This article explains how to configure continuous integration and continuous delivery (CI/CD) for a custom container image from managed Azure Container Registry repositories or Docker Hub.
1. Go to the Deployment CenterIn the Azure portal, go to the management pane for your Azure App Service app.
In the sidebar menu under Deployment, select Deployment Center. Choose the Settings tab.
2. Select code sourceFrom the Source dropdown menu, select the deployment source based on the following criteria:
docker build and docker push directly to your container registry. It then updates your App Service app to run the new image. For more information, see How CI/CD works with GitHub Actions.If you choose GitHub Actions, select Authorize and follow the authorization prompts. If you previously authorized with GitHub, you can deploy from a different user's repository by selecting Change Account.
After you authorize your Azure account with GitHub, select the Organization, Repository, and Branch to deploy from.
2. Configure registry settings 3. Configure registry settingsTo deploy a multi-container (Docker Compose) app, select Docker Compose in Container Type.
If you don't see the Container Type dropdown list, scroll back up to Source and select Container Registry.
In Registry source, select where your container registry is. If it's not Azure Container Registry or Docker Hub, select Private registry.
Note
If your multi-container (Docker Compose) app uses more than one private image, make sure the private images are in the same private registry and are accessible with the same user credentials. If your multi-container app uses only public images, select Docker Hub, even if some images aren't in Docker Hub.
Follow the next steps by selecting the tab that matches your choice.
The Registry dropdown list displays the registries in the same subscription as your app. Select the registry you want.
To deploy from a registry in a different subscription, select Private registry in Registry source instead.
To use managed identities to lock down Azure Container Registry access, see:
Select the Image and Tag to deploy. You can choose to type the startup command in Startup File.
Follow the next step, depending on the Container Type value:
App Service appends the string in Startup File to the end of the docker run command (as the [COMMAND] [ARG...] segment) when starting your container.
In Repository Access, select whether the image you want to deploy is public or private.
In Repository Access, select whether the image you want to deploy is public or private. For a Docker Compose app with one or more private images, select Private.
If you select a private image, specify the Login (username) and Password values for the Docker account.
Supply the image and tag name in Full Image Name and Tag, separated by a : (for example, nginx:latest). You can choose to type the startup command in Startup File.
Follow the next step, depending on the Container Type value:
: (for example, nginx:latest). You can choose to type the startup command in Startup File.App Service appends the string in Startup File to the end of the docker run command (as the [COMMAND] [ARG...] segment) when starting your container.
In Server URL, type the URL of the server, beginning with https://.
In the Login and Password fields, type your sign-in credentials for your private registry.
Supply the image and tag name in Full Image Name and Tag, separated by a : (for example, nginx:latest). You can choose to type the startup command in Startup File.
Follow the next step, depending on the Container Type value:
: (for example, nginx:latest). You can choose to type the startup command in Startup File.App Service appends the string in Startup File to the end of the docker run command (as the [COMMAND] [ARG...] segment) when starting your container.
App Service supports CI/CD integration with Azure Container Registry and Docker Hub. To enable CI/CD integration, select On in Continuous deployment.
Note
If you select GitHub Actions in Source, you don't see this option because CI/CD is handled by GitHub Actions directly. Instead, you see a Workflow Configuration section, where you can select Preview file to inspect the workflow file. Azure commits this file into your selected GitHub source repository to handle build and deploy tasks. For more information, see How CI/CD works with GitHub Actions.
When you enable this option, App Service adds a webhook to your repository in Azure Container Registry or Docker Hub. Your repository posts to this webhook whenever your selected image is updated with docker push. The webhook causes your App Service app to restart and run docker pull to get the updated image.
To ensure the proper functioning of the webhook, it's essential to enable the Basic Auth Publishing Credentials option within your web app. If you don't, you might receive a "401 unauthorized" error for the webhook.
To verify whether Basic Auth Publishing Credentials is enabled, go to your web app's Configuration > General Settings. Look for the Platform Setting section, and then select the Basic Auth Publishing Credentials option.
