Merge pull request #293233 from MicrosoftDocs/main

1/17/2025 PM Publish

Author: Taojunshen

.openpublishing.redirection.json

@@ -53,7 +53,7 @@ In this section, you set up the GitHub Actions workflow for this scenario:
 In the following steps, create a Microsoft Entra ID service principal, which will be used to add credentials to the workflow to authenticate with Azure.
 
 > [!NOTE]
-> Configuring a service principal is shown for demonstration purposes. The recommended way to authenticate with Azure for GitHub Actions is with OpenID Connect, an authentication method that uses short-lived tokens. Setting up OpenID Connect with GitHub Actions is more complex but offers hardened security. [Learn more](../app-service/deploy-github-actions.md?tabs=openid%2Caspnetcore#1-generate-deployment-credentials)
+> Configuring a service principal is shown for demonstration purposes. The recommended way to authenticate with Azure for GitHub Actions is with OpenID Connect, an authentication method that uses short-lived tokens. Setting up OpenID Connect with GitHub Actions is more complex but offers hardened security. [Learn more](../app-service/deploy-github-actions.md?tabs=openid%2Caspnetcore#generate-deployment-credentials)
 
 Create a service principal using the [az ad sp create-for-rbac](/cli/azure/ad#az-ad-sp-create-for-rbac) command. The following example first uses the [az apic show](/cli/azure/apic#az-apic-show) command to retrieve the resource ID of the API center. The service principal is then created with the Azure API Center Service Contributor role for the API center.
 

articles/api-center/register-apis-github-actions.md

@@ -162,7 +162,7 @@ Specifically, App Service does the following operations:
 - Creates the secrets `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_SUBSCRIPTION_ID` from the federated credential in your selected GitHub repository.
 - Assigns the identity to your app.
 
-In a GitHub Actions workflow in your GitHub repository, you can then use the [Azure/login](https://github.com/Azure/login) action to authenticate with your app by using OpenID Connect. For examples, see [Add the workflow file to your GitHub repository](deploy-github-actions.md#3-add-the-workflow-file-to-your-github-repository).
+In a GitHub Actions workflow in your GitHub repository, you can then use the [Azure/login](https://github.com/Azure/login) action to authenticate with your app by using OpenID Connect. For examples, see [Add the workflow file to your GitHub repository](deploy-github-actions.md#add-the-workflow-file-to-your-github-repository).
 
 If your Azure account has the [required permissions](#why-do-i-see-the-error-you-do-not-have-sufficient-permissions-on-this-app-to-assign-role-based-access-to-a-managed-identity-and-configure-federated-credentials), App Service creates a user-assigned managed identity and configures it for you. This identity isn't shown in the **Identities** page of your app. If your Azure account doesn't have the required permissions, you must select an [existing identity with the required role](#why-do-i-see-the-error-this-identity-does-not-have-write-permissions-on-this-app-please-select-a-different-identity-or-work-with-your-admin-to-grant-the-website-contributor-role-to-your-identity-on-this-app).
 

articles/app-service/deploy-continuous-deployment.md

@@ -3,10 +3,10 @@ author: cephalin
 ms.author: cephalin
 ms.topic: include
 ms.custom: devx-track-azurecli
-ms.date: 01/22/2024
+ms.date: 01/16/2025
 ---
 
-To deploy with OpenID Connect using the managed identity you configured, use the `azure/login@v1` action with the `client-id`, `tenant-id`, and `subscription-id` keys and reference the GitHub secrets that you [created earlier](../../deploy-github-actions.md?tabs=openid#2-configure-the-github-secret).
+To deploy with OpenID Connect using the managed identity you configured, use the `azure/login@v1` action with the `client-id`, `tenant-id`, and `subscription-id` keys. Reference the GitHub secrets that you created earlier.
 
 # [ASP.NET Core](#tab/aspnetcore)
 
@@ -65,7 +65,7 @@ jobs:
 
 # [ASP.NET](#tab/aspnet)
 
-Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. The example uses GitHub secrets for the `client-id`, `tenant-id`, and `subscription-id` values. You can also pass these values directly in the login action.
+Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. The example uses GitHub secrets for the `client-id`, `tenant-id`, and `subscription-id` values. You can also pass these values directly in the sign-in action.
 
 ```yaml
 name: Deploy ASP.NET MVC App deploy to Azure Web App
@@ -122,7 +122,7 @@ jobs:
 
 # [Java SE](#tab/java)
 
-Build and deploy a Java Spring app to Azure using an Azure service principal. The example uses GitHub secrets for the `client-id`, `tenant-id`, and `subscription-id` values. You can also pass these values directly in the login action.
+Build and deploy a Java Spring app to Azure using an Azure service principal. The example uses GitHub secrets for the `client-id`, `tenant-id`, and `subscription-id` values. You can also pass these values directly in the sign-in action.
 
