@Khalid Hajjouji
You don't need to manually include the az login
command if you are using AzureCli task, as this task does az login
in the background already, using the details of the ARM Service Connection, determined by the value of the azureSubscription
you have passed. The details of the service connections includes the service principal configured when setting it up.
Meaning you can remove the entire az login
line as it is unnecessary having already authenticated using service connection (ultimately using the underlying service principal) and start with your deployment command to get your bicep template deployment running.
You don't need to have the az storage account create
if you have already included this in the bicep template. This would attempt to deploy the storage account twice.
You can update your azure-pipeline YAML, to remove the reductant entries:
trigger:
- none
pool:
vmImage: 'ubuntu-latest'
variables:
environment: 'dev'
location: 'East US'
functionAppName: 'myfunctionappCreatedFromBicepPipeLine-$(environment)'
storageAccountName: 'storageaccountpipeline3'
resourceGroupName: 'newResourceGroupManuelCreated2'
appServicePlanName: 'myappserviceplan$(environment)'
stages:
- stage: Deploy_Infrastructure
displayName: 'Deploy Azure Function Infrastructure'
jobs:
- job: DeployBicep
steps:
- task: AzureCLI@2
inputs:
azureSubscription: 'AZ TST'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
az deployment group create \
--resource-group $(resourceGroupName) \
--template-file functionapp.bicep \
--parameters functionAppName=$(functionAppName) storageAccountName=$(storageAccountName) appServicePlanName=$(appServicePlanName) environment=$(environment)
- stage: Deploy_FunctionCode
displayName: 'Deploy Function Code'
dependsOn: Deploy_Infrastructure
jobs:
- job: DeployCode
steps:
- task: AzureFunctionApp@1
inputs:
azureSubscription: 'AZ TST'
appType: 'functionApp'
appName: '$(functionAppName)'
package: '$(System.DefaultWorkingDirectory)'
As others have mentioned, make sure the service principal has the required permission to manage Azure deployment. At least a contributor role at the resource group level.
Please review the document to setup an ARM Azure DevOps Service Connection for deployment within Azure. Also review the documentation on AzureCli task for more information.
Let me know if you have any question.
Regards,
Iheanacho Chukwu