Storing Docker based GitHub runner containers on Azure Container Registry (ACR)

Overview

All of the code used on this tutorial may be discovered on my GitHub challenge: docker-github-runner-windows or docker-github-runner-linux.

Welcome to Half 3 of my sequence: Self Hosted GitHub Runner containers on Azure.

Partly one and two of this sequence, we checked out how we will create home windows and linux container photographs utilizing docker after which working our self hosted GitHub runners as containers on a Digital Machine working docker.

As within the first two elements of this sequence, as an alternative of getting ready a Digital Machine with docker, we’re going to use CI/CD in GitHub utilizing GitHub Actions to construct our docker containers after which push the docker photographs to a registry we’ll create and host in Azure referred to as Azure Container Registry (ACR).

Partly 4 of this weblog sequence we’ll cowl how we will use Azure Container Situations (ACI) to run photographs from the distant registry hosted in Azure.

Pre-Requisites

We might want to put together a number of issues first. You may clone and use my GitHub repositories docker-github-runner-windows or docker-github-runner-linux, or just observe alongside these steps.

Issues we’ll want are:

• An Azure Container Registry (ACR)
• A GitHub Account and repository linked with Azure

Arrange an Azure Container Registry (ACR)

For this step I’ll use a PowerShell script, Deploy-ACR.ps1 working Azure-CLI, to create a Useful resource Group and an Azure Container Registry the place we will push docker photographs to:

#Log into Azure
#az login

# Setup Variables.
$randomInt = Get-Random -Most 9999
$resourceGroupName = "Demo-Azure-Container-Registry"
$area = "uksouth"
$acrName = "pwd9000registry$randomInt"

# Create a useful resource resourceGroupName
az group create --name "$resourceGroupName" --location "$area"

# Create an ACR (Fundamental)
az acr create --resource-group "$resourceGroupName" `
    --name "$acrName" `
    --sku "Fundamental" `
    --admin-enabled "false"

Make a remark of the Login Server FQDN from the newly created ACR as we’ll use this worth later in a GitHub Secret for pushing photographs to the ACR:

Configure GitHub repository and hyperlink with Azure

Subsequent we’ll configure a Service Principal to hyperlink our GitHub repository and workflows with Azure.

We’ll grant the principal entry to the Azure Container Registry to permit us to construct and push photographs to the ACR.

For this step I’ll use a PowerShell script, Prepare-RBAC-ACR.ps1 working Azure-CLI. This script will:

• Create a Service Principal which we will hyperlink with our GitHub repository
• Grant Pull/Push entry over the Azure Container Registry (ACR) we created earlier

#Log into Azure
#az login

# Setup Variables. (present your ACR identify)
$appName="GitHub-ACI-Deploy"
$acrName="<ACRName>"
$area = "uksouth"

# Create AAD App and Service Principal and assign to RBAC Position to push and pull photographs from ACR
$acrId = az acr present --name "$acrName" --query id --output tsv
az advert sp create-for-rbac --name $appName `
    --role "AcrPush" `
    --scopes "$acrId" `
    --sdk-auth

Within the script above, the 'az advert sp create-for-rbac' command will create an AAD app & service principal and can output a JSON object containing the credentials of the service principal:

Copy this JSON object as we’ll add this as a GitHub Secret. You’ll solely want the sections with the clientId, clientSecret, subscriptionId, and tenantId values:

{
  "clientId": "<GUID>",
  "clientSecret": "<PrincipalSecret>",
  "subscriptionId": "<GUID>",
  "tenantId": "<GUID>"
}

NOTE: I named my Service principal App GitHub-ACI-Deploy. We have now 'AcrPush' permissions on our Service Principal which can permit us to Pull and Push photographs to the ACR:

Subsequent we’ll copy that JSON object Service Principal credentials, in addition to a number of different GitHub Secrets and techniques to our GitHub repository:

• Within the GitHub UI, navigate to your repository and choose Settings > Secrets and techniques > Actions:

• Choose New repository secret so as to add the next secrets and techniques:

NOTE: Be certain that to additionally save these GitHub Secrets and techniques within a key vault for later use as we can be utilizing the identical values to deploy Azure Container Situations within the subsequent weblog submit on this sequence.

Construct and Push docker picture to ACR

With all of the repository secrets and techniques now arrange, we can be making a GitHub workflow to construct our docker picture and in addition push our picture to the Azure Container Registry utilizing a number of GitHub Actions.

