Azure SQL deployment failures can be frustrating and time-consuming to resolve.
A common cause of deployment failures is an invalid or missing connection string, which can be easily checked in the Azure portal under the "Connection strings" tab.
Incorrect database credentials or permissions can also cause deployment issues, as seen in Section 3, "Authentication and Authorization Issues".
Make sure to double-check your database credentials and permissions to avoid this common pitfall.
Deployment failures can also be caused by a mismatch between the database schema and the application code, which can lead to errors during deployment.
This can be resolved by verifying the database schema and making any necessary changes to the application code, as outlined in Section 5, "Schema and Code Mismatch Issues".
Troubleshooting Azure SQL Deployment
To troubleshoot Azure SQL deployment, check the Activity log for the Validate Deployment error dropdown, which can help you identify the policy issue causing the error.
The 'deny' Policy action error can be resolved by checking the JSON tab, where you can see the error originated from a specific section.
Looking at the JSON tab can reveal the resource ID and status, such as "/subscriptions/XXXXXXXXX/resourceGroups/XXXXXXX/providers/Microsoft.Sql/managedInstances/minamehere" with a status of "Failed".
You can then use this information to navigate to Policies > Assignments > Allowed resource types and add the missing resource type, such as "Microsoft.Sql/managedInstances".
Deployment Methods
You can deploy Azure SQL Database using the Azure SQL Database Deployment task, which requires a connection string without any User Id/Password or Integrated Security.
To use the identity of your Service Connection, choose "Connection String" as your authentication type, and then put a connection string in the Additional SqlPackage.exe Arguments box with the Access token.
The JDBC driver supports "ActiveDirectoryMSI" as an authentication type, but it's not an option for deployment. Thankfully, as of version 18 of SqlPackage.exe, /AccessToken is a valid argument, which allows you to use the identity of your Service Connection.
Deploy DB DacPac
To deploy a DB DacPac, you'll need to use the Azure SQL Database Deployment task.
The Azure SQL Database Deployment task requires a specific authentication type, which is Connection String.
You'll need to put a connection string without any User Id/Password, nor any Integrated Security.
Use the Additional SqlPackage.exe Arguments box to assign the Access token.
As of version 18 of SqlPackage.exe, /AccessToken is a valid argument, allowing you to use an Access token for authentication.
This means you don't need to keep any credentials in pipeline variables or hardcoded in your deployment.
The Devs don't need to keep any credentials in pipeline variables or hardcoded.
This is a more secure and efficient way to deploy your schema to each environment.
You can deploy your schema to multiple environments, such as integration, staging, and production Azure SQL Databases.
To do this, you can split up the build and release into separate jobs in your GitHub Actions workflow.
This will allow you to deploy to multiple databases, including a separate Azure SQL Database for unit testing.
GitHub Actions Deployment Method
You can use GitHub Actions to deploy to Azure SQL Database in a basic method, which involves creating a dacpac and deploying it to a single database.
The basic method uses a GitHub-hosted runner in Azure to do the build, which saves you from having to use your computer as a self-hosted runner.
To deploy to multiple databases, you can split up the build and release into separate jobs, just like in Azure DevOps.
You'll need to create Azure Credentials for access, which involves running the 'az login' command and adding the credential as a secret within GitHub.
The Deploy Action can be used to deploy to Azure SQL Database, but you'll need to enter the server's name separately, as it's required to configure the firewall on the logical SQL Server.
You can use PowerShell to call the msbuild executable and run executables installed on the GitHub-hosted runners.
After creating the Azure Credential, you can add it as a secret within GitHub and use it in your deploy job.
It's worth noting that you can't automatically select your Azure subscription like you can if you have your own Azure DevOps organization.
To deploy to multiple databases, you can create separate jobs for each database, just like in Azure DevOps.
You can use the same secrets you created for the basic method in the release stage.
The Deploy Action can be used to deploy to on-premises versions of SQL Server, but it was designed specifically for Azure SQL Database deployments.
You can use the 'az login' command to create the Azure Credential and add it as a secret within GitHub.
After running the 'az login' command, you can add the credential as a secret within GitHub and use it in your deploy job.
It's a good idea to check that an artifact has been created after the build and release process is complete.
You can download the artifact and check the dacpac is in there, just like in Azure DevOps.
Alternatives and Introduction
You can try alternative deployment methods to resolve Azure SQL deployment failures.
One option is to test using other GitHub Actions for deployments, which can help you identify the root cause of the issue.
Calling sqlpackage directly using PowerShell is another viable alternative, as it allows you to bypass the Azure SQL deployment process and test the deployment locally.
Alternatives for Database
You can explore alternatives to Azure SQL Database if needed. One option is to test using other GitHub Actions for deployments.
If you're not set on using Azure SQL Database, you can also consider calling sqlpackage directly using PowerShell instead. This can be a useful alternative, especially if you're already familiar with PowerShell.
GitHub Actions offer a range of deployment options, including alternatives to Azure SQL Database. You can experiment with different actions to find the one that works best for your project.
Using PowerShell to call sqlpackage can be a more streamlined approach, especially if you're already comfortable with the tool. It's worth considering as a viable alternative to Azure SQL Database.
Introduction
If you're trying to deploy Azure SQL Managed Instance in Azure via Azure Bicep, you may have encountered the 'Network Intent Policy' error when trying to redeploy your Azure Bicep template.
This error doesn't present itself on your first deployment, but it shows up when you try to redeploy your template again.
The error is caused by ARM (Azure Resource Manager) believing that something is changing or being redeployed, even if nothing is actually changing.
Frequently Asked Questions
How do I deploy Azure SQL?
To deploy an Azure SQL database, create a DACPAC using a SQL database project in Visual Studio and then add a deployment snippet to your Azure Pipelines. This process allows you to package and deploy schema changes and data to Azure SQL.
Sources
- https://superuser.com/questions/1470516/deployment-failed-using-azuredevops
- https://dba.stackexchange.com/questions/252189/validate-deployment-failed-deny-policy-in-sql-managed-instance-azure
- https://medium.com/microsoftazure/deploying-a-dacpac-to-azure-with-azure-pipelines-and-managed-identity-89703d405e00
- https://www.kevinrchant.com/2020/11/23/deploying-to-azure-sql-database-using-github-actions/
- https://rios.engineer/azure-sql-managed-instance-network-intent-policy-error-fix-in-azure-bicep/
Featured Images: pexels.com