search

Azure / acr-build

Github action to build containers with Azure Container Registry
MIT License
19 stars 25 forks source link

RFE: ACR Managed Identity support in the GitHub Action #11

Open ezYakaEagle442 opened 1 year ago

ezYakaEagle442 commented 1 year ago

Only service_principal & service_principal_password can be provided in the GitHub Action. When ACR is set with Managed Identity, how to provide the identity to use to connect to ACR ?

see also https://github.com/Azure/acr-build/issues/10

env:
  AZURE_CONTAINER_REGISTRY: acrpetcliaca 
  REGISTRY_URL: acrpetcliaca.azurecr.io  # set this to the URL of your registry
  REPOSITORY: petclinic                  # set this to your ACR repository
  PROJECT_NAME: petclinic                # set this to your project's name
  KV_NAME: kv-petcliaca442               

  RG_KV: rg-iac-kv777 
  RG_APP: rg-iac-aca-petclinic-mic-srv 

  # ==== APPS ====
  PRJ_PREFIX: aca-spring-petclinic

  API_GATEWAY: api-gateway
  ADMIN_SERVER: admin-server
  CUSTOMERS_SERVICE: customers-service
  VETS_SERVICE: vets-service
  VISITS_SERVICE: visits-service

  CONFIG_SERVER: config-server
  DISCOVERY_SERVER: discovery-server

  # https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md#consume-secrets-in-your-workflow
  # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
  # ==== Secrets ====
  credentials: ${{ secrets.AZURE_CREDENTIALS }}
  AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
  SPN_ID: ${{ secrets.SPN_ID }}
  SPN_PWD: ${{ secrets.SPN_PWD }}

    - name: admin-server ACR build
      id: admin-server-acr-build
      uses: azure/acr-build@v1
      with:
        service_principal: ${{ env.SPN_ID }} # The Service Principal credentials : must be stored in KV
        service_principal_password: ${{ env.SPN_PWD }} # The Service Principal credentials: must be stored in KV
        tenant: ${{ env.AZURE_TENANT_ID }} # The ACR tenant
        registry: ${{ env.AZURE_CONTAINER_REGISTRY }} # The ACR name
        repository: ${{ env.REPOSITORY }} # The repository on the ACR
        image: ${{ env.ADMIN_SERVER }} # Docker image name. Default tag: The action will default to use the first 8 characters of the commit SHA if no tag is specified. Tagged with GitHub commit ID (SHA), ex: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
        # git_access_token: ${{ secrets.git_access_token }} # The Github access token for private repositories
        folder: ${{ github.workspace }} # Build context for Docker agent
        dockerfile: ./docker/petclinic-admin-server/Dockerfile # Path to the Dockerfile relative to `folder`
        branch: main # Branch to root the context off of