azure / container-apps-deploy-action Goto Github PK

GitHub Action for building and deploying Azure Container Apps

License: MIT License

TypeScript 100.00%

container-apps-deploy-action's Introduction

Azure Container Apps Build and Deploy

This action allows users to easily deploy their application source to an Azure Container App in their GitHub workflow by either providing a previously built image, a Dockerfile that an image can be built from, or using a builder to create a runnable application image for the user.

If no Dockerfile is found or provided in the provided application source, the following steps are performed by this action:

Uses the Oryx++ Builder to build the application source using Oryx to produce a runnable application image
Pushes this runnable application image to the provided Container Registry
Creates or updates a Container App based on this image

If a Dockerfile is found or discovered in the application source, the builder won't be used and the image will be built with a call to docker build and the Container App will be created or updated based on this image.

If a previously built image has already been pushed to a Container Registry and is provided to this action, no application source is required and the image will be used when creating or updating the Container App.

A YAML configuration file can also be provided to modify specific properties on the Container App that is created or updated; please see the section below on the yamlConfigPath argument.

Data/Telemetry Collection Notice

By default, this GitHub Action collects the following pieces of data for Microsoft:

The Container App build and deploy scenario targeted by the user
- i.e., used the Oryx++ Builder, used a provided/found Dockerfile, or provided a previously built image
- Note: the image name is not collected
The processing time of the GitHub Action, in milliseconds
The result of the GitHub Action
- i.e., succeeded or failed
If the Oryx++ Builder is used, events and metrics relating to building the provided application using Oryx

If you want to disable data collection, please set the disableTelemetry argument to true.

Prerequisites

Prior to running this action, a set of Azure resources and GitHub Actions are either required or optional depending on the arguments provided to this action.

Container Registry

A Container Registry must exist that the user is able to push container images to. This action will leverage the Container Registry to either push a built runnable application image to and/or deploy a Container App from.

Azure Container App environment

An Azure Container App environment is recommended to have been previously created by the user to improve the performance of the action. If no environment has been created before, or if an environment cannot be found in the resource group that is being used to host the created Container App, then an environment will be created by as a part of the az containerapp up command, which may take additional time.

`azure/login`

The azure/login action is used to authenticate calls using the Azure CLI, which is used in this action to call the az containerapp up command. If azure/login is not called prior to this action being called in the GitHub workflow, the azureCredentials argument can be used to provide the credentials needed to successfully call azure/login. These credentials are recommended to be stored as a GitHub secret, and can be provided to this action without their value being exposed.

The credentials used for the azure/login action must have Contributor access over one of the following sets of permissions:

The existing Container App if both the resourceGroup and containerAppName arguments are provided and exist
The existing resource group if only the resourceGroup argument is provided and exists
The user's subscription if the resourceGroup argument is not provided or is provided but does not exist

More information about configuring the deployment credentials required for this GitHub Action can be found here.

`docker/login-action`

The docker/login-action action is used to authenticate calls to the user's Container Registry, which will host the image that is then deployed to the Container App. Currently, docker/login-action is called during every invocation of this action, so the user's Container Registry base URL is required, along with username and password credentials that are able to authenticate calls to this Container Registry. If the Container Registry is ACR, these credentials are able to be retrieved by creating a service principal and giving it proper permissions to the ACR resource.

pack CLI

The pack CLI is maintained by the Cloud Native Buildpacks project and is used by this action to create runnable application images for the user when the application source code is provided and no additional Dockerfile is provided or found. A builder was created by Oryx to take in the application source code provided to this action and produce an image that could then be pushed to an image registry and used within a Container App to build and run the application.

A stable version of the pack CLI is installed on the GitHub runner executing the task, and depending on the base OS of this runner, different tools will be leverage to assist with the installation:

On Windows runners:
- curl will be used to pull down the .zip containing the pack executable
- 7z will be used to unzip the .zip and place the pack executable in a folder called "pack" created in the working directory of the action
- The .zip will be removed from the runner and the path containing the executable will be added to the PATH environment variable for future use via pack
On non-Windows runners:
- curl will be used to pull down the .tgz containing the pack executable
- tar will be used to unzip the .tgz and place the pack executable in /usr/local/bin

Arguments

Below are the arguments that can be provided to the Azure Container Apps Build and Deploy GitHub Action.

Note: Although no argument is officially marked as "required" in the metadata of this actions, some arguments will need to be provided in order for this action to successfully run using one of the two main scenarios.

Arguments required for building and pushing application image

Argument name	Required	Description
`acrName` or `registryUrl`	Yes (for this scenario)	The name of the Azure Container Registry or the base URL of any other Container Registry that the runnable application image will be pushed to.
`appSourcePath`	Yes (for this scenario)	Absolute path on the GitHub runner of the source application code to be built.

Arguments required for using an already pushed application image

Argument name	Required	Description
`imageToDeploy`	Yes (for this scenario)	The name of the image that has already been pushed to a registry and will be deployed to the Container App by this action. If this image is found in an ACR instance that requires authentication to pull, the `acrName` argument, or the `acrUsername` and `acrPassword` arguments, can be provided to authenticate requests to the ACR instance. If the image is found in an other Container Registry that requires authentication to pull, the `registryUrl` argument, the `registryUsername` and `registryPassword` arguments, can be provided to authenticate requests to the Container Registry.

Arguments required for using a YAML configuration file

Argument name	Required	Description
`yamlConfigPath`	Yes (for this scenario)	Full path (on the executing GitHub runner) to the YAML file detailing the configuration of the Container App.

Important notes on the YAML configuration file

The resourceGroup property in the YAML configuration file will not be used; the value for this either comes from the resourceGroup argument provided to the action, or the default resource group name generated by the action. All other properties provided in the YAML configuration file will override the values provided as arguments to this action; for example, if the containerAppName argument is provided to the action, and the name property is set in the YAML configuration file, the name property in the YAML file will be used when creating or updating the Container App.

Image and application source arguments (e.g., appSourcePath, imageToDeploy) will still be used to first build and/or push an image that is used by the Container App; in this case, the provided YAML configuration file will need to reference the image specified by imageToDeploy (or imageToBuild, depending on your scenario).

When creating a new Container App, all properties listed in the YAML configuration file (except resourceGroup as mentioned above) will be set when the Container App is created. When updating an existing Container App, only the properties listed in the file will be updated on the Container App.

Currently, the YAML file does not support setting up managed identity authentication for the Container Registry used; for more information on this issue, please see this GitHub issue.

In cases where the yamlConfigPath argument is provided, the YAML file will be passed through to the corresponding az containerapp command, either create or update depending on your scenario. For more information on the intended behavior when the YAML configuration file is provided, please see the documents linked for the corresponding commands.

For more information on the structure of the YAML configuration file, please visit this site.

Additional arguments

Argument name	Required	Description
`acrUsername`	No	The username used to authenticate push requests to the provided Azure Container Registry. If not provided, an access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests.
`acrPassword`	No	The password used to authenticate push requests to the provided Azure Container Registry. If not provided, an access token will be generated via "az acr login" and provided to "docker login" to authenticate the requests.
`registryUsername`	No	The username used to authenticate push requests to the provided Container Registry using the "docker login" action.
`registryPassword`	No	The password used to authenticate push requests to the provided Container Registry using the "docker login" action.
`azureCredentials`	No	Azure credentials used by the `azure/login` action to authenticate Azure CLI requests if the user has not previously authenticated in the workflow calling this action.
`imageToBuild`	No	The custom name of the image that is to be built, pushed to the Container Registry and deployed to the Container App by this action. Note: this image name should include the registry server; e.g., `<registryUrl>/<repo>:<tag>`. If this argument is not provided, a default image name will be constructed in the form `<registryUrl>/github-action/container-app:<github-run-id>.<github-run-attempt>`
`dockerfilePath`	No	Relative path (without file prefixes, see example below) to the Dockerfile in the provided application source that should be used to build the image that is then pushed to the Container Registry and deployed to the Container App. If not provided, this action will check if there is a file named `Dockerfile` in the provided application source and use that to build the image. Otherwise, the Oryx++ Builder will be used to create the image.
`containerAppName`	No	The name of the Container App that will be created or updated. If not provided, this value will be `github-action-container-app-<github-run-id>-<github-run-attempt>`.
`resourceGroup`	No	The existing resource group that the Azure Container App will be created in. If not provided, this value will be `<container-app-name>-rg` and its existence will first be checked before attempting to create it.
`containerAppEnvironment`	No	The name of the Container App environment to use with the application. If not provided, an existing environment in the resource group of the Container App will be used, otherwise, an environment will be created in the formation `<container-app-name>-env`.
`runtimeStack`	No	The platform version stack used in the final runnable application image that is deployed to the Container App. The value should be provided in the formation `<platform>:<version>`. If not provided, this value is determined by Oryx based on the contents of the provided application. Please refer to this document for more information on supported runtime stacks for Oryx.
`builderStack`	No	The stack (OS) that should be used to build the provided application source and produce the runnable application image. You can provide a specific image tag for the stack, such as "debian-bookworm-20231107.2", or you can provide a supported stack name, such as "debian-bookworm" or "debian-bullseye", and the latest supported image tag for that stack will be used. If no stack is provided, this action will attempt to build the provided application source with each supported stack until there's a successful build.
`buildArguments`	No	A list of build arguments provided as KEY=VALUE pairings and are space-separated. If a Dockerfile has been provided or is discovered in the application source, each build argument will be passed to the `docker build` command via the `--build-arg` flag. If the Oryx++ builder is used to create a runnable application image, each build argument will be passed to the `pack build` command via the `--env` flag.
`targetPort`	No	The designated port for the application to run on. If no value is provided and the builder is used to build the runnable application image, the target port will be set to 80 for Python applications and 8080 for all other platform applications. If no value is provided when creating a Container App, the target port will default to 80. Note: when using this action to update a Container App, the target port may be updated if not provided based on changes to the ingress property.
`location`	No	The location that the Container App (and other created resources) will be deployed to. To view locations suitable for creating the Container App in, please run the following: `az provider show -n Microsoft.App --query "resourceTypes[?resourceType=='containerApps'].locations"`
`environmentVariables`	No	A list of environment variable(s) for the container. Space-separated values in 'key=value' format. Empty string to clear existing values. Prefix value with 'secretref:' to reference a secret.
`ingress`	No	Possible options: external, internal, disabled. If set to "external" (default value if not provided when creating a Container App), the Container App will be visible from the internet or a VNET, depending on the app environment endpoint configured. If set to "internal", the Container App will be visible from within the app environment only. If set to "disabled", ingress will be disabled for this Container App and will not have an HTTP or TCP endpoint.
`disableTelemetry`	No	If set to `true`, no telemetry will be collected by this GitHub Action. If set to `false`, or if this argument is not provided, telemetry will be sent to Microsoft about the Container App build and deploy scenario targeted by this GitHub Action.