In elements one and two of this weblog sequence we created some scripts and a dockerfile within a folder after which constructed the docker photographs on our home windows 11 machine utilizing Docker-Desktop and Docker-Compose.

However now with these scripts and docker recordsdata in supply management within a GitHub repository (windows repo / linux repo), we will use GitHub Actions to construct the pictures as an alternative utilizing CI/CD.

Create a brand new workflow beneath the GitHub repository that comprises the dockerfile:

You need to use this: Windows_Container_Workflow for Home windows containers.

identify: Windows_Container_Workflow

on:
  workflow_dispatch:

env:
  RUNNER_VERSION: 2.293.0

jobs:
  build-and-push:
    runs-on: windows-latest
    steps:
      # checkout the repo
      - identify: 'Checkout GitHub Motion'
        makes use of: actions/checkout@essential

      - identify: 'Login through Azure CLI'
        makes use of: azure/login@v1
        with:
          creds: ${{ secrets and techniques.AZURE_CREDENTIALS }}

      - identify: 'Construct and push picture'
        makes use of: azure/docker-login@v1
        with:
          login-server: ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}
          username: ${{ secrets and techniques.REGISTRY_USERNAME }}
          password: ${{ secrets and techniques.REGISTRY_PASSWORD }}
      - run: |
          docker construct --build-arg RUNNER_VERSION=${{ env.RUNNER_VERSION }} -t ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-win:${{ env.RUNNER_VERSION }} .
          docker push ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-win:${{ env.RUNNER_VERSION }}

Or you need to use this: Linux_Container_Workflow for Linux containers.

identify: Linux_Container_Workflow

on:
  workflow_dispatch:

env:
  RUNNER_VERSION: 2.293.0

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      # checkout the repo
      - identify: 'Checkout GitHub Motion'
        makes use of: actions/checkout@essential

      - identify: 'Login through Azure CLI'
        makes use of: azure/login@v1
        with:
          creds: ${{ secrets and techniques.AZURE_CREDENTIALS }}

      - identify: 'Construct and push picture'
        makes use of: azure/docker-login@v1
        with:
          login-server: ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}
          username: ${{ secrets and techniques.REGISTRY_USERNAME }}
          password: ${{ secrets and techniques.REGISTRY_PASSWORD }}
      - run: |
          docker construct --build-arg RUNNER_VERSION=${{ env.RUNNER_VERSION }} -t ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-lin:${{ env.RUNNER_VERSION }} .
          docker push ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-lin:${{ env.RUNNER_VERSION }}

Discover that our set off is ready to on: workflow_dispatch:. This enables us to set off the construct manually.

NOTE: This workflow will construct a self hosted GitHub runner container picture utilizing a runner model specified with an atmosphere variable env: RUNNER_VERSION: 2.293.0. The picture may also be tagged with the runner model when created and pushed to the ACR within the following step:

#Home windows
- run: |
    docker construct --build-arg RUNNER_VERSION=${{ env.RUNNER_VERSION }} -t ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-win:${{ env.RUNNER_VERSION }} .
    docker push ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-win:${{ env.RUNNER_VERSION }}

or on the linux workflow:

#Linux
- run: |
    docker construct --build-arg RUNNER_VERSION=${{ env.RUNNER_VERSION }} -t ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-lin:${{ env.RUNNER_VERSION }} .
    docker push ${{ secrets and techniques.REGISTRY_LOGIN_SERVER }}/pwd9000-github-runner-lin:${{ env.RUNNER_VERSION }}

You may see the newest runner agent variations right here: GitHub Runner Releases

After triggering the workflow, the construct can take a couple of minutes to finish. After completion you will note the docker picture was pushed in to the Azure Container Registry:

You can even see extra info on learn how to use the picture:

Home windows runner

Linux runner

With our photographs now hosted on a distant registry in Azure (ACR), within the subsequent a part of this sequence we’ll have a look at how we will pull the pictures from the registry and run our self hosted GitHub runners on Azure Container Situations (ACI).

I hope you’ve gotten loved this submit and have discovered one thing new. You will discover the code samples used on this weblog submit on my GitHub challenge: docker-github-runner-windows or docker-github-runner-linux. ❤️

Creator

Like, share, observe me on: 🐙 GitHub | 🐧 Twitter | 👾 LinkedIn