Deploy to a cloud provider using a GitHub Actions workflow

Learn how to automate a complete CI/CD pipeline for your Node.js application using GitHub Actions and Azure App Service. In this guide, you’ll:

Prepare Azure resources with the CLI or Portal
Configure GitHub Actions workflows
Securely connect GitHub to Azure
Verify deployments in Azure and GitHub
Optionally download a publish profile for manual setup

Prerequisites

A GitHub repository with your Node.js application
An active Azure subscription
Azure CLI installed and authenticated (az login)
Basic knowledge of GitHub Actions and YAML workflows

Official Deployment Docs & Resources

GitHub maintains comprehensive guides for CI/CD with Azure. For more examples and advanced configuration, refer to:

The image shows a GitHub documentation page about deploying a Node.js project to Azure App Service using GitHub Actions. It includes sections like Introduction and Prerequisites.

Create Azure App Service via CLI

Use the Azure CLI to provision your App Service plan and web app quickly.

# 1. Create an App Service plan (Linux, B1 SKU)
az appservice plan create \
  --resource-group MY_RESOURCE_GROUP \
  --name MY_PLAN_NAME \
  --is-linux \
  --sku B1

# 2. Create a Web App with Node.js runtime
az webapp create \
  --resource-group MY_RESOURCE_GROUP \
  --plan MY_PLAN_NAME \
  --name MY_WEBAPP_NAME \
  --runtime "NODE|14-lts"

# 3. Retrieve publish profile XML (for GitHub Secrets)
az webapp deployment list-publishing-profiles \
  --name MY_WEBAPP_NAME \
  --resource-group MY_RESOURCE_GROUP \
  --xml

Tip

Store the XML output as a GitHub Secret named AZURE_WEBAPP_PUBLISH_PROFILE for seamless deployment.

Quick CI/CD Workflow Overview

Your GitHub Actions workflow typically defines two jobs:

Job	Purpose	Key Actions
build	Prepare application artifact	Checkout → Setup Node.js → Test → Zip
deploy	Publish the build artifact to Azure App Service	Download → Unzip → `azure/webapps-deploy@v2`

Here’s a minimal example (.github/workflows/azure-nodejs.yml):

name: Build and Deploy to Azure Web App

on:
  push:
    branches: [ main ]
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with: { node-version: '20.x' }
      - name: Install & Test
        run: |
          npm install
          npm run build --if-present
          npm run test --if-present
      - name: Package App
        run: zip release.zip . -r
      - uses: actions/upload-artifact@v3
        with: { name: node-app, path: release.zip }

  deploy:
    needs: build
    runs-on: ubuntu-latest
    environment:
      name: production
      url: ${{ steps.deploy.outputs.webapp-url }}
    steps:
      - uses: actions/download-artifact@v3
        with: { name: node-app }
      - name: Unzip Artifact
        run: unzip release.zip
      - id: deploy
        uses: azure/webapps-deploy@v2
        with:
          app-name: ${{ env.AZURE_WEBAPP_NAME }}
          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
          package: .

Step 1: Create App Service in Azure Portal

Navigate to App Services → Create.
Select your Subscription and Resource Group.
Configure instance details (Runtime: Node.js, OS: Linux).

The image shows a configuration screen for setting up an Azure App Service, including options for subscription, resource group, instance details, runtime stack, operating system, and region.

Choose a pricing plan (e.g., Basic B1).

The image shows a table listing various computing options with details such as ACU/vCPU, vCPU, memory, remote storage, and scale. A "Basic B1" option is selected, highlighting its specifications.

Under Deployment, enable GitHub Actions and authenticate.

Step 2: Authorize GitHub Access

When prompted, grant Azure permission to your GitHub account and repository:

The image shows a Microsoft Azure portal screen for creating a web app, with a pop-up window for authorizing Azure App Service to access a GitHub account. The pop-up includes options to authorize access to repositories and update GitHub Action workflow files.

Select Organization
Choose Repository (e.g., GA Cloud Deploy Demo)
Pick Branch (main)
Preview & Confirm

Step 3: Secure GitHub Environment

In GitHub, go to Settings → Environments.
Create an environment named production.
(Optional) Add protection rules or required reviewers.

The image shows a GitHub repository settings page, specifically the "Environments" section for configuring production deployment protection rules. It includes options for required reviewers, wait timers, and custom rules with GitHub Apps.

Step 4: Automatic Workflow Commit

Azure provisions the resources and commits a workflow file to .github/workflows/:

The image shows a Microsoft Azure portal page indicating that a web app deployment is complete, with details about the resources and their status.

Step 5: Inspect GitHub Changes

Secrets: A new AZURE_WEBAPP_PUBLISH_PROFILE appears under Settings → Secrets.
Workflow: .github/workflows/main_<webapp>.yaml is added.
Actions: View your first run.

The image shows a GitHub Actions workflow summary for building and deploying a Node.js app to Azure Web App. The workflow was successful, with separate build and deploy steps, and includes warnings about deprecated Node.js actions.

Step 6: View Your Live App

GitHub Actions outputs the application URL after deployment. Click the link to verify your app:

The image shows a digital representation of the solar system with planets orbiting the sun, accompanied by a description and interactive elements for exploring the planets.

Step 7: Review Deployment Logs

Build Job: Checkout, Node.js setup, install, build, test, and packaging.
Deploy Job: Artifact download, unzip, and Azure webapp zip-deploy.

The image shows a GitHub Actions page where a Node.js app is being deployed to an Azure Web App. The deployment process is complete, as indicated by the success message.

Sample Node.js Application Code

Below is a simple Express app. Do not hardcode credentials in production—use GitHub Secrets and environment variables.

// app.js
const express = require('express');
const path = require('path');
const mongoose = require('mongoose');
const bodyParser = require('body-parser');
const cors = require('cors');

const app = express();
app.use(bodyParser.json());
app.use(express.static(path.join(__dirname, '/')));
app.use(cors());

// Connect to MongoDB
mongoose.connect('mongodb+srv://cluster.mongodb.net/superData', {
  user: 'superuser',
  pass: 'SuperPassword',
  useNewUrlParser: true,
  useUnifiedTopology: true
}, err => {
  if (err) console.error('MongoDB connection error:', err);
});

// Define Schema
const Schema = mongoose.Schema;
const dataSchema = new Schema({
  name: String,
  id: Number,
  description: String,
  image: String,
  velocity: String
});

// ...routes and server startup...

Warning

Never commit secrets or plaintext credentials to your repository. Always leverage GitHub Secrets.

Manual Publish Profile Download

If you prefer a manual setup:

In the Azure portal, select your Web App → Get publish profile.
Download the XML and save it as AZURE_WEBAPP_PUBLISH_PROFILE in GitHub Secrets.

The image shows the Microsoft Azure portal interface for a web app named "ga-solar-system-demo," displaying its overview, properties, and deployment details. It includes information about the resource group, status, location, and associated GitHub project.

<publishData>
  <publishProfile
    profileName="ga-solar-system-demo - Web Deploy"
    publishMethod="MSDeploy"
    publishUrl="ga-solar-system-demo.scm.azurewebsites.net:443"
    msdeploySite="ga-solar-system-demo"
    userName="$ga-solar-system-demo"
    userPWD="YOUR_PASSWORD"
    destinationAppUrl="https://ga-solar-system-demo.azurewebsites.net/">
    <!-- ... -->
  </publishProfile>
</publishData>

Congratulations! You’ve now set up a full CI/CD pipeline to build, test, and deploy your Node.js app to Azure App Service with GitHub Actions.

Watch Video

Watch video content

Practice Lab

Practice lab