Usage

See action.yml

Minimal - Build application image for Container App

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group named <container-app-name>-rg. The Container App will be based off of an image that was built from the provided appSourcePath and pushed to the provided ACR instance. An access token will be generated to authenticate an access token will be generated to authenticate the push to the provided ACR instance.

Minimal - Use previously published image for Container App

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      imageToDeploy: mcr.microsoft.com/azuredocs/containerapps-helloworld:latest

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group named <container-app-name>-rg where no new image is built, but an existing image named mcr.microsoft.com/azuredocs/containerapps-helloworld:latest will be used for the Container App.

Minimal - Use YAML configuration file with previously published image for Container App

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      yamlConfigPath: simple-image-container-app.yaml

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group name <container-app-name>-rg where no new image is built, but an existing image named mcr.microsoft.com/azuredocs/containerapps-helloworld:latest will be used for the Container App. Additional properties about the Container App will be pulled from the simple-image-container-app.yaml file and will override any additional values that would've been provided to the GitHub Action as arguments excluding resourceGroup.

The simple-image-container-app.yaml file has the following structure:

properties:
  managedEnvironmentId: /subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP/providers/Microsoft.App/managedEnvironments/CONTAINER_APP_ENVIRONMENT
  configuration:
    ingress:
      external: true
      allowInsecure: false
      targetPort: 80
  template:
    containers:
      - image: mcr.microsoft.com/azuredocs/containerapps-helloworld:latest
        name: mysampleimagecontainer

The values for SUBSCRIPTION_ID, RESOURCE_GROUP and CONTAINER_APP_ENVIRONMENT must be updated to point to the full resource ID of the existing Container App environment that the Container App will use.

Using ACR credentials to authenticate

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      acrUsername: ${{ secrets.REGISTRY_USERNAME }}
      acrPassword: ${{ secrets.REGISTRY_PASSWORD }}

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group named <container-app-name>-rg. The Container App will be based off of an image that was built from the provided appSourcePath and pushed to the provided ACR instance. The provided ACR credentials will be used to authenticate the calls to the ACR instance.

Using Docker Hub credentials to authenticate

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      registryUrl: mytestregistry.dockerhub.io
      registryUsername: ${{ secrets.REGISTRY_USERNAME }}
      registryPassword: ${{ secrets.REGISTRY_PASSWORD }}

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group named <container-app-name>-rg. The Container App will be based off of an image that was built from the provided appSourcePath and pushed to the provided Container Registry instance. The provided Container Registry credentials will be used to authenticate the calls to the Container Registry instance.

Container App name provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      containerAppName: my-test-container-app

This will create a new Container App named my-test-container-app in a new resource group named my-test-container-app-rg.

Resource group provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      resourceGroup: my-test-rg

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group named my-test-rg.

Container App name and resource group provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      containerAppName: my-test-container-app
      resourceGroup: my-test-rg

If the my-test-rg resource group does not exist, this will create the resource group and create a new Container App named my-test-container-app within the resource group. If the resource group already exists, this will create a new Container App named my-test-container-app in the resource group, or update the Container App if it already exists within the resource group.

Container App environment provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      containerAppEnvironment: my-test-container-app-env

Runtime stack provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      runtimeStack: 'dotnetcore:7.0'

Build Arguments provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      buildArguments: |
        "BP_JVM_VERSION=21" "BP_MAVEN_BUILD_ARGUMENTS=-Dmaven.test.skip=false --no-transfer-progress package"

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group named <container-app-name>-rg. The Container App will be based off of an image that was built from the provided appSourcePath. Oryx++ builder is used to create a runnable application image, each build argument will be passed to the pack build command via the --env flag, e.g., BP_JVM_VERSION=21 BP_MAVEN_VERSION=4 will be passed to the pack build as --env BP_JVM_VERSION=21 --env BP_MAVEN_VERSION=4.'

Dockerfile provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      dockerfilePath: test.Dockerfile
      buildArguments: |
        "arg-1=value-1" "arg-2=value-2"

This will create a new Container App named github-action-container-app-<github-run-id>-<github-run-attempt> in a new resource group named <container-app-name>-rg where the runnable application image was created from the test.Dockerfile file found in the provided application source path directory and build arguments "arg-1=value-1" "arg-2=value-2" will be passed to the docker build as --build-arg "arg-1=value-1" --build-arg "arg-2=value-2". If there's no build argument in the Dockerfile, no need to provide buildArguments.

Note: for values provided to dockerfilePath, no file prefixes should be included (e.g., ./test.Dockerfile should be passed as just test.Dockerfile). The provided appSourcePath and dockerfilePath arguments will be concatenated inside of the GitHub Action.

Image to build provided

steps:

  - name: Log in to Azure
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}
      acrName: mytestacr
      imageToBuild: mytestacr.azurecr.io/app:latest

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

container-apps-deploy-action's People

Contributors

Stargazers

Watchers

container-apps-deploy-action's Issues

No way to define (or disable) probes?

Default probes are created, but with no way to define alternate endpoints.

Error with registry password

After building and pushing the container image my github action (which uses azure/container-apps-deploy-action@v2) fails with the following error:

WARNING: Adding registry password as a secret with name "ghcrio-***"
ERROR: (ContainerAppInvalidPropertyValue) Property 'secrets.name' has an invalid value 'ghcrio-***'. A value must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.

The azure login, as well as the ghcr push itself succeeds, so I assume my credentials are correct. Is there something I've mis-configured?

Error when updating Container App without Dockerfile

I have a GitHub Action workflow file that provisions the resources for my container app, and then uses the GitHub Action to update the images to ones that are generated by the GitHub Action.

I've set up my Container Apps deploy action like so:

- name: Build and Deploy Backend Container App
        uses: azure/container-apps-deploy-action@v0
        with:
          appSourcePath: ${{ github.workspace }}/src/MyFrontEnd/MyFrontEnd
          acrName: ${{ steps.getacrname.outputs.acrName }}
          acrUsername: ${{ steps.getacrcreds.outputs.loginName }}
          acrPassword: ${{ steps.getacrcreds.outputs.password }}
          containerAppName: myfrontend
          resourceGroup: ${{ secrets.AZURE_RG}}

I have no Dockerfiles in my C# projects and looking at the runner logs, the image is being built successfully, but the action fails with the following error:

Error response from daemon: unexpected error reading Dockerfile: read /var/lib/docker/tmp/docker-builder805887875: is a directory

Is one of the following happening?

Is the Container Apps Deploy Action pulling down Oryx images correctly?
Is this an error from Oryx itself? (and should I raise an issue there?)
Am I just being stupid and I have to supply a Dockerfile for each of my projects?

ERROR: Usage error: --container-name is required when adding or updating a container.

Hi,

In my case container app have 2 images. First one is app image and second one is sidecar image to forward logs. It was working without yaml config file before I've added sidecar. Once I added, it gave me the following error:

ERROR: Usage error: --container-name is required when adding or updating a container.

So' I have decided use yaml config file option. But looks like I need to set image name which is created by the pipeline dynamically.

Is there a way to pass a parameter to the yaml file? Or indicating image name without using yaml file even better.

