In modern software development workflows, automation is key to streamlining processes and increasing productivity. One common task is building Docker images and deploying them to container registries for seamless integration and deployment. In this guide, we’ll explore how to automate this process using GitHub Actions, a powerful continuous integration and continuous deployment (CI/CD) platform.
Overview
Our goal is to create a GitHub Actions pipeline that builds a Docker image and pushes it to an Azure Container Registry. This pipeline will be triggered on every push to the repository, ensuring that our Docker image is always up to date with the latest changes in our codebase.
Setting Up the Repository
First, let’s ensure our repository is properly set up. For demonstration purposes, I’ve created a sample repository named dockerimge_cloud_registry, which contains the necessary files for our Docker image and pipeline. You can find the repository at GitHub – littleworks-inc/dockerimge_cloud_registry.
GitHub Actions Pipeline
Our GitHub Actions pipeline is defined in a YAML file named azure-pipeline.yml. Let’s break down the key components of this pipeline:
# azure-pipeline.yml
name: Azure Build and publish a Docker image
on:
push:
branches:
- '*'
env:
container_registry: devtoolhub
IMAGE_NAME: azurecli
jobs:
build:
name: Azure Build & push docker image
runs-on: ubuntu-latest
steps:
# Checkout the source code
- name: Checkout
uses: actions/checkout@v3
# Debugging output
- name: Debug
run: |
echo "github.ref -> {{ github.ref }}"
# Lint Dockerfile using Hadolint
- name: lint Action for Azure
uses: hadolint/[email protected]
with:
dockerfile: azure/Dockerfile
ignore: DL3018,SC2046,DL4006
failure-threshold: warning
no-color : false
no-fail: true
# Log in to Azure Container Registry
- name: Azure Credentials
uses: azure/docker-login@v1
with:
login-server: ${{ env.container_registry }}.azurecr.io
username: ${{ secrets.AZURE_CLIENT_ID }}
password: ${{ secrets.ARM_CLIENT_SECRET }}
# Build Docker image
- name: Build Docker image
run: docker build . --file "azure/Dockerfile" --tag ${{ env.container_registry }}.azurecr.io/${{ env.IMAGE_NAME }}
# Push Docker image to Azure Container Registry
- name: Push Docker image
run: docker push ${{ env.container_registry }}.azurecr.io/${{ env.IMAGE_NAME }}
# Run Trivy vulnerability scanner
- name: Run Trivy vulnerability scanner
id: docker-scan
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.container_registry }}.azurecr.io/${{ env.IMAGE_NAME }}:latest'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
Explanation
- Trigger: The pipeline is triggered on every push to any branch.
- Environment Variables: Defines variables such as the container registry name and image name.
- Secrets: GitHub repository secrets are used to securely store sensitive information such as Azure credentials.
AZURE_CLIENT_ID: Azure client ID for authentication.ARM_CLIENT_SECRET: Azure client secret for authentication.- Steps: Each step in the pipeline performs a specific task, such as linting the Dockerfile, logging in to Azure Container Registry, building and pushing the Docker image, and scanning it for vulnerabilities using Trivy.
Conclusion
With this GitHub Actions pipeline in place, we’ve automated the process of building and deploying Docker images to Azure Container Registry. This not only saves time but also ensures consistency and reliability in our deployment process. Feel free to customize this pipeline according to your project requirements and scale it as needed.
For the complete pipeline code and more details, visit GitHub – littleworks-inc/dockerimge_cloud_registry.
Stay tuned for more automation tips and tricks!