Azure WebApp Github deployment using ZipDeploy - package not working

Question

Azure shows my deployment was successful and the latest deployment is active. GitHub workflow logs show success on each step with Package deployment using ZIP Deploy initiated and Successfully deployed web package to App Service displayed when deploying via workflow running azure/webapps@v2. This caused an error '403 forbidden - You don't have access to this resource' when trying to access via the app service URL. When attempting to fix this error in the Kudu bash console and viewing the associated application logs, while azure is running the startup script, it was returning an error explaining it could not find or access some files in the root directory. See error shown in Azure application logs below.

The configuration used for the pipeline is GitHub repo only contains the WordPress custom theme files, GitHub workflows and other necessary files that regard the application of the custom theme (No Wordpress installation, nodemodules etc). The workflow then automatically pushes the changes to the repo to Azure by using the Azure WebApp Zip Deploy service. This is why I was confused when the output was this error related to missing the root files such as index.php, as these files would have already existed on the Azure server wwwroot folder and the repository or deployment is unrelated to the location or existence of this file.

Looking into the contents of wwwroot on the Kudu scm site, all the files for the whole application are there as expected. However, the timestamps for each directory/file in wwwroot show that the new component files I had pushed through GitHub were missing and and changes to the existing files had not been pushed it to the Azure Web app. Some files had the timestamp of a previous deployment that had similar issues to this one, but none have a timestamp for the latest deployment made today 23/02/2022.

The only way to stop the error 403 forbidden is to remove the WEBSITE_RUN_FROM_PACKAGE="1" setting from Configuration within the Azure portal. Then restarting the server results in the website URL being accessible but still outdated content. Due to this, I looked into deployments being generated by the Azure ZipDeploy process, the deployment zip's contain everything from the Github repository as expected. I know the site is now only running and not returning the same 403 error because I have disabled the website using the package but I need to run the site this way.

I assume the whole issue is due to an problem with the running the deploy.sh as my latest deployments have different log data compared to previous deployment logs, mine state Skipping build and Post build, both with Project type: Run-From-Zip. This also confuses me as I thought the deployment should be run from the package created, rather than the actual Zip file. I'll attach a copy of the previous deployment log and my latest deployment log to show what I mean by the above.

Further to this, if I use an FTP software - in my case FileZilla - to access the site's data, within the directory 'site' > deployments : all the existing deployments are located here and I started investigating into the differences between my deployments made and the previous deployments which were truly successful by identifying the active deployment and the most recent deployment that truly was successful. The only difference is the new deployments are not generating a manifest file which all the previous successful deployments contain and the log files have a much larger file size in comparison which makes me believe something is not right regarding the deployment script - deploy.sh - running.

I'd ideally like to get the site running the latest code I have deployed to Github by using the ZipDeploy generated package. Any help would be appreciated :)

Answer 1

kaitlynm-1035, Thanks for sharing a detailed description of the issue.

Just to highlight on how it works - I understand your requirement and as you indicated - zipdeploy is intended for fast and easy deployments from development environments, as well as deployment of ready-to-run sites built by continuous integration services such as Visual Studio Team Services.

Unlike other Kudu deployment mechanisms, Kudu assumes by default that deployments from zip files are ready to run and do not require additional build steps during deployment, such as npm install (or dotnet restore/dotnet publish).
However, this can be overridden by setting the SCM_DO_BUILD_DURING_DEPLOYMENT deployment setting to true, or by specifying custom script generator arguments or a custom deployment script [As in your case].

Kudu handles continuous deployments and provides HTTP endpoints for deployment, in your case - zipdeploy.
Yes, when you deploy a ZIP package, App Service unpacks its contents in the default path for your app (D:\home\site\wwwroot for Windows, /home/site/wwwroot for Linux).

However for FTP and WebDeploy, these mechanisms do not go through Kudu.

Kindly let us know I'll follow with you further investigation (privately)

Answer 2

@Anonymous I cant seem to reply to any of your messages, I don't know why.
I'm not sure my changes to the WordPress theme repo when pushing are being packaged correctly as the packages found in the deployments directory in the app are missing a file called manifest which was generated each time the previous developer made deployments but specifically missing from every one of my attempted deployments. Further to this, the deployment logs found in the Azure portal for the deployments I have tried show a different range of steps compared to the previous developer's deployments, that were successful and I have shown that comparison with the images above. I assume my deployment logs should be running the same steps as the previous deployments as the YAML workflow file on GitHub has not been changed and I'm still using the zip deploy method through GitHub actions as a continuous deployment which is how it was previously set up. The workflow does run build commands like NPM before using the zipdeploy service to deploy to azure.

However I don't know what is going wrong with the packaging or unpacking that is causing the site to run the 403 forbidden error, which is caused by missing files in wwwroot, whenever the configuration setting WEBSITE_RUN_FROM_PACKAGE is set to 1.

Please do let me know if that setting is incorrect for Zip Deploy as I mentioned before, I haven't used AZURE for web application deployment, but from reading the official documentation online I assumed to configure continuous deployment using Zip Deploy and Github actions that the WEBSITE_RUN_FROM_PACKAGE setting was needed as it replaced the WEBSITE_RUN_FROM_ZIP setting.

Answer 3

@Anonymous As this is an issue with my workplace's web application that we are investigating, I will need to talk to my superior to get an approval before continuing with this route to fixing the issue. I will liaise with him this week some time and should get back in touch with the contact details you provided and follow up as soon as possible to work with you on fixing this issue. Hope you understand the delay and I look forward to your specialised assistance.

Thanks once again for all the guidance done so far and for your patience