Thomas Thornton – Microsoft Azure MVP – GitHub Star – HashiCorp Ambassador

Microsoft Azure Blog – Microsoft MVP

Deploying a container image to Azure Container Registry using a GitHub Action with Azure CLI

on by Leave a comment

Storing your application container images in Azure Container Registry(ACR)? In this blog post, I am going to show how you can deploy a new container image to ACR automatically using a GitHub Action when there has been a merge to the main branch in GitHub

GitHub Repository Secrets

To start, we need to create two secrets, within the GitHub repository to where you are going to be running the GitHub Action for ACR, select settings -> secrets

Add 2 secrets

  • AZURE_SUBSCRIPTION_ID – Subscription ID of the Azure Subscription
  • AZURE_CREDENTIALS – in json format as below, this is the Service Principal that will be used for az login and to deploy your Bicep configuration
{
  "clientId": "XXXXXXXX",
  "clientSecret": "XXXXXXXX",
  "subscriptionId": "XXXXXXXX",
  "tenantId": "XXXXXXXX"
}

Creating GitHub Action

The folder structure, that I will be using:

thomasthorntoncloud-azurecontainerregistry-github-action
    └── .github
       └── workflows
          └── deploy-to-acr.yml
    └── asp-core-dotnet-sample-app
       └── Dockerfile
       └── Associated app files

The GitHub action will be deployed in two stages:

  • Stage 1: Create Azure Resource Group and Azure Container Registry
  • Stage 2: Add secrets for Azure Container Registry, build and push image to Azure Container Registry

Stage 1: Create Azure Resource Group and Azure Container Registry

name: 'deploy-to-acr'

on:
  push:
    branches:
    - main
  pull_request:

jobs:

  deploy-to-acr:
    name: 'deploy-to-acr'
    runs-on: ubuntu-latest
    env:
      ResourceGroupName: tamops-acr-github
      ResourceGroupLocation: "uksouth"
      AcrName: tamopsactionacr
    environment: production

    steps:

    - uses: actions/checkout@v2

    - uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
        
    - name: Az CLI Create Resource Group and ACR
      uses: Azure/CLI@v1
      with:
        inlineScript: |
          #!/bin/bash
          az group create --name ${{ env.ResourceGroupName }} --location ${{ env.ResourceGroupLocation }}
          az acr create -g ${{ env.ResourceGroupName }} -n $AcrName --sku basic --admin-enabled true

Once a successful ACR has been created, additional secrets are needed to be added to the GitHub Repository:

  • REGISTRY_LOGIN_SERVER: Login Server as below
  • REGISTRY_USERNAME: Username as below
  • REGISTRY_PASSWORD: Secret value within the ACR Access Keys

These are found, within the Access Keys settings within the ACR

Add the 3 new secrets to the GitHub repository

The additional job to be added to the GitHub Action will build and push an image to your ACR.

Notice the reference of ${{ github.sha }} ? Every time you push a change to the repository, a new image is built and pushed

    - name: 'Build and push image'
      uses: azure/docker-login@v1
      with:
        login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
        username: ${{ secrets.REGISTRY_USERNAME }}
        password: ${{ secrets.REGISTRY_PASSWORD }}
    - run: |
        docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/aspcoresample:${{ github.sha }}
        docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/aspcoresample:${{ github.sha }}

Awesome, a simple but effective GitHub Action has been created, as mentioned previously – deploy a new container image to ACR automatically when there has been a merge to the main branch. As you can see below – two different images from two merges:

Sample repository used for this blog post

Leave a Reply