Regarding section Deploy a Service Bus trigger and HTTP trigger I get auth error IP Forbidden to to deploy the code via github. Since both storage and func app are behind private end points is github expected to successfully be authorized even with a managed identity since it's outside the vnet?
I confirm github repo yml file has the correct secrets, both attempted automatically generated and manually entered.
I am using a service principal federated credentials for deployment with RBAC storage and website contributor roles assigned at resource group level.
Thrown error at deployment:
Error: Failed to deploy web package to App Service.
Error: Execution Exception (state: PublishContent) (step: Invocation)
Error: When request Azure resource at PublishContent, zipDeploy : Failed to use /home/runner/work/_temp/temp_web_package_045189892229569706.zip as ZipDeploy content
Error: Failed to deploy web package to App Service.
Ip Forbidden (CODE: 403)
Suggested alternative zip deploy also fails because it is outside the vnet. Unfortunately I do not have the flexibility to setup my own self-hosted github.
To deploy a function to Azure function functionapp which is configured with Private endpoints, you need add the below application settings in the function app.
WEBSITE_DNS_SERVER=168.63.129.16
WEBSITE_VNET_ROUTE_ALL=1
WEBSITE_CONTENTOVERVNET=1
To resolve the 403 forbidden error, selectEnable from selected virtual networks and IP addresses
in the Function app=>Networking
and add a rule to enable vnet access.
References:
Function App Deployment Failed - The remote server returned an error: (403) Forbidden