My action is like below

jobs:
release:
runs-on: ubuntu-latest
environment: ${{ inputs.Environment }}
steps:
- name: Log in to Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZCreds }}

    - uses: actions/checkout@v4
  
    - name: Build and deploy Container App
      uses: azure/container-apps-deploy-action@v1
      with:
        imageToDeploy: "${{ inputs.Image }}:${{ inputs.ImageTag }}"
        acrName: ${{vars.ACR_REGISTERY_NAME}}
        containerAppName: ${{vars.CONTAINER_APP_NAME}}
        resourceGroup: "${{ inputs.RG }}"
        acrUsername: ${{ secrets.acrUserName }}
        acrPassword: ${{ secrets.acrPassword }}
        yamlConfigPath: ${{ github.workspace }}/set-container-name.yaml

And set-container-name.yaml file is like below:

properties:
template:
containers:
- name: be-container

I don't know whether this mixed usage allowed or not that I need to put everything in a yaml.

Supply environment variables as multi-line YAML value

When supplying environment variables to the action, it asks for them. in the format

environmentVariables: ENV1=value1 ENV2=value2

however this is cumbersome to manage in a workflow. YAML supports multi-line strings such as:

environmentVariables: |
    ENV1=value1 \
    ENV2=value2

However this appears to be passed literally to the action, which then fails at deployment time:

/usr/bin/az containerapp update -n containerApp -g rg-containerApp --output none --replace-env-vars ENV1=value1 \
ENV2=value2

ERROR: (ContainerAppInvalidEnvVarName) Env variable name '\

Am I doing something wrong here, or is this not supported?

Docker Bridge CIDR field is being removed in the April 2023 Microsoft Azure Kubernetes Service API

Does that change also affect ACA deployment?
Azure AKS #3534
Should I skip the docker_bridge_cidr, dns_service_ip and service_cidr configuration?

Set a new revision with image that's already built - ACR login fails and succeeds.

Hi,
I'm little confused by number of options on this action.

My ACA instance is already deployed, it has ACR pull permissions to ACR.
Container image is pushed to ACR and ready to deploy.
Service principal doing the deployment has both ACR pull and push permissions.

Why the action needs ACR credentials?

In my run, it both succeeds to login to container registry, just to fail few seconds later.

Run azure/container-apps-deploy-action@v1
  with:
    imageToDeploy: ***.azurecr.io/"django-samples/app:sha-a8a17f0"
    containerAppName: my-aca-tmp
    resourceGroup: my-aca-tmp-app
    acrUsername: ***
    acrPassword: ***
    acrName: ***
    targetPort: 8000
    environmentVariables: WEBSITE_HOSTNAME=my-aca-tmp.happyplant-xxx.eastus.azurecontainerapps.io APPLICATIONINSIGHTS_CONNECTION_STRING=InstrumentationKey=xxx
    disableTelemetry: false
  env:
    IMAGE_NAME: django-samples/app
Run CA_GH_ACTION_START_MILLISECONDS=$(date +%s%N | cut -b1-13)
Run az config set extension.use_dynamic_install=yes_without_prompt
WARNING: Command group 'config' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Run docker/[email protected]
Logging into ***.azurecr.io...
Login Succeeded!
Run CA_GH_ACTION_REGISTRY_LOGIN_ARG="--registry-server ***.azurecr.io --registry-username *** --registry-password ***"
Run CA_GH_ACTION_IMAGE_TO_BUILD="***.azurecr.io/github-action/container-app:7683692928.1"
Run CA_GH_ACTION_IMAGE_TO_DEPLOY="***.azurecr.io/"django-samples/app:sha-a8a17f0""
Run CA_GH_ACTION_RESOURCE_GROUP="my-aca-tmp-app"
Run az containerapp show \
Run CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT="my-aca-tmp-env"
Run CA_GH_ACTION_INGRESS_ENABLED="true"
Run CA_GH_ACTION_TARGET_PORT="8000"
Run CA_GH_ACTION_TARGET_PORT_ARG="--target-port 8000"
Run CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT_VARIABLES_ARG="--replace-env-vars WEBSITE_HOSTNAME=my-aca-tmp.happyplant-xxx.eastus.azurecontainerapps.io APPLICATIONINSIGHTS_CONNECTION_STRING=InstrumentationKey=xxx
Run CA_GH_ACTION_USE_UP="true"
Run CA_GH_ACTION_INGRESS_ARG=""
Run CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT_VARIABLES_ARG="--env-vars WEBSITE_HOSTNAME=my-aca-tmp.happyplant-xxx.eastus.azurecontainerapps.io APPLICATIONINSIGHTS_CONNECTION_STRING=xxx"
Run az containerapp up \
ERROR: Failed to retrieve credentials for container registry. Please provide the registry username and password
Error: Process completed with exit code 1.

I just want to create a new revision with updated container image, is that the right way to do it?

Support configuration of scalers

It would be cool to change the min and max instances as well as the scaling behavior in the action.

Pass build args to the build step

Is there a way to pass build args for the docker build step?

Judging from the code I see here this isn't supported, but maybe you can confirm it?

I know of the environmentVariables parameter, the problem with it is that I need some arguments to be available while running docker build, while those environmentVariables become available only when the container is run, for what I understand.

Deploy image from Docker hub

Not able to deploy image from docker hub instead of ACR. Here is the script I am using.

- name: Deploy to containerapp
  uses: azure/CLI@v1
  with:
    inlineScript: |
      az config set extension.use_dynamic_install=yes_without_prompt
      az containerapp registry set -n qpass-ca-dev -g qpass-dev --server docker.io --username  ${{ secrets.QPASSCADEV_REGISTRY_USERNAME }} --password ${{ secrets.QPASSCADEV_REGISTRY_PASSWORD }}
      az containerapp update -n qpass-ca-dev -g qpass-dev --image arupnayak/qpass-backend:${{ github.sha }}

Below error is occurring:

ERROR: (WebhookInvalidParameterValue) The following field(s) are either invalid or missing. Invalid value: "***/qpass-backend:41eb406c4be3b1f1a598559c453f069f4d9f764c": GET https:: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:***/qpass-backend Type:repository]]: template.containers.simple-hello-world-container.image.
Error: Error: az cli script failed.

ERROR: (InvalidParameterValueInContainerTemplate)

Hello, we are getting this error:

ERROR: (InvalidParameterValueInContainerTemplate) The following field(s) are either invalid or missing. Field 'template.containers.<our-registry>.image' is invalid with details: 'Invalid value: "<our-registry>.azurecr.io/our-server:32931cfe[65](https://github.com/my-org/our-repol/actions/runs/7415102429/job/20177549358#step:12:70)8e2c0800f4a8[79](https://github.com/my-org/our-repo/actions/runs/7415102429/job/20177549358#step:12:84)0da35183ecac2906": GET https:?scope=repository%3Aour-server%3Apull&service=<our-registry>.azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.';.

This doesn't make sense to us because it sucessfully logs into the ACR beforehand:

Run docker/[email protected]
  with:
    registry: <our-registry>.azurecr.io
    username: ***
    password: ***
    ecr: auto
    logout: true
  env:
    SERVICE: <our-registry>
    AZURE_HTTP_USER_AGENT: 
    AZUREPS_HOST_ENVIRONMENT: 
    CA_GH_ACTION_START_MILLISECONDS: 1704404270120
    CA_GH_ACTION_RESULT_ARG: --property 'result=failed'
    CA_GH_ACTION_YAML_PROVIDED: true
Logging into <our-registry>.azurecr.io...
Login Succeeded!

Here is the full log:

Run docker/[email protected]
  with:
    registry: <our-registry>.azurecr.io
    username: ***
    password: ***
    ecr: auto
    logout: true
  env:
    SERVICE: <our-registry>
    AZURE_HTTP_USER_AGENT: 
    AZUREPS_HOST_ENVIRONMENT: 
    CA_GH_ACTION_START_MILLISECONDS: 1704404270120
    CA_GH_ACTION_RESULT_ARG: --property 'result=failed'
    CA_GH_ACTION_YAML_PROVIDED: true
Logging into <our-registry>.azurecr.io...
Login Succeeded!
Run CA_GH_ACTION_REGISTRY_LOGIN_ARG="--registry-server <our-registry>.azurecr.io --registry-username *** --registry-password ***"
  CA_GH_ACTION_REGISTRY_LOGIN_ARG="--registry-server <our-registry>.azurecr.io --registry-username *** --registry-password ***"
  CA_GH_ACTION_REGISTRY_URL=<our-registry>.azurecr.io
  CA_GH_ACTION_REGISTRY_USERNAME=***
  CA_GH_ACTION_REGISTRY_PASSWORD=***
  echo "CA_GH_ACTION_REGISTRY_LOGIN_ARG=$***CA_GH_ACTION_REGISTRY_LOGIN_ARG***" >> $GITHUB_ENV
  echo "CA_GH_ACTION_REGISTRY_URL=$***CA_GH_ACTION_REGISTRY_URL***" >> $GITHUB_ENV
  echo "CA_GH_ACTION_REGISTRY_USERNAME=$***CA_GH_ACTION_REGISTRY_USERNAME***" >> $GITHUB_ENV
  echo "CA_GH_ACTION_REGISTRY_PASSWORD=$***CA_GH_ACTION_REGISTRY_PASSWORD***" >> $GITHUB_ENV
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0***
  env:
    SERVICE: <our-registry>
    AZURE_HTTP_USER_AGENT: 
    AZUREPS_HOST_ENVIRONMENT: 
    CA_GH_ACTION_START_MILLISECONDS: 1704404270120
    CA_GH_ACTION_RESULT_ARG: --property 'result=failed'
    CA_GH_ACTION_YAML_PROVIDED: true
Run CA_GH_ACTION_IMAGE_TO_BUILD="<our-registry>.azurecr.io/github-action/container-app:741[51](https://github.com/my-org/our-repo/actions/runs/7415102429/job/20177549358#step:12:55)02429.1"
Run CA_GH_ACTION_IMAGE_TO_DEPLOY="<our-registry>.azurecr.io/our-server:32931cfe6[58](https://github.com/my-org/our-repo/actions/runs/7415102429/job/20177549358#step:12:62)e2c0800f4a8790da35183ecac2906"
Run CA_GH_ACTION_RESOURCE_GROUP="***"
Run az containerapp show \
WARNING: The behavior of this command has been altered by the following extension: containerapp
ERROR: (ResourceNotFound) The Resource 'Microsoft.App/containerApps/<our-registry>' under resource group '***' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Run az containerapp create \
WARNING: The behavior of this command has been altered by the following extension: containerapp
WARNING: Additional flags were passed along with --yaml. These flags will be ignored, and the configuration defined in the yaml will be used instead
ERROR: (InvalidParameterValueInContainerTemplate) The following field(s) are either invalid or missing. Field 'template.containers.<our-registry>.image' is invalid with details: 'Invalid value: "<our-registry>.azurecr.io/our-server:32931cfe[65](https://github.com/my-org/our-repo/actions/runs/7415102429/job/20177549358#step:12:70)8e2c0800f4a8[79](https://github.com/my-org/our-repo/actions/runs/7415102429/job/20177549358#step:12:84)0da35183ecac2906": GET https:?scope=repository%3Aour-server%3Apull&service=<our-registry>.azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.';.

