hi there
- Job 1 - Setup environment: Storage account and Container Registry
- Job 2 - Build / Push to ACR: build image, scan image, and push image to ACR
- Job 3 - Deploy to ACI
- Make sure Docker file is secure enough
- Update the Docker file
- Change FROM: (to alpine)
- Create separate user for the app
- To create workflow for Azure environment setup
- Configure a GitHub Action to create a container instance
- Another example GH Actions to ACI
- Detailed information of how to get all the needed secrets for the workflows
- Deploing from ACR to ACI explained
- Login:
az login
- Create resourceGroup:
az group create --name <RG_NAME> --location <SUITABLE_LOCATION>
- Create ACR:
az acr create --resource-group <RG_NAME> -n <ACR_NAME> --sku Basic
- Create a service principal for GitHub Actions workflow:
az ad sp create-for-rbac --name <SERVICE_PRINCIPAL_NAME> --role "contributor" --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME> --sdk-auth- Grant GitHub Actions service principal with the permissions to both pull and push images to Azure Container Registry:
- Get the id of our Azure Container Registry
registryId=$(az acr show --name <registry-name> --query id --output tsv)- Grant the 'AcrPush' role to our service principal
az role assignment create --assignee <ClientId> --scope $registryId --role AcrPush
- Grant the 'AcrPull' role to our service principal
az role assignment create --assignee <ClientId> --scope $registryId --role AcrPull
- The ImageResizer app itself 😄
- Does not work on the latest node version;
- Tests fail all the time;
- During deploing the process failed firs time. Error below: Error: The subscription is not registered to use namespace 'Microsoft.ContainerInstance'
- Add lint test for the "start.yml" workflow;
- Add an event to trigger workflows after adding tag to the app;
- Divide "deploy-to-azure.yml" jobs by needs keyword so the deploing will trigger after successful image build only.