GitHub Actions provides the flexibility to build automated workflows for the software development lifecycle.
GitHub Actions can be used to automate the workflow of deploying to Azure Container App.
Let's get started today with a free Azure account!
This repository contains to deploy to Azure Container App. It supports deploying your container image to an Azure Container App.
This repository contains the GitHub Action for Deploying to Azure Container App.
The definition of this GitHub Action is in action.yml.
- Azure Login Login with your Azure Credentials for Authentication. Once login is done, the next set of Azure Actions in the workflow can re-use the same session within the job.
For using any credentials like Azure Service Principal in your workflow, add them as secrets in the GitHub Repository and then refer them in the workflow.
- Download Azure CLI from here, run
az loginto login with your Azure Credentials. - Run Azure CLI command to create an Azure Service Principal for RBAC:
az ad sp create-for-rbac --name "myApp" --role contributor \
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
--sdk-auth
# Replace {subscription-id}, {resource-group} with the subscription, resource group details of the WebApp
# The command should output a JSON object similar to this:
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)
}* You can further scope down the Azure Credentials to the Web App using scope attribute. For example,
az ad sp create-for-rbac --name "myApp" --role contributor \
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Web/sites/{app-name} \
--sdk-auth
# Replace {subscription-id}, {resource-group}, and {app-name} with the names of your subscription, resource group, and Azure Web App.-
Paste the json response from above Azure CLI to your GitHub Repository > Settings > Secrets > Add a new secret > AZURE_CREDENTIALS
-
Now in the workflow file in your branch:
.github/workflows/workflow.ymlreplace the secret in Azure login action with your secret (Refer to the example below)
on: [push]
name: Linux_Container_Workflow
SAMPLE WORKFLOW WILL BE HERE
on: [push, pull_request]
name: Preview Deployment
jobs:
build-and-deploy:
runs-on: ubuntu-latest
env:
RESOURCE_GROUP: <YOUR_RESOURCE_GROUP_NAME>
CONTAINER_APP_NAME: <YOUR_CONTAINER_APP_NAME>
DOCKER_IMAGE_NAME: <YOUR_DOCKER_IMAGE_NAME>
# REVISION_NAME_SUFFIX: <YOUR_REVISION_NAME_SUFFIX> # Optional: Default is github commit hash
steps:
- name: 'Checkout GitHub Action'
uses: actions/checkout@master
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Create a new Container App revision'
uses: azure/[email protected]
with:
resource-group: ${{ env.RESOURCE_GROUP }}
name: ${{ env.CONTAINER_APP_NAME }}
image: ${{ env.DOCKER_IMAGE_NAME }}- name: 'Create a new Container App revision'
uses: azure/[email protected]
with:
resource-group: ${{ env.RESOURCE_GROUP }}
name: ${{ env.CONTAINER_APP_NAME }}
image: ${{ env.DOCKER_IMAGE_NAME }}
revision-name-suffix: ${{ env.REVISION_NAME_SUFFIX }}
with:on: [push, pull_request]
name: Preview Deployment
jobs:
build-and-deploy:
runs-on: ubuntu-latest
env:
RESOURCE_GROUP: <YOUR_RESOURCE_GROUP_NAME>
CONTAINER_APP_NAME: <YOUR_CONTAINER_APP_NAME>
DOCKER_IMAGE_NAME: <YOUR_DOCKER_IMAGE_NAME>
steps:
- name: 'Checkout GitHub Action'
uses: actions/checkout@master
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Revision Creation
- name: 'Create a new Container App revision'
uses: azure/[email protected]
with:
resource-group: ${{ env.RESOURCE_GROUP }}
name: ${{ env.CONTAINER_APP_NAME }}
image: ${{ env.DOCKER_IMAGE_NAME }}
# Revision Deactivation
- name: Deactivate Preview Deployment
if: github.event.action == 'closed'
uses: azure/[email protected]
with:
deactivate-revision-mode: ture
resource-group: ${{ env.RESOURCE_GROUP }}
name: ${{ env.CONTAINER_APP_NAME }}
image: ${{ env.DOCKER_IMAGE_NAME }}This action can be tried on not only GitHub Actions workflow but also your local PC or GitHub Codespaces.
If you use Visual Studio Code, debugging this action with breakpoints can be used by running Launch Program configuration.
Also, you can try to run your workflow with this action by executing npm run act on Visual Studio Code Remote-Container extension or GitHub Codespaces without pushing it to GitHub, because a devcontainer image for this repository includes Docker-in-Docker enabled devcontainer and act.
For more detail, refer to following links.
Docker-in-Docker: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/docker-in-docker.md .act: https://github.com/nektos/act
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.