We're unsure where to go from here to get this working and find this error confusing when you see the login succeeded beforehand. Thank you.

Deployment is erasing configuration and printing environment variables

Since the last update, I noticed a few issues:

The deployment is printing all environment variables. Some of those have sensitive information and should not the logged. Can I remove it?
It’s removing the custom domains.
It's changing the ingress port to 80.

If I deploy manually, none of this happens.

This GitHub Action has been quite unstable is inconsistent.

Regression in https://github.com/Azure/container-apps-deploy-action/pull/35

az containerapp up
See this line: 93b5657#r104806035

Run az containerapp up \
ERROR: Failed to retrieve credentials for container registry. Please provide the registry username and password
Error: Process completed with exit code 1.

This error started 4 hours ago, which coincides with the merge of #35

Support generic container registry authentication

Currently this action only supports authentication with an Azure Container Registry thats in the same subscription as the container app.

I'd like to be able to specify an imageToDeploy path and the credentials that are required to access the image. It could be an Azure Container Registry, a GitHub registry or a private registry that I'm hosting on an endpoint.

In my specific case, it is indeed an Azure Container Registry. However it is not in my subscription, and the subscription the ACR is homed in isn't even in the same tenant.

ERROR: The resource with name '***' and type 'Microsoft.ContainerRegistry/registries' could not be found in subscription 'Visual Studio Enterprise Subscription (***)'.

I'm providing these parameters and would expect it to work.

    - name: Build and deploy Container App
      uses: azure/container-apps-deploy-action@v0
      with:
        resourceGroup: containerapp
        imageToDeploy: mycontainerregistry.azurecr.io/azuredocs/azure-vote-7b3cb867c04385f583d1525cdc95912a2f54e52b
        acrName: mycontainerregistry
        acrUsername: ${{ secrets.REGISTRY_USERNAME }}
        acrPassword: ${{ secrets.REGISTRY_PASSWORD }}

Add action outputs?

I am looking for a way to get the FQDN of the deployed application.

I used to use the azure/webapps-deploy action which had an output called webapp-url which I could then use to populate the GitHub environments e.g.:

  deploy:
    runs-on: ubuntu-latest

    needs: build

    environment:
      name: "production"
      url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}

    steps:
      - name: Lowercase the repo name
        run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}

      - name: Deploy to Azure Web App
        id: deploy-to-webapp
        uses: azure/webapps-deploy@v2
        with:
          app-name: ${{ env.AZURE_WEBAPP_NAME }}
          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
          images: "ghcr.io/${{ github.repository }}:latest"

`ERROR: Bad Request`, HTTP Error 400. The request URL is invalid

Description

I don't know about this error because i haven't made an HTTP request yet, i have checked my options and credentials but is correct and OK

Default ingress value: external
Default target port: 80
/usr/bin/az containerapp create -n unknown -g *** --environment personal-env
 --output none --registry-server ghcr.io --registry-username example --registry-password *** --ingress external --target-port 80 -i ghcr.io/example/example:c168b06254b66f47b2fef12c19df71234538c1ea
WARNING: The behavior of this command has been altered by the following extension: containerapp
ERROR: Bad Request(<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid URL</h2>
<hr><p>HTTP Error 400. The request URL is invalid.</p>
</BODY></HTML>
)
Error: The process '/usr/bin/az' failed with exit code 1
Error: The process '/usr/bin/az' failed with exit code 1

Updated (5:54 PM - 26/11/2023)

This error not occur when already have container apps, but why not describe should create container apps? as docs say they can create container apps and update if already exists.

Tasks

Beta Give feedback

Try create container apps first
Options

Add --revision-suffix parameter support (which is a param from az containerapp create and az containerapp update)

Like the title says, is it possible to add support to the --revision-suffix parameter ?
I am having issues deploying new revisions, I don't get any errors but no revision is created after I update my container app using "azure/container-apps-deploy-action@v1" with a newly built image. The new image has the same name but has code changes. It works when I create a revision through the portal and give it a Suffix.

Passing env variables to docker build

Hi there,

I am trying to use the container-apps-adeploy-action for a nextjs application, specifically Tina.io.

Tina requires three env variables to be set when building, which I locally set in a .env with the variables NEXT_PUBLIC_TINA_CLIENT_ID, TINA_TOKEN and NEXT_PUBLIC_TINA_BRANCH. This work nicely locally when I build the docker image.

In my GitHub action, I set them under env and read from GitHub secret. This is my workflow file:

name: Azure Container App CI/CD
on:
  push:
    branches:
      - main
env:
  NEXT_PUBLIC_TINA_CLIENT_ID: ${{ secrets.NEXT_PUBLIC_TINA_CLIENT_ID }}
  TINA_TOKEN: ${{ secrets.TINA_TOKEN }}
  NEXT_PUBLIC_TINA_BRANCH: main
jobs:
  build_and_deploy_job:
    runs-on: ubuntu-latest
    name: Build and deploy job
    steps:
      - uses: actions/checkout@v3

      - name: Log in to Azure
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: Build and deploy Container App
        uses: azure/container-apps-deploy-action@v0
        with:
          appSourcePath: ${{ github.workspace }}
          acrName: KoermitApiRegistry
          acrUsername: ${{ secrets.REGISTRY_USERNAME }}
          acrPassword: ${{ secrets.REGISTRY_PASSWORD }}
          containerAppName: tina-handbook
          resourceGroup: tina-lab-handbook
          containerAppEnvironment: labs-handbook
          dockerfilePath: Dockerfile

However I get an error from the action build job
Error: Client not configured properly. Missing branch, clientId, token. Please visit https://tina.io/docs/tina-cloud/connecting-site/ for more information

These values are set from the env variables NEXT_PUBLIC_TINA_CLIENT_ID, TINA_TOKEN and NEXT_PUBLIC_TINA_BRANCH.

Another log from the action, is this:

Run docker build --tag KoermitApiRegistry.azurecr.io/github-action/container-app:3550347084.1 --file /home/runner/work/tina-labs-handbook/tina-labs-handbook/Dockerfile /home/runner/work/tina-labs-handbook/tina-labs-handbook
[275](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:290)
  docker build --tag KoermitApiRegistry.azurecr.io/github-action/container-app:3550347084.1 --file /home/runner/work/tina-labs-handbook/tina-labs-handbook/Dockerfile /home/runner/work/tina-labs-handbook/tina-labs-handbook
[276](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:291)
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0***
[277](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:292)
  env:
[278](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:293)
    NEXT_PUBLIC_TINA_CLIENT_ID: ***
[279](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:294)
    TINA_TOKEN: ***
[280](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:295)
    NEXT_PUBLIC_TINA_BRANCH: main
[281](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:296)
    AZURE_HTTP_USER_AGENT: 
[282](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:297)
    AZUREPS_HOST_ENVIRONMENT: 
[283](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:298)
    CA_GH_ACTION_ACR_LOGIN_ARG: --registry-server KoermitApiRegistry.azurecr.io --registry-username *** --registry***
[284](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:299)
    CA_GH_ACTION_DOCKERFILE_PATH: /home/runner/work/tina-labs-handbook/tina-labs-handbook/Dockerfile
[285](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:300)
    CA_GH_ACTION_IMAGE_TO_BUILD: KoermitApiRegistry.azurecr.io/github-action/container-app:3550347084.1
[286](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:301)
    CA_GH_ACTION_IMAGE_TO_DEPLOY: KoermitApiRegistry.azurecr.io/github-action/container-app:3550347084.1
[287](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:302)
    CA_GH_ACTION_RESOURCE_GROUP: tina-lab-handbook
[288](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:303)
    CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT_ARG: --environment labs-handbook
[289](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:304)
    CA_GH_ACTION_RUNTIME_STACK: node:16
[290](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:305)
    CA_GH_ACTION_TARGET_PORT: 
[291](https://github.com/DanskeStatsbaner/tina-labs-handbook/actions/runs/3550347084/jobs/5963640559#step:4:307)
Sending build context to Docker daemon  1.143MB

Based on this, it looks as for me that the deploy action passes the correct env variables to docker, they are set and as far as I understand should be ready for docker build to read. Which is why I don't understand why the application throws the errors that the variables are not set/not configured.

