR: Client-Request-ID=a4d42790-c7ab-11ee-b92c-0242ac110002 Retry policy did not allow for a retry: Server-Timestamp=Sat, 10 Feb 2024 00:30:50 GMT, Server-Request-ID=b66b9e8f-901e-0075-6bb8-5bd530000000, HTTP status code=404, Exception=The specified resource does not exist. ErrorCode: ResourceNotFound<?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource does not exist.RequestId:b66b9e8f-901e-0075-6bb8-5bd530000000Time:2024-02-10T00:30:51.5358190Z</Message></Error>.
ERROR: The specified resource does not exist. ErrorCode: ResourceNotFound
<?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource does not exist.
RequestId:b66b9e8f-901e-0075-6bb8-5bd530000000
Time:2024-02-10T00:30:51.5358190Z</Message></Error>
Error: Error: az cli script failed.
cleaning up container...
MICROSOFT_AZURE_CLI_(number)_CONTAINER
Error: az cli script failed.
问题出现在最后一步。在输出的前几行中看到的有关凭据丢失的消息是否与“找不到资源”错误有关?如果是这样,如何确保当 CLI 步骤运行时,身份验证正常工作并且我看不到凭据消息?如果没有,为什么看不到存储帐户?我确信它存在。
注意: 存储帐户位于一个资源组中,而 Web 应用程序位于不同的资源组中。我在 Azure Login 步骤中创建并引用了一个服务主体,该步骤具有两个资源组的 contributor。理论上,Azure Login 步骤应帮助Azure CLI Script 步骤进行身份验证并验证该存储帐户是否存在。显然,至少其中之一没有发生。
我还在 CLI 脚本中添加了 echo 语句,这就是我知道
az storage container create -n $CONTAINER --account-name $ACCOUNT --resource-group $BASE_GROUP
命令导致我出现问题的原因。
如何修复使用 GitHub 操作并给出资源未找到错误的 Azure CLI 任务
我同意阿泽姆的评论。要使用 Azure CLI 的 GitHub Action,您需要使用 Azure 的最新版本。
脚本:
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Download artifact from build job
uses: actions/download-artifact@v2
with:
name: java-app
- name: Zip the app contents
uses: papeloto/action-zip@v1
with:
files: app.jar
dest: app.zip
- name: Set SAS token expiration
run: echo "expiry=`date -u -d "$EXPIRY_TIME" '+%Y-%m-%dT%H:%MZ'`" >> $GITHUB_ENV
- name: Azure CLI script
uses: azure/CLI@v1
with:
azcliversion: 2.56.0
inlineScript: |
az extension add --name webapp
echo "Added Extension"
az storage container create -n $CONTAINER --account-name $ACCOUNT --resource-group $BASE_GROUP
echo "Created Container"
az storage blob upload -f app.zip --resource-group $BASE_GROUP --account-name $ACCOUNT -c $CONTAINER -n $ACCOUNT
echo "Blob Upload Step Completed"
ZIP_URL=$(az storage blob generate-sas --full-uri --permissions r --expiry ${{ env.expiry }} --resource-group $BASE_GROUP --account-name $ACCOUNT -c $CONTAINER -n $ACCOUNT | xargs)
echo "ZIP_URL Created"
az webapp deploy --name $WEBAPP --resource-group $TEST_GROUP --type zip --src-url $ZIP_URL --async false
echo "Deployment Completed"
az storage container delete -n $CONTAINER --account-name $ACCOUNT
您可以使用
azcliversion: 2.56.0
,或者,如果删除 azcliversion 参数,它将自动采用最新的 CLI 版本。
参考: