[SOLVED] GitHub Action - Deploy Python to Azure Function

GitHub Action - Deploy Python to Azure Function - import azure.identity not working

Problem I'm trying to deploy a Python Azure Function using GitHub Actions, but the deployment fails silently when my code includes azure-identity. The function works perfectly when deployed through VS Code, but not through GitHub Actions.

Environment Python 3.11 Azure Functions (Consumption Plan) GitHub Actions for deployment

Code: function_app.py:

import azure.functions as func
import logging
from azure.identity import DefaultAzureCredential
import json

app = func.FunctionApp(http_auth_level=func.AuthLevel.FUNCTION)

@app.route(route="fa_adtest_frontend_trigger")
def fa_adtest_frontend_trigger(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')
    # When this import is removed, deployment works fine
    credential = DefaultAzureCredential()
    # Rest of the function code

Requirements.txt

azure-functions
cryptography
azure-identity
azure-core
msal
requests
setuptools-rust

Github Actions Workflow:

name: Deploy Python project to Azure Function App

env:
  AZURE_FUNCTIONAPP_NAME: 'fa-apim-auth-frontend-001'
  AZURE_FUNCTIONAPP_PACKAGE_PATH: 'src/function-apps/frontend'
  PYTHON_VERSION: '3.11'

jobs:
  deploy-function:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-python@v4
      with:
        python-version: ${{ env.PYTHON_VERSION }}

    - name: 'Install Python Dependencies'
      working-directory: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
      run: |
        python -m pip install --upgrade pip wheel setuptools
        mkdir -p .python_packages/lib/site-packages
        pip install -r requirements.txt --target=".python_packages/lib/site-packages"

    - name: 'Login via Azure CLI'
      uses: azure/login@v1
      with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

    - name: 'Deploy Function'
      uses: Azure/functions-action@v1
      with:
        app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
        package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
        scm-do-build-during-deployment: true

Symptoms

Function deploys and works when azure-identity import is removed
When azure-identity is included, function doesn't appear in Azure portal after deployment
No explicit errors in GitHub Actions logs
Works fine when deployed through VS Code

I have also tried updating my .py file with the following:

try:
    import azure.identity
    logging.info("Successfully imported azure.identity")
except Exception as e:
    logging.error(f"Failed to import azure.identity: {str(e)}")

When I run this I get the following error:

2025-04-08T09:51:30Z   [Error]   Failed to import azure.identity: cannot import name 'x509' from 'cryptography.hazmat.bindings._rust' (unknown location)

Folder Structure:

Solution

For whatever reason this is the only thing that resolved my problem; replacing the Azure/functions-action@v1 task with a pwsh task below, ie:

- name: 'Package and Deploy Function'  
  shell: pwsh  
  run: |  
    \# Create deployment zip  
    Compress-Archive -Path "${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}\\\*" -DestinationPath "function.zip" -Force  
      
    \# Deploy using az cli  
    az functionapp deployment source config-zip \`  
      --resource-group my-rg \`  
      --name ${{ env.AZURE_FUNCTIONAPP_NAME }} \`  
      --src function.zip \`  
      --build-remote true