2

We are doing releases to azure from an on-prem hosted TFS using the "Azure app service deploy"-task.

We have just enabled "private link" on our app services. The SCM-api on the app services are now closed off from the internet. We can no longer deploy from TFS. Has anyone here worked through a similar scenario? What would be the best strategy here?

Scenario illustrated

Md. Shariful Siddique
  • 366
  • 2
  • 11
magnarwium
  • 235
  • 2
  • 14
  • 1
    If the TFS server is already in the vnet, your TFS should try to use the private endpoint of the web app to deploy rather than using the public endpoint. It should be yourWebApp.scm.privatelink.azurewebsites.net. You can get this by going inside the Private DNS zone used for your web app. – Md. Shariful Siddique Oct 24 '20 at 16:23
  • How's your issue going? Do you still want to use TFS to do the deployment, or you are looking for non-tfs solution? – Cece Dong - MSFT Nov 06 '20 at 09:50
  • We are working on setting up TFS build-agent on a VM inside the virtual network as the long term solution. Short term is uplading the artifact to blob storage. We can use blob trigger to start a power shell script running deploy as an azure function inside the virtual network. This feels more than a hack than any thing else:) – magnarwium Nov 15 '20 at 16:59
  • I found an article (old) about deploying to ASE using TFS. May be something similar is possible with App Service protected with private endpoint - https://learn.microsoft.com/en-us/archive/blogs/mihansen/continuous-deployment-with-vststfs-and-app-service-environment-ase – Andy Jan 12 '22 at 19:02
  • 1
    I would love to see latest Microsoft recommendation setting up CI/CD with WebApp with private endpoint. WebApp behind private endpoint is so popular and no latest guidance is available on Azure docs. – Andy Jan 12 '22 at 22:47

0 Answers0