Azure Container Repositories
Using Azure CLI (Bash)
Run this script in the Azure CLI using Bash. Replace the values in the script with your own.
ACR_NAME=<name of container registry> # Alpha-numeric characters only, between 5 and 50 characters
LOCATION=<location> # Examples: eastus, westus2, northcentralus
az group create --name $ACR_NAME --location $LOCATION
az acr create --resource-group $ACR_NAME --name $ACR_NAME --sku Standard --admin-enabled true
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query "id" --output tsv)
PASSWORD=$(az ad sp create-for-rbac --name $ACR_NAME --scopes $ACR_REGISTRY_ID --role acrpush --query "password" --output tsv)
USER_NAME=$(az ad sp list --display-name $ACR_NAME --query "[].appId" --output tsv)
LOGIN_SERVER=$(az acr show --name $ACR_NAME --query "loginServer" --output tsv)
echo "ACR_LOGIN_SERVER: $LOGIN_SERVER"
echo "AZURE_CLIENT_ID: $USER_NAME"
echo "AZURE_CLIENT_SECRET: $PASSWORD"
Copy the ACR_LOGIN_SERVER, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET to use in a later step.
Using Azure portal
Create a container registry
- In your Azure account, search for and click on container registries
- Click Create
- On the create screen, complete the required fields:
- Click Create new under resource group to create a new resource group
- Enter a name for your container registry
- Select a location
- Select a SKU (Standard is used for most scenarios)
- Click Review + create and Create
- In the Overview tab of the container registry, copy and save the
Login servervalue for later use - Select the Access keys tab of the container registry, and enable the
Admin useroption
Create the Azure service principal
- In your Azure account, search for and click on Subscriptions
- Copy the Subscription ID and save for later use
- Search for and click on Azure Active Directory
- Select App registrations tab
- Select New registration
- Name your application and click Register
- Select Certificates & secrets tab
- Click New client secret
- Name your client secret and click Add
- Copy the
Valueof the secret and save for later use (this will be the only time the secret will be displayed) - Select Overview tab to copy and save the
Application (client) IDfor later use
Create role assignment for service principal
- Search for and open the resource group of your Azure Container Registry
- Select Access control (IAM)
- Click + Add and Add role assignment
- Select Contributor and click Next
- Click Select members and search for the service principal you created earlier, select it and click Select
- Click Review + assign
Pushing container registry to GitHub actions
Create GitHub secrets
- Open your GitHub repository and click Settings
- Click Secrets and then New Secret
- Create 3 secrets for the following using values saved from previous steps:
- Secret 1
- Name:
ACR_LOGIN_SERVER - Value: Paste login server value here
- Name:
- Secret 2
- Name:
AZURE_CLIENT_ID - Value: Paste Azure client ID here
- Name:
- Secret 3
- Name:
AZURE_CLIENT_SECRET - Value: Paste Azure client secret value here
- Name:
Create Docker file
Linux
Save file in .github/workflows/docker-push.yaml. If you use another branch besides main, make sure to replace it below.
name: Push Docker Image to Azure Container Registry
on:
push:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Login to the Container Registry
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.ACR_LOGIN_SERVER }}
username: ${{ secrets.AZURE_CLIENT_ID }}
password: ${{ secrets.AZURE_CLIENT_SECRET }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
flavor: |
latest=true
images: ${{ secrets.ACR_LOGIN_SERVER }}/${{ github.repository }}
tags: |
type=ref,event=branch
type=sha
- name: Build and push
id: docker-build
uses: docker/build-push-action@v2
with:
file: Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}