Any ideas on what is going wrong? Thank you!

Azure Login insufficient

I'm trying to deploy a previously build image, using a pre-defined Service Principal and the below job:

  deploy:
    runs-on: ubuntu-latest
    environment: Development
    needs: build-and-push
    steps:
      - name: Log in to Azure
        uses: azure/login@v1
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Build and deploy Container App
        uses: azure/container-apps-deploy-action@v0
        with:
          acrName: xxx
          ### Expected to be resolved by azure/login@v1, but reality says otherwise ###
          acrUsername: ${{ secrets.AZURE_CLIENT_ID }}
          acrPassword: ${{ secrets.AZURE_CLIENT_SECRET }}
          #####################################################
          containerAppName: yyy
          resourceGroup: zzz
          imageToDeploy: aaa.azurecr.io/bbb:${{ github.event.head_commit.id }}

When not supplying acrUsername and acrPassword, I get the following error:

WARNING: The installed extension 'containerapp' is in preview.
ERROR: Failed to retrieve credentials for container registry. Please provide the registry username and password
Error: Process completed with exit code 1.

Given the documentation and my previous experience, I would have expected the Log in to Azure step to have sufficed.

Any clarifications would be helpful, but since the workaround of providing acrUsername and acrPassword exists, it is not a pressing matter.

Thank you.

using imageToDeploy with a latest tag does not update revision

I want to use this action to deploy "an already pushed application image".

In the CI/CD pipeline I create and push the image to the repository with the latest tag. However, when I specify the imageToDeploy parameter as: registry/image:latest everything works fine, however it will not create a new revision. The old revision stays online, until a new container is spinned up by a ACA scaling rule.

Is this a design choice? For now I am using specific version numbers as tags, which works. But I would like to be able to use a latest tag, which represents the currently running version.

Error: argument `targetPort` only works if the container app does not exist yet

When you set the targetPort argument in the GitHub Action for deploying Container Apps on Azure, the initial deployment succeeds, but subsequent updates fail.

Here's an example configuration that triggers the issue:

- name: Deploy Container App
  uses: azure/container-apps-deploy-action@v2
  with:
    containerAppName: test-app
    resourceGroup: [...resourceGroup]
    imageToDeploy: [...imageUrl]
    targetPort: 8080

Identified Issue:

The root of the problem seems to be the Azure CLI command az containerapp update, which lacks support for the target-port argument. Consequently, this Action defaults to using the up command for both initial deployments and updates. However, if the app is already running, attempting an update with the up command and a specified target-port results in a Forbidden error:

/usr/bin/az containerapp up [...] --target-port 8080
ERROR: Operation returned an invalid status 'Forbidden'

As the ingress setup is only needed during creation, this Action should skip the targetPort and only update the container or (if specified) delete and re-create the container if the targetPort changed

"az containerapp create" missing `--registry-server` parameter

I'm trying to deploy an application, and I keep getting an error:

(InvalidParameterValueInContainerTemplate) The following field(s) are either invalid or missing. Field 'template.containers.appName-fe.image' is invalid with details: 'Invalid value: "[acr].azurecr.io/full-name-fe:aca-deploy": GET https:?scope=repository%3Afull-name-fe%3Apull&service=[acr].azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.';.

The command used is:

az containerapp create \
    -n appName-fe \
    -i [acr].azurecr.io/full-name-fe:aca-deploy \
    --environment appName-dev \
    --ingress external \
    --target-port 3000

The login used is successful:

  CA_GH_ACTION_ACR_ACCESS_TOKEN=$(az acr login --name [acrName] --output json --expose-token | jq -r '.accessToken')
  echo "CA_GH_ACTION_ACR_ACCESS_TOKEN=${CA_GH_ACTION_ACR_ACCESS_TOKEN}" >> $GITHUB_ENV
  docker login [acr].azurecr.io -u 00000000-0000-0000-0000-000000000000 -p $CA_GH_ACTION_ACR_ACCESS_TOKEN
  CA_GH_ACTION_REGISTRY_URL=[acr].azurecr.io
  echo "CA_GH_ACTION_REGISTRY_URL=${CA_GH_ACTION_REGISTRY_URL}" >> $GITHUB_ENV

WARNING: You can perform manual login using the provided access token below, for example: 'docker login loginServer -u 00000000-0000-0000-0000-000000000000 -p accessToken'
WARNING! Using -*** the CLI is insecure. Use --password-stdin.
Login Succeeded

I have validated locally there is a missing parameter:

➜  full-name-fe git:(aca-deploy) ✗   az containerapp create \
    -g appName-dev \
    -n appName-fe \
    -i [acr].azurecr.io/full-name-fe:aca-deploy \
    --environment appName-api-dev \
    --ingress external \
    --target-port 3000
(InvalidParameterValueInContainerTemplate) The following field(s) are either invalid or missing. Field 'template.containers.appName-fe.image' is invalid with details: 'Invalid value: "[acr].azurecr.io/full-name-fe:aca-deploy": GET https:?scope=repository%3Afull-name-fe%3Apull&service=[acr].azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.';.
➜  full-name-fe git:(aca-deploy) ✗   az containerapp create \
    -g appName-dev \
    -n appName-fe \
    -i [acr].azurecr.io/full-name-fe:aca-deploy \
    --environment appName-api-dev \
    --ingress external \
    --target-port 3000 \
    --registry-server [acr].azurecr.io
No credential was provided to access Azure Container Registry. Trying to look up credentials...
Adding registry password as a secret with name "ecrazurecrio-ecrname"
/ Running ..^C
➜  full-name-fe git:(aca-deploy) ✗

All I did was add --registry-server [acr].azurecr.io to the CLI command.

I can't find anywhere to get this action to also add this parameter. acrName and registryUrl cannot be used together. Is there some registryServer variable not documented?

The Azure setup is two resource groups; I'll use RG-A and RG-B.

RG-A contain the [acrName] registry
RG-B is the deployment target resource group
The action parameters uses resourceGroup: RG-B.
Github login is done via federated credentials, and logs in successfully in a previous step in the same job workflow.

Action Definition:

      - name: ACA Deploy
        uses: azure/container-apps-deploy-action@v1
        with:
          acrName: [acrName]
          # registryUrl: ${{ vars.REGISTRY_LOGIN_SERVER }}
          imageToDeploy: [..] # [acr].azurecr.io/full-name-fe:aca-deploy from cli above
          resourceGroup: [..] # "RG-B" mentioned above
          containerAppName: appName-fe
          environmentVariables: # {junk stuff I'm leaving out}
          targetPort: 3000
          containerAppEnvironment: appName-dev

Documentation does not specify acrUsername and acrPassword are required to deploy the container

Hi,

I have started using this action, and from the documentation it was not clear that you are required to set up ACR credentials and apss them to the action. If you don't specify the action, the image cannot be pulled from ACR.

The minimal example in the docs is therefore insufficient for deploying a container.

https://github.com/marketplace/actions/azure-container-apps-build-and-deploy#minimal---build-application-image-for-container-app

I hope this can be addressed :)

[maybe-bug] Action overrides service connector

It seems that the environment configured in the action overrides the one that is created by the service connector.
I would like to use the service connector but it seems like the environment config from the action overrides the set values.
Please advise as to how this should be used correctly or if this is working as intended.

Save State command to be deprecated

When running the action in our pipeline we receive the following message in the logs:

Warning: The save-state command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Does this command need to be updated?

Support waiting until deployment is completed

Hi!

I am looking for a feature to be able to make this action wait until the deployment is actually completed. Now the action seems to be considered "completed" when the signal is sent away to Azure to initiate the deployment. I would like the action to wait until the new revision is deployed and is up and running OR until the deployment actually failed. It would be great to have this feature so that we don't have to implement it ourselves.

BR,
Rasmus

Support GitHub container registry

To make my containers generally available I am currently using the github registry, it would be nice if this action could support non azure registries as well.

