This action was deprecated on 2023-09-08 and will no longer receive support or updates.
This action will create an IIS website on a target Windows Server
| Parameter | Is Required | Description |
|---|---|---|
server |
true | The name of the target server |
website-name |
true | The name of the website |
app-pool-name |
true | The name of the app pool |
website-host-header |
true | The host-header the web site should respond to |
website-path |
true | The local directory location of the web site, i.e., "c:\inetpub\webapp" |
website-cert-path |
false | The private cert file path for site https binding |
website-cert-friendly-name |
false | The private cert's friendly name |
website-cert-password |
false | The private cert's file password |
app-pool-service-account-id |
false | The service account name used for the operation of the web site |
app-pool-service-account-secret |
false | The service account secret used for the operation of the web site |
deployment-service-account-id |
true | The service account id used to create the IIS site |
deployment-service-account-secret |
true | The service account secret used to create the IIS site |
The IIS site create action uses Web Services for Management, WSMan, and Windows Remote Management, WinRM, to create remote administrative sessions. Because of this, Windows Actions Runners, runs-on: [windows-2019], must be used. If the IIS server target is on a local network that is not publicly available, then specialized self-hosted runners, runs-on: [self-hosted, windows-2019], will need to be used to broker commands to the server.
Inbound secure WinRm network traffic (TCP port 5986) must be allowed from the GitHub Actions Runners virtual network so that remote sessions can be received.
Prep the remote IIS server to accept WinRM management calls. In general the IIS server needs to have a WSMan listener that looks for incoming WinRM calls. Firewall exceptions need to be added for the secure WinRM TCP ports, and non-secure firewall rules should be disabled. Here is an example script that would be run on the IIS server:
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName <<ip-address|fqdn-host-name>>
Export-Certificate -Cert $Cert -FilePath C:\temp\<<cert-name>>
Enable-PSRemoting -SkipNetworkProfileCheck -Force
# Check for HTTP listeners
dir wsman:\localhost\listener
# If HTTP Listeners exist, remove them
Get-ChildItem WSMan:\Localhost\listener | Where -Property Keys -eq "Transport=HTTP" | Remove-Item -Recurse
# If HTTPs Listeners don't exist, add one
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force
# This allows old WinRm hosts to use port 443
Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpsListener -Value true
# Make sure an HTTPs inbound rule is allowed
New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
# For security reasons, you might want to disable the firewall rule for HTTP that *Enable-PSRemoting* added:
Disable-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)"ip-addressorfqdn-host-namecan be used for theDnsNameproperty in the certificate creation. It should be the name that the actions runner will use to call to the IIS server.cert-namecan be any name. This file will used to secure the traffic between the actions runner and the IIS server
...
jobs:
create-iis-site:
runs-on: [windows-2019]
env:
server: 'iis-server.domain.com'
website-name: 'Default Website'
apo-pool-name: 'website-pool'
website-host-header: '*.defaultsite.com'
website-path: 'c:\inetpub\wwwroot'
website-cert-path: './src/site_cert.pfx'
website-cert-password: '${{ secrets.site_cert_password }}'
website-cert-friendly-name: '*.defaultsite.com'
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Create Web Site
# You may also reference the major or major.minor version
uses: im-open/iis-site-create@v3.0.3
with:
server: '${{ env.server }}'
website-name: '${{ env.website-name }}'
app-pool-name: '${{ env.app-pool-name }}'
website-host-header: '${{ env.website-host-header}}'
website-path: '${{ env.website-path }}'
website-cert-path: '${{ env.website-cert-path }}'
website-cert-password: '${{ env.website-cert-password }}'
website-cert-friendly-name: '${{ env.website-cert-friendly-name }}'
app-pool-service-account-id: '${{ env.APP_POOL_SA_ID }}'
app-pool-service-account-secret: '${{ env.APP_POOL_SA_SECRET }}'
deployment-service-account-id: '${{ secrets.DEPLOYMENT_SA_ID }}'
deployment-service-account-secret: '${{ secrets.DEPLOYMENT_SA_SECRET }}'
...When creating PRs, please review the following guidelines:
- The action code does not contain sensitive information.
- At least one of the commit messages contains the appropriate
+semver:keywords listed under Incrementing the Version for major and minor increments. - The README.md has been updated with the latest version of the action. See Updating the README.md for details.
This repo uses git-version-lite in its workflows to examine commit messages to determine whether to perform a major, minor or patch increment on merge if source code changes have been made. The following table provides the fragment that should be included in a commit message to active different increment strategies.
| Increment Type | Commit Message Fragment |
|---|---|
| major | +semver:breaking |
| major | +semver:major |
| minor | +semver:feature |
| minor | +semver:minor |
| patch | default increment type, no comment needed |
The files and directories that are considered source code are listed in the files-with-code and dirs-with-code arguments in both the build-and-review-pr and increment-version-on-merge workflows.
If a PR contains source code changes, the README.md should be updated with the latest action version. The build-and-review-pr workflow will ensure these steps are performed when they are required. The workflow will provide instructions for completing these steps if the PR Author does not initially complete them.
If a PR consists solely of non-source code changes like changes to the README.md or workflows under ./.github/workflows, version updates do not need to be performed.
If changes are made to the action's source code, the usage examples section of this file should be updated with the next version of the action. Each instance of this action should be updated. This helps users know what the latest tag is without having to navigate to the Tags page of the repository. See Incrementing the Version for details on how to determine what the next version will be or consult the first workflow run for the PR which will also calculate the next version.
This project has adopted the im-open's Code of Conduct.
Copyright © 2023, Extend Health, LLC. Code released under the MIT license.