Azure Container Apps GitHub action
- Build from a Dockerfile and deploy to Container Apps
- Build from source code without a Dockerfile and deploy to Container Apps. Supported languages include .NET, Node.js, PHP, Python, and Ruby
- Deploy an existing container image to Container Apps
Usage examples
Here are some common scenarios for using the action. For more information, see the action's GitHub Marketplace page.
Build and deploy to Container Apps
steps:- name: Log in to Azureuses: azure/login@v1with:creds: ${{ secrets.AZURE_CREDENTIALS }}- name: Build and deploy Container Appuses: azure/container-apps-deploy-action@v0with:appSourcePath: ${{ github.workspace }}/srcacrName: myregistrycontainerAppName: my-container-appresourceGroup: my-rg
The action uses the Dockerfile in appSourcePath to build the container image. If no Dockerfile is found, the action attempts to build the container image from source code in appSourcePath.
Deploy an existing container image to Container Apps
The following snippet shows how to deploy an existing container image to Container Apps.
steps:
- name: Log in to Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Build and deploy Container App
uses: azure/container-apps-deploy-action@v0
with:
acrName: myregistry
containerAppName: my-container-app
resourceGroup: my-rg
imageToDeploy: myregistry.azurecr.io/app:${{ github.sha }}
Authenticate with Azure Container Registry
The Azure Container Apps action needs to authenticate with your Azure Container Registry to push the container image. The container app also needs to authenticate with your Azure Container Registry to pull the container image.
To push images, the action automatically authenticates with the container registry specified in acrName using the credentials provided to the azure/login action.
To pull images, Azure Container Apps uses either managed identity (recommended) or admin credentials to authenticate with the Azure Container Registry. To use managed identity, the container app the action is deploying must be configured to use managed identity. To authenticate with the registry's admin credentials, set the action's acrUsername and acrPassword inputs.
Configuration
You take the following steps to configure a GitHub Actions workflow to deploy to Azure Container Apps.
- Create a GitHub repository for your app
- Create a container app with managed identity enabled
- Assign the AcrPull role for the Azure Container Registry to the container app's managed identity
- Configure secrets in your GitHub repository
- Create a GitHub Actions workflow
Create a GitHub repository and clone source code
az login
az extension add --name containerapp --upgrade
If you do not have your own GitHub repository, create one from a sample.
Navigate to the following location to create a new repository:
https://github.com/Azure-Samples/containerapps-albumapi-csharp/generate
Name your repository my-container-app.
Clone the repository to your local machine.
git clone https://github.com/<YOUR_GITHUB_ACCOUNT_NAME>/my-container-app.git
Create a container app with managed identity enabled
Create your container app using the az containerapp up command in the following steps. This command will create Azure resources, build the container image, store the image in a registry, and deploy to a container app.
After you create your app, you can add a managed identity to the app and assign the identity the AcrPull role to allow the identity to pull images from the registry.
Change into the src folder of the cloned repository.
cd my-container-app
cd src
Create Azure resources and deploy a container app with the az containerapp up command.
az containerapp up \
--name my-container-app \
--source . \
--ingress external
In the command output, note the name of the Azure Container Registry.
Get the full resource ID of the container registry.
az acr show --name <ACR_NAME> --query id --output tsv
Replace <ACR_NAME> with the name of your registry.
Enable managed identity for the container app.
az containerapp identity assign \
--name my-container-app \
--resource-group my-container-app-rg \
--system-assigned \
--output tsv
Note the principal ID of the managed identity in the command output.
Assign the AcrPull role for the Azure Container Registry to the container app's managed identity.
az role assignment create \
--assignee <MANAGED_IDENTITY_PRINCIPAL_ID> \
--role AcrPull \
--scope <ACR_RESOURCE_ID>
Replace <MANAGED_IDENTITY_PRINCIPAL_ID> with the principal ID of the managed identity and <ACR_RESOURCE_ID> with the resource ID of the Azure Container Registry.
Configure the container app to use the managed identity to pull images from the Azure Container Registry.
az containerapp registry set \
--name my-container-app \
--resource-group my-container-app-rg \
--server <ACR_NAME>.azurecr.io \
--identity system
Replace <ACR_NAME> with the name of your Azure Container Registry.
Configure secrets in your GitHub repository
The GitHub workflow requires a secret named AZURE_CREDENTIALS to authenticate with Azure. The secret contains the credentials for a service principal with the Contributor role on the resource group containing the container app and container registry.
Create a service principal with the Contributor role on the resource group that contains the container app and container registry.
az ad sp create-for-rbac \
--name my-container-app \
--role contributor \
--scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/my-container-app-rg \
--sdk-auth \
--output json
Replace <SUBSCRIPTION_ID> with the ID of your Azure subscription. If your container registry is in a different resource group, specify both resource groups in the --scopes parameter.
Copy the JSON output from the command.
In the GitHub repository, navigate to Settings > Secrets > Actions and select New repository secret.
Enter AZURE_CREDENTIALS as the name and paste the contents of the JSON output as the value.
Select Add secret.
Create a GitHub Actions workflow
In the GitHub repository, navigate to Actions and select New workflow.
Select Set up a workflow yourself.
Paste the following YAML into the editor.
name: Azure Container Apps Deploy
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Log in to Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Build and deploy Container App
uses: azure/container-apps-deploy-action@v0
with:
appSourcePath: ${{ github.workspace }}/src
acrName: <ACR_NAME>
containerAppName: my-container-app
resourceGroup: my-container-app-rg
Replace <ACR_NAME> with the name of your Azure Container Registry. Confirm that the branch name under branches and values for appSourcePath, containerAppName, and resourceGroup match the values for your repository and Azure resources.
Commit the changes to the main branch.
A GitHub Actions workflow run should start to build and deploy your container app. To check its progress, navigate to Actions.
To deploy a new revision of your app, push a new commit to the main branch.
Thanks, Happy Coding 👀👍
Reference
Publish revisions with GitHub Actions in Azure Container Apps | Microsoft Learn