 ```yaml
 name: Java CI with Maven
@@ -212,7 +212,7 @@ jobs:
           package: '*.war'
 ```
 
-You can find this full example using multiple jobs for build and deploy [here](https://github.com/Azure-Samples/onlinebookstore/blob/master/.github/workflows/azure-webapps-java-war-oidc.yml) as well.
+You can find this [full example](https://github.com/Azure-Samples/onlinebookstore/blob/master/.github/workflows/azure-webapps-java-war-oidc.yml) using multiple jobs for build and deploy.
 
 # [Node.js](#tab/nodejs)
 
@@ -316,4 +316,4 @@ jobs:
         az logout
 ```
 
------
+---

articles/app-service/deploy-github-actions.md

@@ -2,10 +2,10 @@
 author: cephalin
 ms.author: cephalin
 ms.topic: include
-ms.date: 01/22/2024
+ms.date: 01/16/2025
 ---
 
-The `publish-profile` input should reference the `AZURE_WEBAPP_PUBLISH_PROFILE` GitHub secret that you [created earlier](../../deploy-github-actions.md?tabs=applevel#2-configure-the-github-secret).
+The `publish-profile` input should reference the `AZURE_WEBAPP_PUBLISH_PROFILE` GitHub secret that you created earlier.
 
 # [ASP.NET Core](#tab/aspnetcore)
 
@@ -51,8 +51,7 @@ jobs:
 
 # [ASP.NET](#tab/aspnet)
 
-Build and deploy an ASP.NET MVC app that uses NuGet and `publish-profile` for authentication. 
-
+Build and deploy an ASP.NET MVC app that uses NuGet and `publish-profile` for authentication.
 
 ```yaml
 name: Deploy ASP.NET MVC App deploy to Azure Web App
@@ -123,7 +122,7 @@ jobs:
         package: my/target/*.jar
 ```
 
-To deploy a `war` instead of a `jar`, change the `package` value. 
+To deploy a `war` instead of a `jar`, change the `package` value.
 
 
 ```yaml
@@ -179,7 +178,7 @@ jobs:
           package: '*.war'
 ```
 
-You can find this full example using multiple jobs for build and deploy [here](https://github.com/Azure-Samples/onlinebookstore/blob/master/.github/workflows/azure-webapps-java-war-publish-profile.yml) as well.
+You can find this [full example](https://github.com/Azure-Samples/onlinebookstore/blob/master/.github/workflows/azure-webapps-java-war-publish-profile.yml) using multiple jobs for build and deploy.
 
 # [Node.js](#tab/nodejs)
 

articles/app-service/includes/deploy-github-actions/deploy-github-actions-openid-connect.md

@@ -3,10 +3,10 @@ author: cephalin
 ms.author: cephalin
 ms.topic: include
 ms.custom: devx-track-azurecli
-ms.date: 01/22/2024
+ms.date: 01/16/2025
 ---
 
-To deploy with the service principal you configured, use the `azure/login@v1` action with the `creds` key and reference the `AZURE_CREDENTIALS` secret that you [created earlier](../../deploy-github-actions.md?tabs=userlevel#2-configure-the-github-secret).
+To deploy with the service principal you configured, use the `azure/login@v1` action with the `creds` key and reference the `AZURE_CREDENTIALS` secret that you created earlier.
 
 # [ASP.NET Core](#tab/aspnetcore)
 
@@ -59,7 +59,7 @@ jobs:
 
 # [ASP.NET](#tab/aspnet)
 
-Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. Note how the `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
+Build and deploy a ASP.NET MVC app to Azure using an Azure service principal. The `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
 
 ```yaml
 name: Deploy ASP.NET MVC App deploy to Azure Web App
@@ -110,7 +110,7 @@ jobs:
 
 # [Java SE](#tab/java)
 
-Build and deploy a Java Spring app to Azure using an Azure service principal. Note how the `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
+Build and deploy a Java Spring app to Azure using an Azure service principal. The `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
 
 ```yaml
 name: Java CI with Maven
@@ -148,7 +148,7 @@ jobs:
 
 # [Tomcat](#tab/tomcat)
 
-Build and deploy a Tomcat app to Azure using an Azure service principal. Note how the `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
+Build and deploy a Tomcat app to Azure using an Azure service principal. The `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
 
 ```yaml
 name: Build and deploy WAR app to Azure Web App using Service Principal Connect
@@ -193,11 +193,11 @@ jobs:
           package: '*.war'
 ```
 
-You can find this full example using multiple jobs for build and deploy [here](https://github.com/Azure-Samples/onlinebookstore/blob/master/.github/workflows/azure-webapps-java-war-service-principal.yml) as well.
+You can find this [full example](https://github.com/Azure-Samples/onlinebookstore/blob/master/.github/workflows/azure-webapps-java-war-service-principal.yml) using multiple jobs for build and deploy.
 
