This article outlines the steps you’ll need to take when configuring a job to run EF migrations via the dotnet-ef command line tool. It assumes:

  • The App service and Azure SQL database resources have already been created
  • The deployment job already exists
  • An Azure Devops service connection has already been created

It’s important to note that this method of running migrations is one of a multitude . It’s probably the least preferred method for devops operations as it requires source code.

1. Add a task to install the command line tool

The task to install the dotnet-ef command line tool looks identical to this:

- task: DotNetCoreCLI@2
    displayName: 'Install dotnet-ef'
    inputs:
      command: 'custom'
      custom: 'tool'
      arguments: 'install dotnet-ef -g --version 8.0.7'

You can find more information about the task from the documentation page

2. Grant the service connection access to the database

We’ll need the name of the service principal associated with the service connection. We can find the name by clicking through the link “Manage App registration” when viewing the details of the service connection:

Azure Resource Manager service connection

This opens a page on the Azure dev portal that displays the details of the service principal. The display name can be copied from the properties section at the top of the page.

Finally, we’ll need to run a query on the database that creates a user with the same name as the display name and grants it the required roles:

CREATE USER <service-principal-display-name> FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER <service-principal-display-name>;
ALTER ROLE db_datawriter ADD MEMBER <service-principal-display-name>;
ALTER ROLE db_ddladmin ADD MEMBER <service-principal-display-name>;
GO

The documentation provides additional context and more detail.

3. Add the migration task to the job

The migration task would look similar to the code section below:

- task: AzureCLI@2
    displayName: 'Run Migrations'
    inputs:
      azureSubscription: <service-connection>
      scriptType: 'ps'
      scriptLocation: 'inlineScript'
      inlineScript: |
        dotnet ef database update --project MigrationsProject/migrationsProject.csproj
  • For the azureSubscription field, we need to specify the name of the Azure service connection
  • The MigrationsProject specified in the task represents the project that contains the migrations to be run.

Error: Login failed for user ‘

The migration task might fail with an error that contains the message:

Login failed for user ‘

This error indicates that the Azure service connection has not been granted access to the database.