Share via

Azure Function App Deployment via Azure DevOps Pipeline Fails with Invalid signature file digest or Cannot find any subscriptions Errors

Abdelrhman Goma 115 Reputation points
2025-11-03T16:21:19.9133333+00:00

🧵 Situation Summary

We are migrating part of our workload from an Azure Container App–based backend to Azure Function Apps as a cheaper, event-driven alternative for running a migration service (a Java project).

Our goal is to deploy a Java-based Azure Function (wallet-migration-function) using an Azure DevOps CI/CD pipeline. The Function App is currently using the App Service Plan: UKSouthLinuxDynamicPlan (Y1: 0), but we also considered using a Premium plan (container-based) depending on deployment stability and performance.

⚙️ Setup Details

🧱 Project

Java Function App built with Maven

Uses the azure-functions-maven-plugin version 1.18.0

Built as a JAR and deployed via mvn azure-functions:deploy

📦 POM Plugin Section

🧰 Azure DevOps Pipeline YAML

trigger:
- functionapp

pool:
  vmImage: 'ubuntu-latest'

variables:
  azureServiceConnection: 'p2p-v2-internal-sc-dev1'
  functionAppName: 'p2p-v2-migration-func-dev'
  resourceGroup: 'p2p-v2-internal-rg-dev'

# 1️⃣ Login to Azure
- task: AzureCLI@2
  displayName: 'Login to Azure (via Service Connection)'
  inputs:
    azureSubscription: $(azureServiceConnection)
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
      echo "✅ Logged in successfully."
      az account show

# 2️⃣ Build Function
- script: |
    mvn clean package -Dmaven.test.skip=true
  displayName: "Build Function"

# 3️⃣ Package Function
- script: |
    mvn azure-functions:package -Dmaven.test.skip=true
  displayName: "Stage Azure Function Package"

# 4️⃣ Deploy Function (Authenticated via Service Connection)
- task: AzureCLI@2
  displayName: 'Deploy Azure Function (authenticated via Service Connection)'
  inputs:
    azureSubscription: $(azureServiceConnection)
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
      mvn azure-functions:deploy -DauthType=azure_cli -DskipTests

# 5️⃣ Trigger Migration Run
- task: AzureCLI@2
  displayName: "Trigger Migration Run"
  inputs:
    azureSubscription: $(azureServiceConnection)
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
      FUNCTION_KEY=$(az functionapp function keys list \
        --resource-group $(resourceGroup) \
        --name $(functionAppName) \
        --function-name RunWalletMigrations \
        --query "default" -o tsv)
      curl -X POST "https://$(functionAppName).azurewebsites.net/api/RunWalletMigrations?code=$FUNCTION_KEY"

❌ Problem

The build and packaging stages succeed, but the deployment step fails with one of the following errors (depending on authentication type):

Error 1: Invalid Signature File Digest

[ERROR] Failed to execute goal com.microsoft.azure:azure-functions-maven-plugin:1.18.0:deploy (default-cli) 
on project wallet-migration-function: 
deploy to Azure Function App with resource creation or updating: Invalid signature file digest for Manifest main attributes

Error 2: Cannot Find Any Subscriptions

[ERROR] Failed to execute goal com.microsoft.azure:azure-functions-maven-plugin:1.18.0:deploy (default-cli) 
on project wallet-migration-function: 
deploy to Azure Function App with resource creation or updating: Cannot find any subscriptions in current account.

🧪 What We’ve Tried

✅ Using both:

az login before running mvn azure-functions:deploy

and deploying inside an AzureCLI@2 task (authenticated via service connection)

✅ Tested both authType=azure_cli and default authentication methods. ✅ Verified that the Azure service connection has Contributor rights on the resource group. ✅ Tried removing and recreating the Function App & Service Connection. ✅ Tried switching between Linux Consumption (Y1) and App Service Plan.

💡 Goal

We need guidance on:

Why azure-functions:deploy fails inside an Azure DevOps pipeline even after successful Azure login.

Whether using an App Service Plan (dedicated) or Function Premium (container-based) is the correct choice for a Java migration service that runs occasionally (triggered manually or on schedule).

How to make the deployment succeed reliably from CI/CD.

🗨️ Any Input Appreciated

We’d appreciate Microsoft’s input or any working sample for:

A Java Azure Function deployment from Azure DevOps using Maven

Best practice for authentication in CI/CD (service connection vs. azure_cli)

  • Recommended hosting plan for cost-effective, on-demand migration workloads
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Kumar Gudipudi 1,495 Reputation points Microsoft External Staff Moderator
    2025-11-03T16:52:56.07+00:00

    Hello Abdelrhman Goma,

    You're hitting the recursive cycle because the POM defines:

    <``properties>

    <``functionAppName>${functionAppName}</functionAppName>

    </``properties>

    That line makes the property reference itself, so when Maven tries to resolve ${functionAppName}, it loops forever and throws the cycle error.

    don’t define functionAppName as ${functionAppName} in the POM. Instead, supply it from your pipeline (or an environment variable), and let the Azure Functions Maven plugin read it.

    Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.

    User's image

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.