Skip to main content
This guide walks you through creating a new AppSource app project using AL-Go for GitHub. AppSource apps have additional requirements compared to PTE projects, including code signing and AppSource compliance.

Prerequisites

Before you begin, ensure you have:
  • A GitHub account
  • Experience with AL-Go for GitHub (complete the PTE project setup first)
  • A valid code signing certificate (.pfx file) for AppSource submission
  • Partner Center account (for AppSource delivery)
  • Azure Key Vault (optional, for secret management)
For AppSource apps targeting Business Central versions prior to version 22, you need a license file with permissions to your objects. For version 22 and later, the CRONUS license has sufficient rights for DevOps scenarios.

Create Your Repository

1

Use the AL-Go AppSource template

Navigate to https://github.com/microsoft/AL-Go-AppSource and choose Use this template.
2

Configure repository settings

Enter a repository name (e.g., app3) and select Create Repository from template.

Add Your AppSource App Code

You have two options for adding your app code:

Option 1: Create New App

Use the Create a new app workflow to generate a new app structure, similar to the PTE project setup.

Option 2: Import Existing App

If you’re migrating from Azure DevOps or another source:
1

Prepare your source code

  1. Download your entire source code as a .zip file
  2. Upload to a secure location (Dropbox, Azure Blob Storage, etc.)
  3. Generate a secure download URL
2

Run the Add existing app workflow

  1. In your repository, go to Actions
  2. Select Add existing app or test app workflow
  3. Click Run workflow
  4. Paste the secure download URL
  5. Click Run Workflow
3

Complete the pull request

When the workflow finishes, review and merge the pull request created by the workflow.

Configure AppSource Settings

The first CI/CD build will fail with an error about missing AppSource settings. You need to configure these:
1

Set AppSource mandatory affixes

Edit .AL-Go/settings.json and add:
{
  "appSourceCopMandatoryAffixes": [ "YourPrefix" ]
}
Replace YourPrefix with the affix(es) you want to enforce for your objects.
2

Configure license file (if required)

For Business Central versions prior to 22, if your license file in Azure Key Vault has a different name than LicenseFileUrl:
{
  "licenseFileUrlSecretName": "LicenseFile"
}
This setting creates an indirection, allowing AL-Go to look for a secret with a different name than the default.

Set Up Code Signing

AppSource apps must be code-signed. AL-Go supports multiple signing methods: Configure the trustedSigning setting in .AL-Go/settings.json: 
{
  "trustedSigning": {
    "Account": "your-signing-account",
    "Endpoint": "https://weu.codesigning.azure.net",
    "CertificateProfile": "your-certificate-profile"
  }
}
Your Azure_Credentials secret needs the Trusted Signing Certificate Profile Signer role in the Trusted Signing Account.

Method 2: Certificate File (Legacy)

Create two secrets in your repository or Azure Key Vault:
  • CodeSignCertificateUrl: Secure download URL to your .pfx file
  • CodeSignCertificatePassword: Password for the .pfx file
If your secrets use different names, add indirection in .AL-Go/settings.json: 
{
  "codeSignCertificateUrlSecretName": "myCodeSignCertUrl",
  "codeSignCertificatePasswordSecretName": "myCodeSignCertPassword"
}

Method 3: Azure Key Vault Certificate

Store your certificate directly in Azure Key Vault (requires Premium SKU): 
{
  "keyVaultCodesignCertificateName": "your-certificate-name"
}

Configure AppSource Delivery

To enable automatic delivery to AppSource, configure the deliverToAppSource setting: 
{
  "deliverToAppSource": {
    "productId": "your-product-id-from-partner-center",
    "mainAppFolder": "MainApp",
    "continuousDelivery": false,
    "branches": ["main"],
    "includeDependencies": ["*.app"]
  }
}
You must create an AppSourceContext secret with Partner Center credentials. See the Secrets documentation for details.

AppSource Delivery Properties

PropertyDescriptionDefault
productIdProduct ID from Partner CenterRequired
mainAppFolderFolder containing the main app (if multiple apps)-
continuousDeliveryAuto-submit to AppSource validation on every buildfalse
branchesBranch patterns allowed to deliver["main"]
includeDependenciesDependency files to include in submission[]
When using continuousDelivery: true, the app is submitted to AppSource validation but remains in preview. You must manually press GO LIVE in Partner Center to promote to production.

Verify Your Setup

After configuring all settings:
1

Commit changes

Commit your settings changes to trigger a CI/CD build.
2

Monitor the pipeline

Check the Actions tab to verify:
  • AppSource Cop validation passes
  • Apps are signed (look for the signing step in the pipeline)
  • Build artifacts are created
3

Review build artifacts

Download the build artifacts to verify they contain signed .app files.

Next Steps

Configure Settings

Learn about AppSource-specific settings and configurations

Manage Secrets

Set up Partner Center and Azure Key Vault authentication

Register Environments

Configure sandbox environments for testing

Create Releases

Create releases and submit to AppSource

Obsolete Tag Validation

For AppSource apps, you can enforce minimum obsolete tag versions: 
{
  "obsoleteTagMinAllowedMajorMinor": "1.0"
}
This enables AppSource Cop rule AS0105, preventing objects with obsolete tags below the specified version.

Build docs developers (and LLMs) love

Get started for freeTalk to us