Part 6: Deploying Java App to Azure App Service

Charan Thirumalla included in DevSecOps CI/CD Azure

2025-04-19 429 words 3 minutes

Contents

☁️ Now That Infra Is Ready…

You’ve built infrastructure using Terraform.
Now let’s put it to use — by deploying your actual Java application onto Azure App Service.

This is where we connect the dots between infra and app deployment.

🧾 Prerequisites

Make sure:

- Your Java app is packaged as a .jar or .war
- Terraform has already created the App Service + App Service Plan
- Your code repo has a working build (e.g., mvn package)
- The app artifact gets generated into target/ directory

⚙️ Step-by-Step: Deploy Java to Azure App Service

Here’s how we’ll do it:

1. Build the Java app (mvn package)
1. Deploy the .jar or .war file to Azure App Service
1. Test the live endpoint

🛠 Add App Deployment Stage in Azure DevOps Pipeline

        
        
        
    
- stage: AppDeploy
  displayName: 'Deploy Java App to Azure App Service'
  dependsOn: TerraformApply
  jobs:
    - job: deployApp
      displayName: 'Deploy App'
      pool:
        vmImage: 'ubuntu-latest'
      steps:
        - checkout: self

        - task: Maven@3
          displayName: 'Build Java App'
          inputs:
            mavenPomFile: 'pom.xml'
            goals: 'package'
            publishJUnitResults: true
            javaHomeOption: 'JDKVersion'
            jdkVersionOption: '1.11'
            mavenVersionOption: 'Default'
            mavenAuthenticateFeed: false

        - task: AzureWebApp@1
          displayName: 'Deploy to Azure App Service'
          inputs:
            azureSubscription: 'YourServiceConnectionName'
            appName: 'your-app-service-name'
            package: '$(System.DefaultWorkingDirectory)/target/*.jar'

✅ What This Does

- Uses the Maven task to compile and package your Java app
- Deploys the output .jar directly to the App Service created by Terraform
- All automated from your CI/CD pipeline

🔄 Alternate Flow (If Using .war or Docker)

If you’re deploying a .war to Tomcat or a Docker container, change the package path accordingly, or use a container deployment task.

🧪 How to Test the Deployment

Once the pipeline completes, go to:

https://<your-app-service-name>.azurewebsites.net

You should see your app running!

You can also hit health check endpoints, login pages, or other known routes.

🧠 Best Practices

- Enable App Insights for monitoring
- Add readiness/liveness probes
- Add deployment slots (dev, staging, prod)
- Enable logging from Azure portal
- Use Azure Key Vault for secrets and app settings

🔐 Security Touches

- Limit public access to only required ports
- Use managed identities for accessing other Azure services
- Store sensitive config in App Settings or Key Vault, not in code
- Add pipeline approvals before deploying to production

✅ Recap

You’ve now:

- Built infra with Terraform
- Scanned everything with Snyk, SonarQube, and Checkov
- Deployed your Java app onto that secure, cloud-native platform

⏭️ Final Step Coming Soon…

We’ve got:

✅ Secure code
✅ Secure infra
✅ Automated deployment

Now in Part 7, we’ll run a DAST scan (Dynamic Application Security Testing) on the live app using OWASP ZAP, to make sure it’s not vulnerable in production.

👉 Continue to Part 7 – DAST Scan