Skip to main content
Production environments in AL-Go for GitHub are configured for manual deployment to ensure controlled releases to live Business Central environments. Unlike sandbox environments, production deployments are triggered manually through the Publish To Environment workflow.

Prerequisites

Before registering a production environment, ensure you have:
  • A completed “Create a release” scenario
  • An online Business Central production environment
  • S2S authentication configured using the same Microsoft Entra app registration as your sandbox environments (setup guide)
  • GitHub Pro, GitHub Team, or GitHub Enterprise (for environment secrets in private repositories)
Production environments are excluded from automatic CI/CD deployments. They must be deployed to manually using the Publish To Environment workflow to prevent accidental deployments to live systems.

Production Environment Setup

1

Create Production Environment in GitHub

Configure your production environment with the special naming convention:
  1. Navigate to your repository Settings
  2. Select Environments
  3. Click New Environment
  4. Enter the environment name with the (Production) suffix:
    • Format: <EnvironmentName> (Production)
    • Example: MYPROD (Production)
  5. Click Configure environment
The (Production) tag is critical. AL-Go uses this suffix to identify production environments and automatically filters them out during the CI/CD Analyze phase, preventing automatic deployments.
2

Configure Authentication Secret

Set up the authentication secret for your production environment:
  1. Under Environment secrets, click Add environment secret
  2. Set the secret name to AUTHCONTEXT
  3. Enter the compressed JSON with your S2S credentials:
{"TenantID":"<TenantID>","ClientID":"<ClientID>","ClientSecret":"<ClientSecret>"}
Security considerations for production:
  • Use a dedicated service principal for production deployments
  • Implement the principle of least privilege
  • Enable MFA for accounts that can modify environment secrets
  • Regularly rotate production credentials
  • Consider using Azure Key Vault for enhanced security
Ensure the JSON is compressed (single line) with no newline characters. Multi-line JSON will cause authentication to fail.
3

Deploy to Production

Manually trigger a production deployment:
  1. Navigate to Actions in your repository
  2. Select the Publish To Environment workflow
  3. Click Run workflow
  4. Configure the deployment:
    • App version: Leave as current (deploys the latest release)
    • Environment to receive the new version: Enter MYPROD (Production) or use *
  5. Click Run workflow
The default current version refers to the latest released bits. This ensures only tested, approved releases are deployed to production. Use latest only if you need to deploy unreleased builds (not recommended for production).
4

Verify Production Deployment

After the workflow completes:
  1. Review the workflow logs to confirm successful deployment
  2. Verify the deployment targeted only the production environment
  3. Check the Business Central environment to confirm the app is installed
  4. Perform smoke tests to validate core functionality
  5. Monitor for any deployment-related issues

Production Environment Configuration

Environment Name Mapping

If your Business Central environment name contains spaces or special characters, use the DeployTo setting to map the GitHub environment name to your BC environment name: 
{
  "DeployToMYPROD": {
    "EnvironmentName": "MY PROD Environment"
  }
}

Multiple Production Environments

For organizations with multiple production tenants or regions: 
{
  "environments": [
    "PROD-US (Production)",
    "PROD-EU (Production)",
    "PROD-ASIA (Production)"
  ],
  "DeployToPROD-US": {
    "EnvironmentName": "Production US",
    "Branches": ["main"]
  },
  "DeployToPROD-EU": {
    "EnvironmentName": "Production EU",
    "Branches": ["main"]
  },
  "DeployToPROD-ASIA": {
    "EnvironmentName": "Production ASIA",
    "Branches": ["main"]
  }
}

Branch Protection

Restrict production deployments to specific branches: 
{
  "DeployToMYPROD": {
    "EnvironmentName": "MYPROD",
    "Branches": ["main", "hotfix/*"]
  }
}

Deployment Strategies

Deploy only tagged releases to production:
1

Create a Release

Use the Create Release workflow to create a versioned release:
  • Semantic versioning (e.g., v1.2.3)
  • Release notes documenting changes
  • Tested and approved artifacts
2

Deploy Release to Production

Use the Publish To Environment workflow:
  • Set app version to current
  • Target your production environment
  • Verify deployment logs
3

