Skip to content


The Benefits app is currently deployed into a Microsoft Azure account provided by California Department of Technology (CDT)’s Office of Enterprise Technology (OET), a.k.a. the “DevSecOps” team. More specifically, it uses custom containers on Azure App Service. More about the infrastructure.

Deployment process

The Django application gets built into a Docker image with NGINX and Gunicorn. SQLite is used within that same container to store configuration data; there is no external database.

The application is deployed to an Azure Web App Container using three separate environments for dev, test, and prod.

The Deploy workflow is responsible for building that branch’s image and pushing to GitHub Container Registry (GHCR). It also deploys to the Azure Web App, telling Azure to restart the app and pull the latest image.

You can view what Git commit is deployed for a given environment by visitng the URL path /static/sha.txt.


Sensitive configuration settings are maintained as Application Configuration variables in Azure, referencing Azure Key Vault secrets. Other non-sensitive configuration is maintained directly in the configuration database via the Django Admin.

Docker images

Docker images for each of the deploy branches are available from GitHub Container Registry (GHCR):