For other private registries, you can post to the webhook manually or as a step in a CI/CD pipeline. In Webhook URL, select the Copy button to get the webhook URL.
Select Save to save your settings.
Note
Support for multi-container (Docker Compose) apps is limited. For Azure Container Registry, App Service creates a webhook in the selected registry with the registry as the scope. A docker push to any repository in the registry (including the ones not referenced by your Docker Compose file) triggers an app restart. You might want to modify the webhook to a narrower scope. Docker Hub doesn't support webhooks at the registry level. You must add the webhooks manually to the images specified in your Docker Compose file.
If you choose GitHub Actions from the Select code source dropdown menu, App Service sets up CI/CD in the following ways:
Azure/docker-login action to sign in with your private registry, and then runs docker push to deploy to it.Azure/webapps-deploy action to configure the updated image, which triggers an app restart to pull in the updated image.You can customize the GitHub Actions build provider in the following ways:
Azure/webapps-deploy action to trigger an app restart.This optional configuration replaces the default authentication with publishing profiles in the generated workflow file.
Generate a service principal by using the az ad sp create-for-rbac command in the Azure CLI. In the following example, replace <subscription-id>, <group-name>, and <app-name> with your own values. Save the entire JSON output for the next step, including the top-level {}.
az ad sp create-for-rbac --name "myAppDeployAuth" --role contributor \
--scopes /subscriptions/<subscription-id>/resourceGroups/<group-name>/providers/Microsoft.Web/sites/<app-name> \
--json-auth
Important
For security, grant the minimum required access to the service principal. The scope in the previous example is limited to the specific App Service app and not the entire resource group.
In GitHub, go to your repository, and then select Settings > Secrets > Add a new secret. Paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret a name like AZURE_CREDENTIALS.
In the workflow file generated by the Deployment Center, revise the azure/webapps-deploy step with code similar to the following example:
- name: Sign in to Azure
# Use the GitHub secret you added
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Deploy to Azure Web App
# Remove publish-profile
- uses: azure/webapps-deploy@v2
with:
app-name: '<app-name>'
slot-name: 'production'
images: '<registry-server>/${{ secrets.AzureAppService_ContainerUsername_... }}/<image>:${{ github.sha }}'
- name: Sign out of Azure
run: |
az logout
To configure the container registry and the Docker image, run az webapp config container set.
az webapp config container set --name <app-name> --resource-group <group-name> --docker-custom-image-name '<image>:<tag>' --docker-registry-server-url 'https://<registry-name>.azurecr.io' --docker-registry-server-user '<username>' --docker-registry-server-password '<password>'
# Public image
az webapp config container set --name <app-name> --resource-group <group-name> --docker-custom-image-name <image-name>
# Private image
az webapp config container set --name <app-name> --resource-group <group-name> --docker-custom-image-name <image-name> --docker-registry-server-user <username> --docker-registry-server-password <password>
az webapp config container set --name <app-name> --resource-group <group-name> --docker-custom-image-name '<image>:<tag>' --docker-registry-server-url <private-repo-url> --docker-registry-server-user <username> --docker-registry-server-password <password>
To configure a multi-container (Docker Compose) app, prepare a Docker Compose file locally, and then run az webapp config container set with the --multicontainer-config-file parameter. If your Docker Compose file contains private images, add --docker-registry-server-* parameters as shown in the previous example.
az webapp config container set --resource-group <group-name> --name <app-name> --multicontainer-config-file <docker-compose-file>
To configure CI/CD from the container registry to your app, run az webapp deployment container config with the --enable-cd parameter. The command outputs the webhook URL, but you must create the webhook in your registry manually in a separate step. The following example enables CI/CD on your app, and then uses the webhook URL in the output to create the webhook in Azure Container Registry.
ci_cd_url=$(az webapp deployment container config --name <app-name> --resource-group <group-name> --enable-cd true --query CI_CD_URL --output tsv)
az acr webhook create --name <webhook-name> --registry <registry-name> --resource-group <group-name> --actions push --uri $ci_cd_url --scope '<image>:<tag>'
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4