To deploy a multi-container Docker application to Azure using GitHub Actions, you'll need to set up several components:
- Azure Container Registry (ACR): To store your Docker images.
- Azure Container Instances (ACI): To run your Docker containers. Note: Azure web apps is a different service, which is limited at the moment. It can only expose a single port.
- GitHub Actions: To automate the Docker image build and deployment process to ACI.
-
Install the Azure CLI and make sure you've logged in using
az login
. Also make sure you've se the right subscription as defaultaz account list --output table
-
Create a Service Principal
az ad sp create-for-rbac --name MyDemoAppServicePrincipal --role Contributor --scopes /subscriptions/{subscription-id} --sdk-auth
. Store the JSON output as the AZURE_CREDENTIALS value in GitHub Secrets -
Create an Azure Resource group for the app
az group create --name demo-fs-appResources --location australiaeast
-
Create an Azure Container Registry (ACR)
az acr create --resource-group demo-fs-appResources --name demofsappregistry --sku Basic --location australiaeast
-
Find the registry login server
az acr show --name demofsappregistry --query loginServer --output tsv
-
Enable the repo admin
az acr update -n demofsappregistry --admin-enabled true
-
Find the registry username & password
az acr credential show --name demofsappregistry --query username --output tsv
andaz acr credential show --name demofsappregistry --query "passwords[0].value" --output tsv
- az container create --resource-group demo-aci-appResources --name demo-aci-app --image myImage --registry-login-server demoaciappregistry.azurecr.io --registry-username --registry-password --dns-name-label demo-aci-app-dns --ports 80 443 `
- Enable system-assigned managed identity for the Web app
az webapp identity assign --name demo-fs-app --resource-group demo-fs-appResources
- Find the principle ID
az webapp identity show --name demo-fs-app --resource-group demo-fs-appResources --query principalId --output tsv
- Find out the ACR resource ID by running
az acr show --name demofsappregistry --query id --output tsv
- Use the principle id to Assign the "AcrPull" role to the identity
az role assignment create --assignee <service-principal-appid> --role AcrPull --scope <acr-resource-id>
- Use the principle id to Assign the "AcrPull" role to the identity
az role assignment create --assignee e15eb180-07a6-4bfa-83bc-6f223a6f9b58 --role AcrPull --scope /subscriptions/1aae93d0-43fe-4702-9f99-052fba2c240c/resourceGroups/demo-fs-appResources/providers/Microsoft.ContainerRegistry/registries/demofsappregistry
- Create Azure Storage Account
az storage account create --name demodockerappstorage --resource-group demo-fs-appResources --location australiaeast --sku Standard_LRS
- Grab the account key for use in the next step
az storage account keys list --resource-group demo-fs-appResources --account-name demodockerappstorage --query '[0].value' --output tsv
- Create a file share within the storage account
az storage share create --name demoappfileshare --account-name demodockerappstorage --account-key abcd1234
AZURE_CREDENTIALS: The JSON output from az ad sp create-for-rbac.
REGISTRY_LOGIN_SERVER: The login server of your ACR, e.g., myRegistry.azurecr.io.
REGISTRY_USERNAME: The username for your ACR.
REGISTRY_PASSWORD: The password for your ACR.
AZURE_RESOURCE_GROUP: The name of your Azure resource group.
AZURE_LOCATION: The region you want to use (e.g., australiaeast).
DNS_NAME_LABEL: DNS name label for the ACI deployment, e.g., demo-aci-app-dns
az container logs --resource-group demo-aci-appResources --name demo-aci-app
az container show --resource-group demo-aci-appResources --name demo-aci-app --query 'containers[0].instanceView.events' --output table
Delete the Container Instance az container delete --resource-group demo-aci-appResources --name demo-aci-app --yes