How do I release an Entity Framework Core migration bundle in Azure Devops using Workload Identity Federation to authenticate to the database?

Question

The service principal has already been added to the database with the relevant permissions using CREATE USER <service principal name> FROM EXTERNAL PROVIDER WITH OBJECT_ID = <service principal objectid if there are multiple service principals with the same name>

How do I execute efbundle.exe against my database in Azure?

Answer 1

Create an Azure Powershell Task with the relevant service connection selected in the Dropdown

The format of the connection string should be as follows. It will authenticate automatically using the Service Principal of the Azure powershell task. Adjust the path to your bundle as appropriate:

$(System.DefaultWorkingDirectory)/sql-drop/efbundle.exe --connection 'Server=MyServerName,1433;Initial Catalog=MyDatabaseName;Connect Timeout=120;Authentication=Active Directory Default'

The high connect timeout is because the authentication takes some time and will fail with "task was cancelled" if it is too low.

If you are not using the --connection flag, then the migration uses the connection string from appsettings that is injected into the dbcontext. You will have to adjust that.

It is also worth mentioning that if a migration fails the Devops task will still show as succeeded. You can cater for this with the Powershell $LASTEXITCODE variable which is automatically populated.

if ($LASTEXITCODE -ne 0) {
    Write-Error "The migration bundle failed"
    exit 1  # This exits the PowerShell script with a failure code
}