Este repositório contém uma esteira completa de Infrastructure as Code (IaC) e CI/CD para deployar a Azure Function App usando:
- Bicep: Templates de infraestrutura
- GitHub Actions: Workflows de provisioning e deployment
- Azure Service Principal: Autenticação segura
- Deployment Slots: Zero-downtime deployments (blue-green strategy)
GitHub Repository
├── .github/
│ ├── workflows/
│ │ ├── provision.yml ← Provisiona recursos (manual)
│ │ └── deploy.yml ← Deploy código (tags/releases)
│ └── bicep/
│ └── function-app.bicep ← IaC template
├── scripts/
│ ├── setup-service-principal.sh ← Setup script (Linux/Mac)
│ └── setup-service-principal.bat← Setup script (Windows)
└── docs/
└── AZURE_DEPLOYMENT_GUIDE.md ← Documentação completa
Linux/Mac:
chmod +x scripts/setup-service-principal.sh
./scripts/setup-service-principal.shWindows:
scripts\setup-service-principal.batApós executar o script, vá para:
- Settings > Secrets and variables > Actions
- Adicione os secrets:
AZURE_CREDENTIALS(JSON do Service Principal)AZURE_SUBSCRIPTION_IDAZURE_RESOURCE_GROUPAZURE_FUNCTION_APP_NAMEAZURE_STORAGE_ACCOUNT_NAMEAZURE_APP_SERVICE_PLAN_NAMEAZURE_LOCATION
- GitHub Actions > Provision Azure Infrastructure
- Clique em Run workflow
- Selecione
prodoustaging
# Criar tag (dispara deploy automático)
git tag -a v1.0.0 -m "Release v1.0.0"
git push origin v1.0.0O workflow fará:
- ✅ Build .NET 10
- ✅ Deploy para staging slot
- ✅ Swap production (blue-green)
- ✅ Criar release no GitHub
Para setup detalhado, consulte: AZURE_DEPLOYMENT_GUIDE.md
- ✅ Pré-requisitos
- ✅ Setup Service Principal (Azure CLI + Portal)
- ✅ GitHub Secrets configuration
- ✅ Provisioning via Bicep
- ✅ Deployment strategies
- ✅ App Settings management
- ✅ Troubleshooting
1. git tag v1.0.0 && git push origin v1.0.0
↓
2. GitHub Actions dispara automaticamente
↓
3. Build .NET 10 + Publish
↓
4. Deploy para Staging Slot
↓
5. Blue-Green Swap (Production recebe novo código)
↓
6. GitHub Release criada automaticamente
↓
✅ Production rodando v1.0.0 (ZERO DOWNTIME)
- ✅ Service Principal com permissão
Contributor - ✅ Secrets armazenados no GitHub Secrets (encrypted)
- ✅ HTTPS obrigatório na Function App
- ✅ TLS 1.2 mínimo no Storage Account
- ✅ System Managed Identity na Function App
- Trigger: Manual (workflow_dispatch)
- Ambiente: prod ou staging
- Ação: Cria Function App, Storage, Deployment Slots
- Tempo: ~5-10 minutos
- Trigger: Automático em tags
v*ou manual - Jobs: Build → Deploy Staging → Swap Production
- Cache: NuGet dependencies
- Tempo: ~10-15 minutos
- Azure CLI 2.40+
- .NET 10 SDK
- Git
- Conta GitHub
- Azure Subscription com permissões de Owner/Contributor
- ✅ Function App (Consumption Plan)
- ✅ Deployment Slot (staging)
- ✅ App Service Plan (Dynamic/Y1)
- ✅ Storage Account (Standard_LRS)
- ✅ Blob Container (function-locks para distributed lock)
- ✅ Build artifacts (7 dias retenção)
- ✅ GitHub Releases (auto-criadas em tags)
Erro: Service Principal not found
az ad sp create-for-rbac --name "NextDnsBetBlocker-GitHub-Deploy"Erro: Deployment slot swap failed
az functionapp deployment slot list \
--resource-group YOUR_RG \
--name YOUR_FUNCTION_APPPara mais: Consulte AZURE_DEPLOYMENT_GUIDE.md#troubleshooting
- Azure Functions Docs: https://docs.microsoft.com/azure/azure-functions/
- GitHub Actions Docs: https://docs.github.com/actions
- Bicep Docs: https://learn.microsoft.com/azure/azure-resource-manager/bicep/
Este projeto está sob licença MIT.
Criado em: 2024
Versão: 1.0.0
Status: ✅ Production Ready