Originally posted in Finnish at Sulava blog
The excellence of Microsoft’s Power Platform is that it can be used to quickly make applications, workflows and other technological gadgets directly into production. Any user can click a tool that saves them hours in minutes. If the tools start to be business-critical, then their development life cycle must be carried out according to the development-test-production principle, because a faulty change to production causes a break in the business and a risk to the organization’s operation.
Why is installation automation needed?
Applications can be made in a small format directly for production, but the right way is to build them in a development environment, from where they are transferred to a test or UAT environment for testing. Finally, the approved application is moved to production, i.e. where the software is available to real users. If the installation is performed by a human and the various stages of the installation are not automated, human error may occur. The role of posture automation is to facilitate the process and prevent errors.
Microsoft offers really versatile and easy installation automation through the Azure DevOps tool, but what other technology is used to make installation automation, i.e. CI/CD pipelines?
Integration
I have built between the two systems with Logic Apps, because it was possible to guarantee a secure authorization between Azure and Power Platform. Permitting takes place with Claims, in which case a separate subnet is not needed, but the calling Azure Function Managed Application id is recognized, which can be used to accept the call. Logic App writes data to Dataverse, which is then used by the Power Apps application we make.
Installation automation
The task was to build a pipeline with GitHub’s Actions and go back in time to the yml era. An additional challenge was to create a Dataverse connector using an ARM template, because everything has to be uploaded to Azure because of the pipeline. Finally, Azure Active Directory Authorization Policies must be set for Logic Apps for authorization of the other party.
Tasks to create installation automation
1. Create a Repository on GitHub
Often, the customer wants the source codes and automations of the application for their own version control, in which case, as a supplier, this should be requested from the customer’s IT department. When creating the repository, you should also create the installation credentials at the same time and assign them to the right Azure resource group, so that there are no access rights problems when running the pipeline.
Be careful about the Issuer writing format, because even one extra slash at the end causes an error in the pipeline.
2. Take out the template from Logic Apps
Go to the Logic Apps you developed in the dev resource group and select “Export Template” on the left and then “Download”. Extract the zip package and open the folder ready, you will have template.json and parameters.json.
3. Create an application registration and authorize the service principal in Dataverse
You can see more detailed instructions Authenticate Dataverse connector using Service Principal in a Power Automate Flow | D365 Demystified
It is recommended to use service principal instead of service user. You cannot log in with Service principal and it must be authorized to the desired Dataverse.
Create a KeyVault in the resource groups in Azure and add the Secret of the created Application Registration there, for example, with the name solution-integration-serviceprincipal-test. Capture the generated appid for the next step.
The following article describes how you parameterize the Logic Apps ARM template, create a CI/CD pipeline in yml, and authorize another Azure resource to call Logic Apps.