Raven_Zhang, you can retrieve the IP address of the Microsoft-hosted agent with the following line of PowerShell.
$ip = (Invoke-WebRequest -uri "http://ifconfig.me/ip").Content
Because each Azure Pipeline Job may end up on a different agent, and each agent will have a different IP address, it's important that all of the following items occur within the same Pipeline Job.
- Download build artifact
- Retrieve the IP address of the Microsoft-hosted agent
- Add the access restriction rule
- Deploy the build artifact to app service
- Remove the access restriction rule
I recommend applying the always() condition for the step that removes the access restriction rule so that if something goes wrong and the deployment fails, the access restriction rule will still be removed.