 # [Node.js](#tab/nodejs)
 
-Build and deploy a Node.js app to Azure using an Azure service principal. Note how the `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
+Build and deploy a Node.js app to Azure using an Azure service principal. The `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
 
 ```yaml
 name: JavaScript CI
@@ -249,7 +249,7 @@ jobs:
 
 # [Python](#tab/python)
 
-Build and deploy a Python app to Azure using an Azure service principal. Note how the `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
+Build and deploy a Python app to Azure using an Azure service principal. The `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
 
 ```yaml
 name: Python application

articles/app-service/includes/deploy-github-actions/deploy-github-actions-publish-profile.md

@@ -172,7 +172,7 @@ The following Azure CLI command uses a `--client-type` parameter.
 
 1. Grant permission to pre-created tables
 
-[!INCLUDE [Postgresql grant permission](../service-connector/includes/postgres-grant-permission.md)]
+[!INCLUDE [PostgreSQL grant permission](../service-connector/includes/postgres-grant-permission.md)]
 
 -----
 

articles/app-service/includes/deploy-github-actions/deploy-github-actions-service-principal.md

@@ -332,7 +332,7 @@ A default workflow file that uses a publish profile to authenticate to App Servi
 
 ### How do I disable basic authentication on App Service?
 
-Consider [disabling basic authentication](configure-basic-auth-disable.md), which limits access to the FTP and SCM endpoints to users that are backed by Microsoft Entra ID. If using a continuous deployment tool to deploy your application source code, disabling basic authentication requires [extra steps to configure continuous deployment](deploy-github-actions.md). For example, you can't use a publish profile since  it doesn't use Microsoft Entra credentials. Instead, you need to use either a [service principal or OpenID Connect](deploy-github-actions.md#1-generate-deployment-credentials).
+Consider [disabling basic authentication](configure-basic-auth-disable.md), which limits access to the FTP and SCM endpoints to users that are backed by Microsoft Entra ID. If using a continuous deployment tool to deploy your application source code, disabling basic authentication requires [extra steps to configure continuous deployment](deploy-github-actions.md). For example, you can't use a publish profile since  it doesn't use Microsoft Entra credentials. Instead, you need to use either a [service principal or OpenID Connect](deploy-github-actions.md#generate-deployment-credentials).
 
 To disable basic authentication for your App Service, run the following commands for each app and slot by replacing the placeholders for `<web-app-east-us>` and `<web-app-west-us>` with your app names. The first set of commands disables FTP access for the production sites and staging slots, and the second set of commands disables basic auth access to the WebDeploy port and SCM site for the production sites and staging slots.
 
@@ -387,7 +387,7 @@ To configure continuous deployment with GitHub Actions and a service principal,
 
 #### Create the GitHub Actions workflow
 
-Now that you have a service principal that can access your App Service apps, edit the default workflows that were created for your apps when you configured continuous deployment. Authentication must be done using your service principal instead of the publish profile. For sample workflows, see the "Service principal" tab in [Add the workflow file to your GitHub repository](deploy-github-actions.md?tabs=userlevel#3-add-the-workflow-file-to-your-github-repository). The following sample workflow can be used for the Node.js sample app that was provided.
+Now that you have a service principal that can access your App Service apps, edit the default workflows that were created for your apps when you configured continuous deployment. Authentication must be done using your service principal instead of the publish profile. For sample workflows, see the "Service principal" tab in [Add the workflow file to your GitHub repository](deploy-github-actions.md?tabs=userlevel#add-the-workflow-file-to-your-github-repository). The following sample workflow can be used for the Node.js sample app that was provided.
 
 1. Open your app's GitHub repository and go to the `<repo-name>/.github/workflows/` directory. You should see the autogenerated workflows.
 1. For each workflow file, select the "pencil" button in the top right to edit the file. Replace the contents with the following text, which assumes you created the GitHub secrets earlier for your credential. Update the placeholder for `<web-app-name>` under the "env" section, and then commit directly to the main branch. This commit triggers the GitHub Action to run again and deploy your code, this time using the service principal to authenticate.