Tag Production Deployment

Create a Git tag marking the production deployment:
git tag -a prod-v1.2.3 -m "Production deployment of v1.2.3"
git push origin prod-v1.2.3

Staged Rollout

Deploy to production environments in stages:
  1. Pilot Environment: Deploy to a subset of users
  2. Monitor: Track performance and error rates
  3. Full Production: Roll out to all users
{
  "environments": [
    "PROD-PILOT (Production)",
    "PROD-FULL (Production)"
  ]
}

Blue-Green Deployment

Maintain two production environments for zero-downtime deployments: 
{
  "environments": [
    "PROD-BLUE (Production)",
    "PROD-GREEN (Production)"
  ]
}

Security Best Practices

Access Control

Environment Protection Rules:
  • Require manual approval for deployments
  • Limit environment access to production team
  • Enable deployment branch restrictions
  • Use GitHub environment reviewers
Example configuration:
  • Required reviewers: 2 team members
  • Wait timer: 5 minutes
  • Deployment branches: main only

Credential Management

Secret Security:
  • Use dedicated service principals
  • Implement secret rotation policies
  • Store secrets in Azure Key Vault
  • Monitor secret access and usage
Rotation schedule:
  • Client secrets: Every 90 days
  • Service principal review: Quarterly
  • Access audit: Monthly

Audit Logging

Track Production Changes:
  • Enable GitHub Actions logging
  • Archive deployment logs
  • Implement change tracking
  • Monitor API access
Retention policies:
  • Workflow logs: 90 days minimum
  • Deployment records: 1 year
  • Audit trails: Compliance requirements

Compliance

Regulatory Requirements:
  • Document deployment procedures
  • Maintain change control records
  • Implement approval workflows
  • Regular security audits
Standards:
  • SOC 2 compliance
  • ISO 27001 requirements
  • Industry-specific regulations

Rollback Procedures

Prepare for production issues with rollback capabilities:

Quick Rollback

Deploy the previous release version:
1

Identify Previous Version

Check your release history for the last stable version.
2

Run Publish Workflow

Execute Publish To Environment workflow:
  • App version: Specify previous version tag
  • Environment: Production environment name
3

Verify Rollback

Confirm the previous version is deployed and functional.

Emergency Rollback

For critical issues:
  1. Immediate: Use Business Central admin center to uninstall/reinstall
  2. Notification: Alert stakeholders of the rollback
  3. Investigation: Analyze the issue causing the rollback
  4. Fix: Address the problem in a hotfix branch
  5. Redeploy: Deploy the fixed version after testing

Monitoring and Alerting

Deployment Monitoring

Track production deployment health:
  • Workflow Status: Monitor GitHub Actions for failures
  • Application Health: Use Application Insights or BC telemetry
  • Error Rates: Track exceptions and errors post-deployment
  • Performance: Monitor response times and resource usage

Notification Setup

Configure alerts for production deployments: 
{
  "notifications": {
    "production_deployment": {
      "channels": ["email", "slack", "teams"],
      "recipients": ["[email protected]"]
    }
  }
}

Troubleshooting

Accidental CI/CD Deployment

Problem: Production environment receives automatic deploymentsSolution:
  • Verify environment name includes (Production) suffix
  • Check for typos in the environment name
  • Review AL-Go settings for environment configuration
  • Ensure the environment is properly tagged

Version Mismatch

Problem: Wrong app version deployed to productionSolution:
  • Always use current for production (latest release)
  • Verify release was created before deployment
  • Check artifact availability
  • Review release tags and versions

Permission Denied

Problem: Deployment fails with authorization errorsSolution:
  • Verify service principal has deployment permissions
  • Check client secret hasn’t expired
  • Confirm API permissions in Microsoft Entra
  • Review Business Central environment permissions

Deployment Timeout

Problem: Production deployment exceeds time limitsSolution:
  • Check Business Central environment capacity
  • Verify network connectivity
  • Review app size and complexity
  • Consider deploying during maintenance windows

Next Steps

Sandbox Environment

Configure sandbox environments for continuous deployment

Continuous Deployment

Learn about automated deployment strategies

Create Release

Create versioned releases for production deployment

Delivery Targets

Set up package delivery to NuGet feeds

Build docs developers (and LLMs) love

Get started for freeTalk to us