Automating Docker Deployments to Azure with GitHub Actions: A Step-by-Step Guide

In this article, we'll walk through how to automate your container deployment process using Azure Container Registry (ACR) and Azure Container Instances (ACI), all triggered from GitHub Actions. You’ll learn how to set up your resources, link them with GitHub, and automate deployments in a way that can fit right into your workflow.

Why Should You Care?

Imagine you’ve just finished building a cool app or service, and now you need to deploy it somewhere. You don’t want to manually build Docker images, push them to a registry, and then manually deploy them every time you make a change. Automating this process saves time and reduces the risk of mistakes!

What We'll Cover:

1. Prerequisites
2. Setting Up Azure Resources
3. Creating an Azure Service Principal
4. GitHub Secrets and Workflows
5. How the Automation Works
6. Running It Yourself
7. Helpful Tips and Troubleshooting

Let’s dive in!

1. Prerequisites

Before you get started, make sure you have:

• An Azure account with an active subscription.
• A GitHub account.
• The Azure CLI and Docker installed locally.

Tools we'll be using:

• Azure CLI: This is your command-line interface for managing Azure resources.
• Docker: You’ll need this to build your application images.
• GitHub Actions: This will automate your deployment pipeline.

Terms to know

ACR - Azure container registry

ACI - Azure container instances

2. Setting Up Azure Resources

First, we need to create a resource group and a container registry in Azure to store our Docker images.

1. Create a Resource Group: Think of a resource group as a folder where you organize your Azure resources.

   az group create --name <your-resource-group> --location <location>

1. Create Azure Container Registry (ACR): This is where your Docker images will be stored.

   az acr create --resource-group <your-resource-group> --name <your-registry-name> --sku Basic

3. Creating an Azure Service Principal

To allow GitHub Actions to access Azure resources, we’ll create something called a Service Principal. It’s like giving GitHub a key to open the door to your Azure account.

1. Run this command to create the service principal:

   az ad sp create-for-rbac --name "GitHubAction" --role contributor \
   --scopes /subscriptions/<subscription-id>/resourceGroups/<your-resource-group>/providers/Microsoft.ContainerRegistry/registries/<your-registry-name> \
   --sdk-auth

1. Save the JSON output from this command. We’ll use it later in GitHub as a secret to authenticate.

4. GitHub Secrets and Workflows

4.1 Add Secrets to GitHub

In your GitHub repository:

1. Go to Settings > Secrets and variables > Actions.
2. Add the following secrets:
   • AZURE_CREDENTIALS: Paste the JSON output from the Service Principal.
   • REGISTRY_LOGIN_SERVER: Your Azure Container Registry URL (e.g., <your-registry-name>.azurecr.io).
   • REGISTRY_USERNAME: The client ID from the service principal JSON.
   • REGISTRY_PASSWORD: The client secret from the service principal JSON.

4.2 Create GitHub Workflows

Workflows are the steps that tell GitHub Actions what to do. We’ll create two workflows: one to build and push your Docker image to ACR, and another to deploy the image to ACI.

ACR Build and Push Workflow:

This workflow will build your Docker image and push it to ACR every time you push code to the main branch.

name: Build and Push to ACR

on:
  push:
    branches: [ main ]

jobs:
  build-and-push:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2

      - name: 'Login to Azure'
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: 'Build and push image'
        run: |
          docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/app:latest
          docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/app:latest

ACI Deployment Workflow:

This workflow will deploy your container to Azure when you trigger it manually.

name: Deploy to ACI

on:
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: 'Login to Azure'
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: 'Deploy to Azure Container Instances'
        uses: 'azure/aci-deploy@v1'
        with:
          resource-group: <your-resource-group>
          dns-name-label: myappdeployment
          image: ${{ secrets.REGISTRY_LOGIN_SERVER }}/app:latest
          location: 'eastus'
          cpu: 1
          memory: 1.5
          ports: 80

5. How the Automation Works

• ACR Build and Push Workflow:

  • Triggered when you push code to the main branch.
  • Logs into Azure, builds the Docker image, and pushes it to the registry.

• ACI Deployment Workflow:

  • Manually triggered.
  • Logs into Azure and deploys the Docker image from ACR to ACI.

6. Running It Yourself

1. Push your code to the main branch, and the build and push workflow will trigger automatically.
2. To deploy, go to the GitHub Actions tab and manually trigger the ACI deployment workflow.

7. Helpful Tips and Troubleshooting

• Keep Secrets Safe: Make sure your GitHub secrets are correctly set up. If something isn’t working, it’s often an issue with secrets.
• Double-Check Logs: If the deployment fails, check the logs in the Azure portal or in the GitHub Actions logs for more detailed error messages.
• Manage Docker Images: Over time, you may want to delete old Docker images from ACR to save space.

Conclusion

With just a few steps, you can automate your Docker deployments to Azure, saving time and avoiding manual mistakes. By using GitHub Actions and Azure services together, you’re taking a big step toward a more efficient and reliable workflow!

Feel free to share any questions or tips in the comments below!