ERROR: (ManagedEnvironmentNotFound) For valid environment

We are trying to run a Github Action that deploys a Container App. The steps are as follows:

      - name: Login to Azure
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_SERVICE_ACCOUNT_CREDENTIALS }}
          
      - name: Add containerapp extension
        run: az extension add -n containerapp

      - name: Ensure ACR Exists
        run: |
          az acr show --name ${{ env.SERVICE }} --resource-group ${{ secrets.RESOURCE_GROUP }} ||
          az acr create --name ${{ env.SERVICE }} --resource-group ${{ secrets.RESOURCE_GROUP }} --sku Basic
          
      - name: Login to ACR
        run: az acr login --name ${{ env.SERVICE }}
          
      - name: Build and push Docker image
        run: |
          docker build -t ${{ env.SERVICE }}.azurecr.io/our-container:${{ github.sha }} --target base .
          docker push ${{ env.SERVICE }}.azurecr.io/our-container:${{ github.sha }}
          
      - name: Deploy Azure Container App
        uses: azure/container-apps-deploy-action@v1
        with:
          acrName: ouracrname
          yamlConfigPath: gh-azure-config.yaml
          resourceGroup: MY_RESOURCE_GROUP
          containerAppEnvironment: MY_ENVIRONMENT_NAME
          containerAppName: ${{ env.SERVICE }}

Which, on the "Deploy Azure Container App" step, yields the following error with exit code 1:

ERROR: (ManagedEnvironmentNotFound) Environment /subscriptions/MY_SUBSCRIPTION_ID/resourceGroups/MY_RESOURCE_GROUP/providers/Microsoft.App/managedEnvironments/MY_ENVIRONMENT_NAME was not found.

With the following command, we can get the managedEnvironmentId(for the gh-azure-config.yaml) from the id key:

az containerapp env show --name MY_ENVIRONMENT_NAME --resource-group MY_RESOURCE_GROUP

We plug in the id value into managedEnvironmentId in the gh-azure-config.yaml file, but we get this error. The service account we are using has contributor access to the environment and we've validated it can see the environment with this command. We're unsure how to proceed from here and are wondering if this may be a bug. Thank you

ERROR: unrecognized arguments: --replace-env-vars

Hey I'm noticing an issue regarding the environmentVariables flag

This is the error it throws when running github action
ERROR: unrecognized arguments: --replace-env-vars LOG_LEVEL=info DB_URL=secretref:*** DB_NAME=secretref:***
Error: The process '/usr/bin/az' failed with exit code 2 Error: The process '/usr/bin/az' failed with exit code 2

This is the stage:

Wrong argument for environment variables when updating

Version 2 of this action passes --env-vars as a parameter to az containerapp update, but according to the documentation the parameter should be --set-env-vars. This causes the following error: unrecognized arguments: --env-vars.

The content of my workflow file that caused the error is:

name: Dockerize and deploy SvelteKit project to Azure Container App

on:
  push:
    branches:
      - main
  workflow_dispatch:

permissions:
  id-token: write
  contents: read

jobs:
  build-push-and-deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/[email protected]

      - name: Login to Azure
        uses: Azure/[email protected]
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Build and deploy app to Azure Container Apps
        uses: azure/container-apps-deploy-action@v2
        with:
          appSourcePath: ${{ github.workspace }}
          acrName: ${{ secrets.ACR_NAME }}
          containerAppName: ${{ secrets.CA_NAME }}
          resourceGroup: ${{ secrets.CA_RG_NAME }}
          imageToBuild: ${{ secrets.ACR_URL }}/my-app:${{ github.SHA }}.${{ github.RUN_ATTEMPT }}
          targetPort: 3000
          environmentVariables: >
              "AUTHORITY=secretref:authority"
              "TENANT_ID=secretref:tenant-id"
              "CLIENT_ID=secretref:client-id"
              "CLIENT_SECRET=secretref:client-secret"
              "REDIRECT_URI=secretref:redirect-uri"
              "COSMOS_ENDPOINT=secretref:cosmos-endpoint"
              "COSMOS_DATABASE=secretref:cosmos-database" 
              "COSMOS_CONTAINER=secretref:cosmos-container"

It works fine as long as the environmentVariables parameter is not set. The only difference between the content of this file and my current file is that I use Azure CLI Action to set the enviroment variables in a previous step, as a workaround.

Support imageToBuild without registry url

I'm using ACR to deploy my image, and I use the acrName as a parameter, but in my workflow I don't have the registryUrl only the acrName. But registry url mandatory if I want to specify a custom imageToBuild.

Because I already gave the acrName to the action, I want to only specify <repo>:<tag> part of the imageToBuild without the registryUrl.

`Node.js 16 actions are deprecated. `

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: azure/container-apps-deploy-action@v2. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/

Support Container App and Registry in different Azure Subscriptions

I'm trying to deploy an application to a subscription dedicated to development resources, lets call it Development. However, my registry is centralized and we consider the images to be production-grade resources, hence they reside in another subscription, lets call it Production.

As far as I can tell, there is no way to configure the action to allow the Registry and Container App residing in different subscriptions.

Is my observation correct?
Is this limitation by design, or rather an unrealized feature that may be supported further down the road?
Do you have any suggestions other than co-locating the Registry and Container App in the same subscription that may help in the meantime?

Thanks!

uses missing colon?

Github actions was complaining until I replaced all uses azure/container-apps-deploy-action@v0 by uses: azure/container-apps-deploy-action@v0 in the examples (added a colon after uses)

Disable creation of container app

Hi!

Is there any way to configure that the container app should not be created in case it does not exist? In our case we are setting up the container apps using terraform, and we just use this action to deploy it. So we would like to make sure that this action never creates the container app in case it does not exist since we want to keep controlling it through terraform.

BR,
Rasmus

containerapp job support

I would like to deploy a containerapp job. I initially tried using the parameters but it runs az containerapp create, but for jobs it should be az containerapp job create.

I also tried with yaml but it crashed with ERROR: Containerapp type must be "Microsoft.App/ContainerApps".

Am I to understand that containerapp jobs are not supported? I was surprised that there were no indications about jobs whatsoever, and in https://learn.microsoft.com/en-us/azure/container-apps/azure-resource-manager-api-spec?tabs=yaml#container-app-examples (referenced in the README) jobs seem to be referenced.

I would like to either:

See clearly if containerapp jobs are not supported, in which case an alternative would be appreciated, or;
Give a working example of how to configure containerapp jobs in this action

Thanks!

https://learn.microsoft.com/en-us/azure/container-apps/jobs?tabs=azure-cli

Deploying dotnet 7 container with provided dockerfile and resource group not working because of path issue

So I'm trying to automate the deployment of a dotnet 7 web app and I'm having some troubles.
I have the following snippet in my workflow file:

 deploy:
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    needs: [build]
    
    steps:
    - name: Log in to Azure
      uses: azure/login@v1
      with:
        creds: '{"clientId":"${{ secrets.CLIENT_ID }}","clientSecret":"${{ secrets.CLIENT_SECRET }}","subscriptionId":"xxxxx","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'

    - name: Build and deploy Container App
      uses: azure/container-apps-deploy-action@v1
      with:
        appSourcePath: ${{ github.workspace }}/be/AMP-Program
        dockerfilePath: AMP.API
        acrName: xxxx
        containerAppName: xxxxx
        resourceGroup: xxxxxxx
        runtimeStack: 'dotnetcore:7.0'

So ${{ github.workspace }}/be/AMP-Program is gonna be the path to the solution and AMP.API is the path to the project (where the docker file is).

No matter what i try, there is always some problem with the paths.

This is the docker build logs:

Run docker build \
  docker build \
    --tag xxxx.azurecr.io/github-action/container-app:4630765253.1 \
    --file /home/runner/work/internal-chocolatehorse-monorepo/internal-chocolatehorse-monorepo/be/AMP-Program/AMP.API \
    /home/runner/work/internal-chocolatehorse-monorepo/internal-chocolatehorse-monorepo/be/AMP-Program
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    AZURE_HTTP_USER_AGENT: 
    AZUREPS_HOST_ENVIRONMENT: 
    CA_GH_ACTION_START_MILLISECONDS: [168](https://github.com/valtech-b2b-commerce/internal-chocolatehorse-monorepo/actions/runs/4630765253/jobs/8192830345#step:3:180)0796956801
    CA_GH_ACTION_RESULT_ARG: --property 'result=failed'
    CA_GH_ACTION_ACR_ACCESS_TOKEN: ***
    CA_GH_ACTION_DOCKERFILE_PATH: /home/runner/work/internal-chocolatehorse-monorepo/internal-chocolatehorse-monorepo/be/AMP-Program/AMP.API
    CA_GH_ACTION_IMAGE_TO_BUILD: xxxx.azurecr.io/github-action/container-app:4630765253.1
    CA_GH_ACTION_IMAGE_TO_DEPLOY: xxxxx.azurecr.io/github-action/container-app:4630765253.1
    CA_GH_ACTION_RESOURCE_GROUP: xxxxx
    CA_GH_ACTION_RESOURCE_EXISTS: true
    CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT: xxxxxxx
    CA_GH_ACTION_RUNTIME_STACK: dotnetcore:7.0
    CA_GH_ACTION_INGRESS_ENABLED: true
    CA_GH_ACTION_INGRESS_ARG: --ingress external

After this i have this error:
unable to prepare context: path "/home/runner/work/internal-chocolatehorse-monorepo/internal-chocolatehorse-monorepo/be/AMP-Program" not found

And after that:
Error: Process completed with exit code 1.

