Part 6 Conceptual Complete

Part 6: Automating the Climb — Azure DevOps & Deployment

Marcus faces his final challenge—automate everything. We build a complete CI/CD pipeline using GitHub Actions, implement Infrastructure as Code with Bicep, set up monitoring with Application Insights, and establish production-ready deployment practices including blue-green and canary deployments.

March 6, 2025 3 min read

Part 6: Automating the Climb — Azure DevOps & Deployment

Establishing Production-Ready Operations

The Final Challenge

Week eight. CloudVault is running smoothly, but Marcus realizes they’re still deploying manually. Every deployment is a manual process, error-prone and slow.

“We need to automate this,” he tells the team. “CI/CD pipelines, Infrastructure as Code, monitoring—everything needs to be automated.”

GitHub Actions CI/CD

GitHub Actions automates your build, test, and deployment pipeline.

Setting Up a Pipeline

Create .github/workflows/deploy.yml:

name: Deploy to Azure

on:
  push:
    branches: [ main ]

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Set up JDK 17
      uses: actions/setup-java@v3
      with:
        java-version: '17'
        distribution: 'temurin'
    - name: Build with Maven
      run: mvn clean package -DskipTests
    - name: Run tests
      run: mvn test
    - name: Login to Azure
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    - name: Deploy to App Service
      uses: azure/webapps-deploy@v2
      with:
        app-name: api-cloudvault-prod
        package: target/account-api.jar

Infrastructure as Code with Bicep

Define your infrastructure in code:

param location string = 'eastus'
param environment string = 'prod'

resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
  name: 'plan-cloudvault-${environment}'
  location: location
  sku: {
    name: 'B2'
    capacity: 2
  }
  kind: 'linux'
}

resource webApp 'Microsoft.Web/sites@2021-02-01' = {
  name: 'api-cloudvault-${environment}'
  location: location
  properties: {
    serverFarmId: appServicePlan.id
    httpsOnly: true
  }
}

Application Insights Monitoring

Application Insights monitors your application’s health and performance.

Setting Up Monitoring

az monitor app-insights component create \
  --resource-group rg-cloudvault-prod \
  --app cloudvault-insights \
  --location eastus

Creating Alerts

az monitor metrics alert create \
  --resource-group rg-cloudvault-prod \
  --name "High Error Rate" \
  --condition "avg FailedRequestsPercentage > 5" \
  --window-size 5m \
  --evaluation-frequency 1m

Blue-Green Deployments

Run two identical environments and switch traffic between them.

Implementation with Traffic Manager

resource trafficManager 'Microsoft.Network/trafficManagerProfiles@2021-06-01' = {
  name: 'tm-cloudvault'
  location: 'global'
  properties: {
    profileStatus: 'Enabled'
    trafficRoutingMethod: 'Weighted'
    endpoints: [
      {
        name: 'blue-endpoint'
        properties: {
          targetResourceId: blueWebApp.id
          weight: 100
        }
      }
      {
        name: 'green-endpoint'
        properties: {
          targetResourceId: greenWebApp.id
          weight: 0
        }
      }
    ]
  }
}

Canary Deployments

Gradually shift traffic to the new version:

- name: Deploy to Canary (10% traffic)
  run: |
    az webapp traffic-routing set \
      --resource-group rg-cloudvault-prod \
      --name api-cloudvault-prod \
      --distribution green=10 blue=90

- name: Promote to Production (100% traffic)
  run: |
    az webapp traffic-routing set \
      --resource-group rg-cloudvault-prod \
      --name api-cloudvault-prod \
      --distribution green=100 blue=0

Disaster Recovery

Plan for failures:

# Enable automatic backups
az sql db backup-short-term-retention-policy update \
  --resource-group rg-cloudvault-prod \
  --server sqlserver-cloudvault \
  --database cloudvault_db \
  --retention-days 35

# Enable geo-replication
az sql db replica create \
  --resource-group rg-cloudvault-prod \
  --server sqlserver-cloudvault \
  --database cloudvault_db \
  --partner-server sqlserver-cloudvault-dr

Marcus’s DevOps Architecture

After implementing automation, Marcus has:

GitHub Actions — Automated build, test, deploy
Bicep — Infrastructure as Code
Application Insights — Monitoring and alerting
Blue-Green deployments — Zero-downtime updates
Canary deployments — Gradual rollouts
Disaster recovery — Backups and failover

Key Takeaways

CI/CD pipelines automate build, test, and deployment
Infrastructure as Code makes infrastructure reproducible
Application Insights provides visibility into production
Blue-Green deployments enable zero-downtime updates
Canary deployments catch issues before full rollout
Disaster recovery is non-negotiable for production

The Summit

You’ve completed the Azure Ascent series. You now understand:

How Azure organizes resources
When to use different compute services
How to design data architectures
How to build secure networks
How to integrate AI capabilities
How to automate operations

The summit awaits. Keep climbing.

This is Part 6 of a 6-part series: “The Azure Ascent: A Backend Engineer’s Journey to Cloud Mastery.”

Series Progress 7/7 parts

0 The Azure Ascent: A Backend Engineer's Journey to Cloud Mastery Complete 1 Part 1: The Summit Awaits — Azure Fundamentals & Core Concepts Complete 2 Part 2: Building the Engine — Azure Compute Services Complete 3 Part 3: Storing the Treasures — Azure Data & Storage Services Complete 4 Part 4: Connecting the Dots — Azure Networking & Security Complete 5 Part 5: The Intelligent Layer — Azure AI & Machine Learning Complete 6 Part 6: Automating the Climb — Azure DevOps & Deployment Complete