This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
In collaboration with Wagner Silveira
Automating the deployment of Logic Apps Standard through a CI/CD pipeline requires a different process from that used by Logic Apps Consumption. As Logic Apps Standard now encapsulates a group of workflows in a single unit of deployment (the Logic App Standard App), to fully automate the deployment process the following artefacts are required:
- Logic Apps Standard App (including dependencies like App Service Plan and Storage accounts)
- Managed Connectors (also known as Azure Connectors)
- Connection settings (connections.json)
- Parameter settings (parameters.json)
- Application settings configuration
There are a few things to consider when deploying Azure connectors (managed connectors).
1. Access policies:
Logic app resource requires permission to read the connection secrets from APIHUB to interact with connector backend.
In case of consumption logic app, this is implemented internally (Being a shared cloud service, Logic App’s service principal has these permissions to read connection secrets).
Whereas in the case of standard logic app, as runtime is hosted in customer’s environment, there is a need to explicitly add an access policy at Azure connection to add permissions for System assigned managed identity of Logic App.
To achieve this, in the Logic app ARM template we would be creating system managed identity for logic app, input this identity value to Connection creation ARM template and add access policy.
2. Connection runtime URL:
In Logic App Standard, the connections.json file would have a field called “connectionRuntimeUrl” that refers to the runtime URL of the azure connection being used. Hence while deploying workflows, it is important to retrieve the “connectionRuntimeUrl” from the azure connection which is deployed in the portal and apply it to the correct entry in connections.json file.
To achieve this, In the connection creation ARM template, we would push the connection runtime URL as an app setting and in connections.json, we would refer to this app setting.
Please refer to the diagram below and the reference article for more details on these concepts.
Based on the above considerations, please find below the detailed steps for deploying a logic app and its workflows with all three types of connections (built-in/service provider connections, Azure connections and function connections).
Step 1 – Creating the Logic App infrastructure ARM template
In this template we add Logic app infrastructure resource and all the dependent resources like Storage Account, Application Insight, App service plan and VNET configurations. In this step we:
- Define the ARM template to deploy the Logic App and its dependent resources.
- Enable managed identity on the Logic app resource and output the Tenant ID and ObjectId of the managed identity
Step 2 – Creating the Managed connections ARM template
In this template, we would add Azure connection resources. This template would take inputs from the previous template and use them to create access policy for Logic App’s managed identity. In this step we:
- Define the ARM template for the API connections to be used in the logic app
- Add the access policy to provide access to Logic App’s managed identity.
- Output the Connection Runtime URL
Step 3 – Setup the Infrastructure as Code (IaC) pipeline
Once both templates (Logic app infrastructure and Connections) are ready, create a DevOps pipeline to deploy these resources to Azure and to update app settings.
Define a DevOps pipeline that include the steps below:
- Deploy the Logic App infrastructure template
- Retrieve ARM output parameters
- Deploy Connections template
- Retrieve ARM output parameters
- Add connection Runtime URL in the app settings configuration
Step 4 – Setup the CI pipeline
In this step, we would create a ZIP package of the workflows folder, based on the source code repository. For example, you can push your VSCode project to source control and trigger a run of this pipeline whenever there is any commit to the project.
Please note that the changes below are required in the connections.json file.
Update the Azure connections section with the app setting property of connection runtime URL and parameterize the authentication field. Create a parameter file for storing the authentication details.
In this example, we are using built-in and function app connections as well, so we update the connection metadata for these connections as well with app settings. Make note of these App setting fields, as they are required later in the CD pipeline.
Please refer to the code snippet below for more details.
Follow the steps below:
- Add the project folder to your repository.
- Create a DevOps pipeline to zip the project folder and publish the artefacts
Step 5 – Setup the CD pipeline
In this step, we would create a pipeline to deploy the zip package created in the previous step. During this step we update the app settings for all the app settings parameters used in the Connections.json file, so they can be found during runtime.
Create a DevOps pipeline to include the steps below
- Add the app setting configuration for built-in and function app connections.
- Deploy the workflows from the package created in the above CI pipeline.
In this example, I am using two workflows with an azure connection, a service provider connection and a function connection.
Create an Azure DevOps project and create a service connection for your Azure subscription.
Create three azure pipelines (IAC pipeline, CI pipeline and CD pipeline) using the yaml files created in the above steps.
Update the service connection name, resource group and LA name in the variables.yaml and the TODO sections in the pipeline yaml files.
Run the pipelines one by one, verify that the logic app, connections, and workflows are deployed.
GitHub Repo used in the example: LogicAppStandard/azure-devops-sample at master · ShreeDivyaMV/LogicAppStandard (github.com)