First of all, the internal-chocolatehorse-monorepo/internal-chocolatehorse-monorepo part makes no sense, but that's coming from the github variables so I would say it is ok (My repo doesn't have any duplicate directories). But then, how is the rest of the path not found ? It's literally the path to the solution inside the repo. It's also worth mentioning that I can build the dockerfile locally.

Anyone had this issue ?

Deploy action always tries to build docker image despite specify an existing image in registry

Hi,

I'm trying to deploy a Spring boot API which is built using google JIB. The JIB plugin is also sucessfully pushing my image to the ACR. However the deploy action seems to be also trying to build its own image. If I have read the documentation correctly this should not be the case given my yml:

name: Trigger auto deployment for availability-service

# When this action will be executed
on:
  # Automatically trigger it when detected changes in repo
  push:
    branches:
      [ main ]
    paths:
      - '**'
      - '.github/workflows/availability-service-AutoDeployTrigger-6a25879c-40df-4a82-adb9-2c29787213d4.yml'

  # Allow manual trigger
  workflow_dispatch:

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    permissions:
      id-token: write #This is required for requesting the OIDC JWT Token
      contents: read #Required when GH token is used to authenticate with private repo

    steps:
      - name: Checkout to the branch
        uses: actions/checkout@v2

      - name: Azure Login
        uses: azure/login@v1
        with:
          client-id: ${{ secrets.AVAILABILITYSERVICE_AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AVAILABILITYSERVICE_AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AVAILABILITYSERVICE_AZURE_SUBSCRIPTION_ID }}

      - name: Set up JDK 17
        uses: actions/setup-java@v2
        with:
          java-version: '17'
          distribution: 'adopt'
          cache: 'gradle'

      - name: Grant execute permission for gradlew
        run: chmod +x gradlew

      # Custom build step using Gradle Jib
      - name: Build and push container image to registry
        run: |
          ./gradlew jib \
            -Djib.to.auth.username=${{ secrets.AVAILABILITYSERVICE_REGISTRY_USERNAME }} \
            -Djib.to.auth.password=${{ secrets.AVAILABILITYSERVICE_REGISTRY_PASSWORD }} \
            -Djib.to.image=testtechcontainerregistry.azurecr.io/availability-service:${{ github.sha }}

      - name: Build and push container image to registry
        uses: azure/container-apps-deploy-action@v2
        with:
          registryUrl: testtechcontainerregistry.azurecr.io
          registryUsername: ${{ secrets.AVAILABILITYSERVICE_REGISTRY_USERNAME }}
          registryPassword: ${{ secrets.AVAILABILITYSERVICE_REGISTRY_PASSWORD }}
          containerAppName: availability-service
          resourceGroup: test-tech-us
          imageToDeploy: testtechcontainerregistry.azurecr.io/availability-service:${{ github.sha }}

I would appriciate any assistance with this.

Error in action template

When running this action with the following config

      - name: Deploy Container App
        uses: azure/container-apps-deploy-action@v0
        with:
          containerAppName: ${{ env.CONTAINER_NAME }}
          resourceGroup: rg-workloads-container-apps-stg
          containerAppEnvironment: cae-workloads-external-stg
          location: australiaeast
          imageToDeploy: ${{ env.ACR_REGISTRY }}/${{ env.CONTAINER_NAME }}:${{ needs.build.outputs.version }}
          acrUsername: ${{ env.ACR_USERNAME }}
          acrPassword: ${{ secrets.ACR_PASSWORD }}
          environmentVariables: |
            ConnectionStrings__Foo=${{ env.CONNECTION_STRING }}

I get these errors on job initialization (set up job).

Error: azure/container-apps-deploy-action/v0/action.yml (Line: 275, Col: 11):
Error: azure/container-apps-deploy-action/v0/action.yml (Line: [27](https://github.com/xxx/yyyyy/actions/runs/4154099689/jobs/7186257819#step:1:31)5, Col: 11):
Error: azure/container-apps-deploy-action/v0/action.yml (Line: 275, Col: 11): Unexpected symbol: '&&'. Located at position 57 within expression: runner.os == 'Windows' && inputs.appSourcePath != '' && && env.CA_GH_ACTION_DOCKERFILE_PATH == ''
Error: azure/container-apps-deploy-action/v0/action.yml (Line: 275, Col: 11): Unexpected symbol: '${{'. Located at position 1 within expression: ${{ runner.os == 'Windows' && inputs.appSourcePath != '' && && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
Error: GitHub.DistributedTask.ObjectTemplating.TemplateValidationException: The template is not valid. azure/container-apps-deploy-action/v0/action.yml (Line: 275, Col: 11): Unexpected symbol: '&&'. Located at position 57 within expression: runner.os == 'Windows' && inputs.appSourcePath != '' && && env.CA_GH_ACTION_DOCKERFILE_PATH == '',azure/container-apps-deploy-action/v0/action.yml (Line: 275, Col: 11): Unexpected symbol: '${{'. Located at position 1 within expression: ${{ runner.os == 'Windows' && inputs.appSourcePath != '' && && env.CA_GH_ACTION_DOCKERFILE_PATH == '' }}
   at GitHub.DistributedTask.ObjectTemplating.TemplateValidationErrors.Check()
   at GitHub.Runner.Worker.ActionManifestManager.ConvertRuns(IExecutionContext executionContext, TemplateContext templateContext, TemplateToken inputsToken, String fileRelativePath, MappingToken outputs)
   at GitHub.Runner.Worker.ActionManifestManager.Load(IExecutionContext executionContext, String manifestFile)
Error: Fail to load azure/container-apps-deploy-action/v0/action.yml

Is this an error with my template or this action?

Misleading log message despite specifying containerAppEnvironment input

Hello, I am passing the environment name to which I want the container to be deployed. Despite that I see a warning log message that points to a different environment name. I do have two environments in the resource group.

My guess is that the condition to check if the specified environment already exists isn't correctly setting the flag as intended: https://github.com/Azure/container-apps-deploy-action/blob/main/action.yml#L356-L364

Image Tagging & Yaml Configuration

I've read it's not advised to use "latest" when configuring your Container App. The action when setup using the "Continuous Deployment" pane in Azure uses the commit hash which seems advisable. But as far as I can tell you can't pass parameters to the yaml file so it needs a fixed image tag. Is there a way to use this action but also use the yaml configuration? If I exclude that during the update I get errors about the registry but if I include it the tag has to be "latest".

If they were separate build & deploy steps I could update the yaml but as it's all one piece, I'm a bit lost (well, I was lost before in docker world so this cannot be attributed to this nice action).

Thoughts?

cannot remove '.../src/oryx-runtime.txt': Permission denied

Hello, I'm running into the following issue when attempting to build and deploy:

github deploy yml:

name: Azure Container Apps Deploy

on:
  push:
    branches:
      - main

jobs:
  build:
    runs-on: ubuntu-latest

    
    steps:
      - uses: actions/checkout@v3

      - name: Log in to Azure
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: Build and deploy Container App
        uses: azure/container-apps-deploy-action@v1
        
        with:
          appSourcePath: ${{ github.workspace }}/src
          acrName: budgetappr1ae0
          containerAppName: budgetapp
          resourceGroup: rg-budgetapp

I'm getting the following error:

Run azure/container-apps-deploy-action@v1
Run CA_GH_ACTION_START_MILLISECONDS=$(date +%s%N | cut -b1-13)
Run az config set extension.use_dynamic_install=yes_without_prompt
WARNING: Command group 'config' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Run CA_GH_ACTION_ACR_ACCESS_TOKEN=$(az acr login --name budgetappr1ae0 --output json --expose-token | jq -r '.accessToken')
WARNING: You can perform manual login using the provided access token below, for example: 'docker login loginServer -u 00000000-0000-0000-0000-000000000000 -p accessToken'
WARNING! Using -*** the CLI is insecure. Use --password-stdin.
Login Succeeded
Run dockerfilePath=/home/runner/work/budget-app/budget-app/src/Dockerfile
Run CA_GH_ACTION_IMAGE_TO_BUILD="budgetappr1ae0.azurecr.io/github-action/container-app:5581942329.1"
Run CA_GH_ACTION_IMAGE_TO_DEPLOY="budgetappr1ae0.azurecr.io/github-action/container-app:5581942329.1"
Run CA_GH_ACTION_RESOURCE_GROUP="rg-budgetapp"
Run az containerapp show \
WARNING: The command requires the extension containerapp. It will be installed first.
WARNING: The installed extension 'containerapp' is in preview.
Run CA_GH_ACTION_CONTAINER_APP_ENVIRONMENT="budgetapp-env"
Run docker run \
Unable to find image 'mcr.microsoft.com/oryx/cli:builder-debian-buster-[20](https://github.com/jwpaine/budget-app/actions/runs/5581942329/jobs/10200662990#step:4:22)230208.1' locally
builder-debian-buster-20230208.1: Pulling from oryx/cli
d42a0fb443d7: Pulling fs layer
f390d[41](https://github.com/jwpaine/budget-app/actions/runs/5581942329/jobs/10200662990#step:4:45)539fb: Pulling fs layer
103b21370b9f: Pulling fs layer
f7571ea34: Verifying Checksum
...
205ffbb9f89d: Pull complete
Digest: sha256:2d5eaa1e75ef73b5bf461a573d8fdf40cb7bc[159](https://github.com/jwpaine/budget-app/actions/runs/5581942329/jobs/10200662990#step:4:170)6be2f0b044f5eb0231a8e94c
Status: Downloaded newer image for mcr.microsoft.com/oryx/cli:builder-debian-buster-[202](https://github.com/jwpaine/budget-app/actions/runs/5581942329/jobs/10200662990#step:4:213)30[208](https://github.com/jwpaine/budget-app/actions/runs/5581942329/jobs/10200662990#step:4:219).1
Error: Could not detect the language from repo.
rm: cannot remove '/home/runner/work/budget-app/budget-app/src/oryx-runtime.txt': Permission denied
Error: Process completed with exit code 1.

