Azure Functions Core Tools "publish ... 401 Unauthorized" in CI
func publish uploads the package to the Kudu/SCM endpoint of the function app, which requires authentication. A 401 means no valid login session or publish credential was available when the upload ran.
What this error means
func azure functionapp publish fails with "Error: Status: 401 Unauthorized" or "Unauthorized" when pushing the zip to the SCM endpoint.
Getting site publishing info...
Creating archive for current directory...
Uploading ...
Error: Status: 401 Unauthorized.Common causes
No Azure login session for Core Tools
func relies on an active az login (or publish credentials). Without a valid session, the SCM upload is rejected with 401.
Basic auth (SCM credentials) is disabled
If basic authentication is turned off on the function app, password-based publish fails and an identity-based login is required.
How to fix it
Log in before publishing
- Run azure/login (or az login with a service principal) before func.
- Then run func publish so it inherits the session.
- Confirm the upload succeeds.
az login --service-principal -u "$AZURE_CLIENT_ID" \
-p "$AZURE_CLIENT_SECRET" --tenant "$AZURE_TENANT_ID"
func azure functionapp publish my-func-appUse the functions-action with a publish profile
If basic auth is enabled, deploy with the official action and a publish-profile secret instead.
- uses: Azure/functions-action@v1
with:
app-name: my-func-app
publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }}How to prevent it
- Authenticate (az login or publish profile) before any func publish.
- Know whether basic auth is enabled; if not, use identity-based deploy.
- Keep publish credentials in CI secrets and rotate them.