4

I'm getting an error when trying to deploy an Azure Function app from a GitHub Action.

The error is

##[Initialize]
##[ValidateParameter]
##[ValidateAzureResource]
Using SCM credential for authentication, GitHub Action will not perform resource validation.

Error: Execution Exception (state: ValidateAzureResource) (step: Invocation)
Error: When request Azure resource at ValidateAzureResource, Get Function App Settings : Failed to acquire app settings (SCM)
Error: Failed to fetch Kudu App Settings.
Bad Request (CODE: 400)
Error: failed to fetch Kudu App Settings.
Bad Request (CODE: 400)

at Kudu. (D:\a_actions\Azure\functions-action\v1\node_modules\azure-actions-appservice-rest\Kudu\azure-app-kudu-service.js:62:23)
at Generator.next ()
at fulfilled (D:\a_actions\Azure\functions-action\v1\node_modules\azure-actions-appservice-rest\Kudu\azure-app-kudu-service.js:5:58)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
Error: Deployment Failed!

This has been working in exactly the same way for months - I have made 100s of deployments using it, but over the last couple of days its started failing (across multiple repos).

It's very similar to this question, but when I added my 'variant' of that problem I got trampled on and told to add as a new question - so here we are.

The difference in my case is that I'm not using a publish profile (at least not explicitly), instead I am using a service principal credential. It wouldn't surprise me int he least if this isn't using a publish profile under the covers (which is why I think my question is a variant of the one above).

Its very important that I don't have any manual steps in my deployment process - so I really need to find a fully automated workaround for this. I'm off to trawl through the code of the GitHub action, but in the meantime, does anyone happen to know how to fix this straight off?

Improve this question

3 Answers 3

Reset to default
8

For anyone looking into this, in my case this was due to IP Access Restrictions in my function - there was a limited set of allowed IP addresses.

There is an easy solution to this instead of manually adding Github Actions' Azure IP addresses - you can go to your function on Azure > Networking > Access Restriction

Access Restriction

Once on that screen, when adding a rule instead of IPv4 address, choose Service Tag and search for AzureCloud service tag, which according to this opens all datacenter public IP addresses: https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview

Service Tag

Initially I thought selecting ActionGroup service tag would work, but then had to revert to AzureCloud tag.

If anyone knows of a more restrictive tag to address this Kudo Github Actions issue instead of allowing all with AzureCloud, please comment.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

not sure if its an answer - but I think we might have some clue: https://github.com/Azure/functions-action/issues/49

Improve this answer

Comments

0

By default, the IP restrictions for the App Service, and SCM (Kudu) are separate. So if you have IP restrictions on, you should still be able to deploy.

Is it possible someone turned on the Same restrictions as <app>?

Since you are concerned about the wide-open allow AzureCloud service tag I would check this setting and turn it off temporarily and see if you are able to deploy without allow AzureCloud

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.