Deploying ACA from GHCR

Create a service principal

The JSON output from the following will be used in a Github Secret for Azure authentication.

1. Install Azure CLI
2. Run:

   az ad sp create-for-rbac --name "myApp" --role contributor \
       --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
       --json-auth
   

Create the Github Secret

1. In your repo navigate to "Settings > Secrets and variables > Actions"
2. Add a "Repository secret"
3. Name it "AZURE_CREDENTIALS" and put the JSON from above as the value.

Create the GHA

• This is for a single revision mode ACA
• The azcliversion must be static
• The revision suffix must be unique, the string we make below will always be unique on any run or re-run.
• Using container-apps-deploy-action or aca-review-apps does not work for various reason outlined in their Github issues.
• This is a fragment but the variables should make sense.

  deploy-aca:
      runs-on: ubuntu-latest
      needs: image-builder
      env:
        RESOURCE_GROUP: rts-infra
        CONTAINER_APP: hyde

      steps:
      - name: Azure login
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: Copy revision
        uses: azure/CLI@v1
        with:
          azcliversion: 2.61.0
          inlineScript: |
            az containerapp revision copy -n ${{ env.CONTAINER_APP }} -g ${{ env.RESOURCE_GROUP }} \
              --image ${{ env.REGISTRY }}/${{ env.REPO }}/${{ env.IMAGE}}:${{ github.sha }} \
              --revision-suffix gha-${{ github.run_id }}-${{ github.run_attempt }}