Skip to content
Dev0 Docs

Deploying Aca From Ghcr

Create a service principal

The JSON output from the following will be used in a Github Secret for Azure authentication.

  1. Install Azure CLI
  2. Run: ![[Azure CLI#Create Service Principal]]

Create the Github Secret

  1. In your repo navigate to “Settings > Secrets and variables > Actions”
  2. Add a “Repository secret”
  3. Name it “AZURE_CREDENTIALS” and put the JSON from above as the value.

Create the GHA

  • This is for a single revision mode [[Azure Container Apps|ACA]]
  • The azcliversion must be static
  • The revision suffix must be unique, the string we make below will always be unique on any run or re-run.
  • Using [[container-apps-deploy-action]] or [[aca-review-apps]] does not work for various reason outlined in their Github issues.
  • This is a fragment but the variables should make sense.
  deploy-aca:
      runs-on: ubuntu-latest
      needs: image-builder
      env:
        RESOURCE_GROUP: rts-infra
        CONTAINER_APP: hyde


      steps:
      - name: Azure login
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}


      - name: Copy revision
        uses: azure/CLI@v1
        with:
          azcliversion: 2.61.0
          inlineScript: |
            az containerapp revision copy -n ${{ env.CONTAINER_APP }} -g ${{ env.RESOURCE_GROUP }} \
              --image ${{ env.REGISTRY }}/${{ env.REPO }}/${{ env.IMAGE}}:${{ github.sha }} \
              --revision-suffix gha-${{ github.run_id }}-${{ github.run_attempt }}
Sources:
  • https://techcommunity.microsoft.com/t5/azure/trying-to-deploy-container-app-from-github-actions/m-p/4021585
  • https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux
  • https://learn.microsoft.com/en-us/cli/azure/containerapp/revision?view=azure-cli-latest#az-containerapp-revision-copy