Azure Government Clouds provide private and semi-isolated locations for specific Government or other services, separate from the normal Azure services. Highest levels of privacy have been adopted for these clouds, including restricted data access policies.

MS Azure Government (MAG) is a completely isolated environment and as such requires unique Azure endpoints to manage the services offered there. MAG supports authentication using management certificate, user credentials or service principal for requests to the service management APIs.

Visual Studio Team Services (VSTS) enables requests to MAG environments with a CD process using service endpoints (Azure classic service endpoint for requests using management certificate or credentials, Azure resource manager service endpoint for requests using service principal authentication).

VSTS is currently not available in MS Azure Government.

In this article, we’ll look at how you can configure continuous deployment for an Azure web site in MAG with a VSTS account outside MAG. We’ll authenticate using service principal authentication.

Note that this process would the orchestrating builds & deployments, and storing the build artifacts outside MAG. In case you require stricter data restrictions for your application, you can configure a private agent on a VM in the MAG. Refer to this for more details.

Get set up

Begin with a CI build

Before you begin, you’ll need a CI build that publishes your Web Deploy package. To set up CI for your specific type of app, see:

• Build your ASP.NET 4 app
• Build your ASP.NET Core app
• Build your Node app with Gulp

Create the Azure app service

An Azure App Service is where we’ll deploy the Web App. Create a new web app in your subscription from the MAG portal.

Generate a service principal

Download & run this PowerShell script in an Azure Powershell window to generate required data for Service Principal based Azure service connection. Running this script would prompt you for:

• The name of your Azure Subscription name
• A password that you would like to set for the Service Principal that is going to be created
• You should also provide the MAG environment name for your subscription in the environmentName parameter.

Once successful, the script would output the following details for the Azure Service Endpoint.

• Connection Name
• Subscription Id
• Subscription Name
• Service Principal Client Id
• Service Principal key
• Tenant Id

Configure a VSTS endpoint

• From your Visual Studio Account, navigate to your Team Project and click on gear icon.
• Click Services tab and click on ‘New Service Endpoint’ in the left pane.
• From the drop-down, select ‘Azure Resource Manager’ option.

• In the dialog, click the link at end of the text “If your subscription is not listed or to specify an existing service principal, click here”, which will switch to manual entry mode.

• Give the endpoint a friendly name, choose the MAG environment name and enter the details obtained from execution of the script while creating a service principal.

Setup release

1. Open the Releases tab of the Build & Release hub, open the + drop-down in the list of release definitions, and choose Create release definition
2. Select the Azure App Service Deployment template and choose Next.

3. In Source… make sure your CI build definition for the Web deploy package is selected as the artifact source.

4. Select the Continuous deployment check box, and then choose Create.
5. Select the Deploy Azure App Service task and configure it as follows:

6. Edit the name of the release definition, choose Save, and choose OK. Note that the default environment is named Environment1, which you can edit by clicking directly on the name.

You’re now ready to create a release, which means to start the process of running the release definition with the artifacts produced by a specific build.

References

• Deployments to Azure Government cloud
• Implement continuous deployment of your app to an Azure web site