Any idea what I can try to get around the rm: cannot remove '/home/runner/work/budget-app/budget-app/src/oryx-runtime.txt': Permission deniedissue?

Thank you!

Location : Canada Central

When I use container-apps-deploy-action I have Location : Canada Central for container-app, Log Analytics workspace and Container Apps Environment
Can it be set somehow ?

How define tags to the container-app?

I want to create a container-app with some tags. My organization has some tag policies that I need to set.

Support additional config

I am using yaml to configure size and scaling rules for my conatiner apps right now.
It would be great if this action could also support some advanced config to make the switch easier.

Create secrets as part of container app create/update

Hi,
I am using the action to deploy the containerapp.

My containerapp contains some environment variables which are sensitive. Hence I am relying on using containerapp secrets and referring the same in environmentVariables. The action I have currently is as follows:

- name: Build and deploy Container App
  uses: azure/container-apps-deploy-action@v1
  with:
    acrName: ${{ env.ACR_NAME }}
    acrUsername: ${{ secrets.ACR_CLIENT_ID }}
    acrPassword: ${{ secrets.ACR_CLIENT_SECRET }}
    imageToDeploy: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
    resourceGroup: ${{ env.RESOURCE_GROUP }}
    containerAppEnvironment: ${{ env.CONTAINER_APP_ENV }}
    containerAppName: ${{ env.CONTAINER_APP }}
    ingress: external
    targetPort: 5000
    disableTelemetry: true
    environmentVariables: "DATABASE_URL=secretref:db-url KEYCLOAK_CLIENT_SECRET=secretref:keycloak-client-secret"

It looks like this action will suceed only if the secret already exists. This means that this is more useful in update scenarios.

It would be very convenient if we could have created the secrets as part of the action and then use them within environmentVariables. Is this a possibility ?

@cormacpayne,how to pass the env variable from github action pipeline

how to pass the env variable from github action pipeline
config.yaml

location: centralus
name: ${{ env.CONTAINER_APP }}
resourceGroup: $NEW_ACR_RESOURCE_GROUP
type: Microsoft.App/containerApps
properties:
managedEnvironmentId: /subscriptions/${{ env.AZURE_SUBSCRIPTION_ID }}/resourceGroups/$NEW_ACR_RESOURCE_GROUP/providers/Microsoft.App/managedEnvironments/${{ env.CONTAINER_APP_ENV }}
configuration:
activeRevisionsMode: Single
ingress:
external: true
allowInsecure: false
targetPort: 80
traffic:
- latestRevision: true
weight: 100
transport: Auto
registries:
- passwordSecretRef: ${{ secrets.CONTAINERPASSWORD }}
server: ${{ env.registryuri }}
username: ${{ secrets.CONTAINERUSERNAME }}
template:
revisionSuffix: ""
containers:
- image: $imageToBuild
name: ${{ env.IMAGE_NAME }}
env:
- name: HTTP_PORT
value: 80
- name: queue_name
value: abc
resources:
cpu: 0.5
memory: 1Gi
ephemeralStorage: 2Gi
scale:
maxReplicas: 10
minReplicas: null
rules: null

github action.yaml

name: IDR Soar Pipeline
on:
workflow_dispatch:
push:
branches:
- main
tags:
- test-*
- demo-*
pull_request:
types: [opened, synchronize, reopened]
branches:
- main
#concurrency:

group: ${{ github.workflow }}-${{ github.event_name }}

env:
REGISTRY: abh
IMAGE_NAME: idrsoaragent
ACR_RESOURCE_GROUP: -data-recommender
ACR_NAME: new
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_NONPROD_SUBSCRIPTION_ID }}
CONTAINER_APP: api

jobs:
#codeql:

uses: ./.github/workflows/codeql-analysis.yml

#sonar:

uses: ./.github/workflows/sonar_setup.yml

secrets:

SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

build:
runs-on: [ self-hosted ]

needs: [codeql, sonar]

name: docker build-push-deploy
steps:
  - uses: actions/checkout@v3
  - id: env_setup
    run: |
      chmod +x ./env_setup.sh
      ./env_setup.sh ${{ github.event_name }} ${{ github.ref_type }} ${{ github.ref_name }}

  - uses: actions/checkout@v3

  - name: Create pip.conf
    run: |
      mkdir -p ~/.config/pip/
      sudo chmod -R 750 ~/.config/pip/
      cat <<EOF | sudo tee ~/.config/pip/pip.conf
      [global]
      index = https://repo1.uhc.com/artifactory/api/pypi/pypi-virtual
      index-url = https://repo1.uhc.com/artifactory/api/pypi/pypi-virtual/simple
      EOF

  - uses: actions/setup-python@v4
    with:
      python-version: '3.10'

  - name: Install dependencies
    run: |
      pip install --upgrade pip
      pip install pylint

  #- name: Run Pylint
  #  run: pylint ${{ github.workspace }}/src

  - name: Azure Login
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  - name: Set new env variable
    id: set_vars_pr
    run: |
      registryuri="abx.azurecr.io"
      NEW_ACR_RESOURCE_GROUP="$ACR_RESOURCE_GROUP-centralus-${{ steps.env_setup.outputs.build_env }}"
      NEW_IMAGE_NAME=${{ env.IMAGE_NAME }}
      NEW_ACR_NAME=${{ env.ACR_NAME }}
      keyvault="idr-vault-${{ steps.env_setup.outputs.build_env }}-6bc2d247"
      container_app="api-${{ steps.env_setup.outputs.build_env }}"
      echo "registryuri=$registryuri"  >>$GITHUB_ENV
      echo "NEW_ACR_RESOURCE_GROUP=$NEW_ACR_RESOURCE_GROUP"  >>$GITHUB_ENV
      echo "NEW_IMAGE_NAME=$NEW_IMAGE_NAME"  >>$GITHUB_ENV
      echo "NEW_ACR_NAME=$NEW_ACR_NAME"  >>$GITHUB_ENV
      echo "keyvault=$keyvault"  >>$GITHUB_ENV
      echo "container_app=$container_app"  >>$GITHUB_ENV

  - name: Azure ClI script
    id: step_one_pr
    uses: azure/CLI@v1
    with:
      InlineScript: |
        echo secret= $(az keyvault secret show --vault-name $keyvault --name SERVICEBUS-KEY --query value)>> $GITHUB_ENV
        VAULT_NAME=$keyvault
        echo VAULT_ENDPOINT=$(az keyvault show --name $VAULT_NAME --query "properties.vaultUri" -o tsv)>> $GITHUB_ENV
        echo VAULT_ENDPOINT=$(az keyvault show --name $VAULT_NAME --query "properties.vaultUri" -o tsv)>> $GITHUB_ENV
        echo ${{ github.sha }}

  - name: config setup and docker build/push to dev env
    env:
      BUILD_ARGS: |
        --build-arg VAULT_ENDPOINT=${{ env.VAULT_ENDPOINT }}
        --build-arg AZURE_CLIENT_ID=${{secrets.AZURE_CLIENT_ID}}
        --build-arg AZURE_CLIENT_SECRET=${{secrets.AZURE_CLIENT_SECRET}}
        --build-arg AZURE_TENANT_ID=${{secrets.AZURE_TENANT_ID}}
    run: |
      docker_filepath="./src/agent/Dockerfile"
      context_path="./src/agent"
      date=$(date +%Y%m%d%H%M%S)
      docker build -f $docker_filepath -t $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }} $context_path $BUILD_ARGS
      az acr login --name $NEW_ACR_NAME --resource-group $ACR_RESOURCE_GROUP
      docker push $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }}
   #   az containerapp update -n $container_app -g $NEW_ACR_RESOURCE_GROUP --image $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }}

  - name: Build and deploy Container App
    uses: azure/container-apps-deploy-action@v1
    with:
      appSourcePath: ${{ github.workspace }}/src/soar_agent
      acrName: abc
      registryuri: $registryuri
      acrUsername: ${{ secrets.CONTAINERUSERNAME }}
      acrPassword: ${{ secrets.CONTAINERPASSWORD }}
      containerAppName: apps
      resourceGroup: $NEW_ACR_RESOURCE_GROUP
      containerAppEnvironment: idr-cae-centralus-${{ steps.env_setup.outputs.build_env }}
      imageToBuild: $registryuri/$NEW_IMAGE_NAME:${{ steps.env_setup.outputs.build_tag }}