az acr build dockerfile secret declaration - azure

I am trying to pass secrets using build secret argument (values passed through github secrets) as mentioned in Microsoft documentation, how should I utilize these secrets in my dockerfile?
Currently I'm using ARG but looking at articles it isn't the best way.
Docker build:
az acr build -r $registry -f $resolvedDockerFilePath --platform $platform --image "$($Env:PROJECT_ENGAGEMENT):$($Env:DEPLOYMENT_VERSION)" --image "$($Env:PROJECT_ENGAGEMENT):latest" --secret-build-arg GITHUB_AUTH_TOKEN="$githubApiKey" --secret-build-arg LW_AGENT_TOKEN="$ENV:LW_AGENT_ACCESS_TOKEN" .
}
I've tried using ARG in dockerfile but it exposes the secrets in layers.Looking at similar posts most of them mention secret mounting from a file, but I'm not using any file to pass secrets.
How these secrets should be consumed inside dockerfile?

Related

How to copy images from GHCR to ACR

Looking for an example in GitHub actions workflow to clone a specifc image name by commit SHA from GHCR (GitHub registry) to ACR (Azure registry) with a need to copy all the tags and labels from the source repository to the target.
At the moment, I'm using Docker pull and push commands, but didn't find a way to fetch all the tags for given image sha from GHCR.
Appreciate your help,
Thanks.
I tried in my environment and got beow results:
To copy Github container registry to azure container registry, You can use the following this command.
Command:
az login
az acr login -n < your acr container registry >
az acr import \
--name <container registry > \
--source <ghcr.io/< username >/image:latest \
--username <Git-hub RegistryUsername> \
--password <Git-hub RegistryPassword>
Console:
Portal:
For more reference:
Import container images - Azure Container Registry | Microsoft Learn

Az acr build command info needed

As per the documentation https://learn.microsoft.com/en-us/azure/container-registry/container-registry-quickstart-task-cli the below command builds and pushes to registry. What if I need only build and then push based on my interest .Because I have to scan image before pushing it.
az acr build --image sample/hello-world:v1
--registry myContainerRegistry008
--file Dockerfile .
Note: There is no docker daemon installed on the system.
As suggested in the Azure Documentation ,You can use --no-push flag in the az acr build command to build the docker file & not to push it to the registry,
Here is the sample output for reference :

Azure az cli Docker Hub Web App ressource configuration

I'm trying to setup a script for automate the creation of a new environment for my app, and i need a docker webapp.
The problem is that i need to pull the image from docker hub.
When i create an env from the interface in juste setup it like that :
The problem is that i don't find out how i can configure the "Source de registre" on Docker Hub by the az cli.
For now the command i'm using to create a new web app ressource is this one
az webapp create -g name_of_group -p name_of_plan -n resource-test2 -i https://registry.hub.docker.com/publisher/name_of_image:version -s name_of_image -w my_password
The problem of this command is that it give me this configuration
Which doesn't work because i can't get logged in (probably because it's not configured as a Docker Hub registre).
Do you know how i can specify this configuration in my az cli command ? Thanks
To deploy the images stored in a private registry or the Docker Hub, you can set the environment variables below:
DOCKER_REGISTRY_SERVER_USERNAME - The username for the ACR server.
DOCKER_REGISTRY_SERVER_URL - The full URL to the ACR server. (For example, https://my-server.azurecr.io.)
DOCKER_REGISTRY_SERVER_PASSWORD - The password for the ACR server.
Get more details here. And you can use the CLI command az webapp config appsettings set to do it.
Recently had the same problem deploying azure cloud webapp from a container in my private docker hub repo. UI experience works fine but when I do it using azure cli with 'az webapp create ...' ended up with same problem. I was able to fix it by using 'az webapp config container set ...' command after creating the webapp. See below and in my github repo
# First create the webapp with a docker container:
~$ az webapp create -n $webAppName -g $resGroup -p $servicePlan -i $containerImg -s $dockerUsr -w $dockerPass --tags Lifecycle=Test
# Update docker container settings with your private docker hub repo credentials:
~$ az webapp config container set --name $webAppName --resource-group $resGroup --docker-custom-image-name 'DOCKER|dockeruser/myrepo:tweb1' --docker-registry-server-url 'https://index.docker.io/v1' --docker-registry-server-user 'dockeruser' --docker-registry-server-password 'xxxxxxxxxxx'

ACR build command not building Dockerfile

I am trying to execute the following Azure CLI command targeting the Dockerfile in the root folder.
az acr build --registry <REGISTRY_NAME> --image myimage:latest .
And I get a '.' doesn't exist error.
Am I missing something basic here ?

Docker commands in Azure

Maybe I do not understand the concept of Azure Container Instances (ACI) and Azure at all correctly. I am using Azure CLI on my Windows-Computer and want to create a Windows-container (core-image) with dockerfile. But there is no AZ command available. I am able to create a container, there is no problem. But not with a dockerfile. Is there a possibility to run docker commands for Azure (Azure CLI, Azure bash, Azure powershell)? Maybe somebody can clarify my misunderstanding.
Many thanks in advance, J.
Of curse, yes, you can use the Azure CLI command to build containers with Dockerfile. But there is a queue for the steps.
The docker image is the first step, you can use the CLI command az acr build to build the image directly in the ACR, with your Dockerfile. For example, the Dockerfile is in your local machine and it's windows image:
az acr build -t sample/hello-world:{{.Run.ID}} -r MyRegistry . --platform windows
The ACI is the second step, CLI command az container create will help you to create the container instance with your images. The example command here:
az container create -g MyResourceGroup --name mywinapp --image winappimage:latest --os-type Windows --cpu 2 --memory 3.5
Once you have your image, you should publish it to Azure Container Registry or Docker Hub.
Take a look on the following links, it provides the information to:
Create a container image for deployment to Azure Container Instances
Deploy the container from Azure Container Registry
Deploy your application
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-tutorial-prepare-app
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-tutorial-prepare-acr
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-tutorial-deploy-app
I have recently done the same thing. I have deployed my windows service to Azure Container Instance through Azure Container Registry. Here is step by step process you need to follow. Before performing these steps you need to have published folder of application. You need to install Docker Desktop in your machine.
Create Dockerfile with below commands and put it inside published folder:
FROM mcr.microsoft.com/dotnet/framework/runtime:4.8-windowsservercore-ltsc2019
COPY . .
ENTRYPOINT Application.exe
Here you need to use base file as per your neeed. You can find Windows base images [here][1]
Now navigate to this directory(published folder path) in Powershell and execute below command:
docker image build -t IMAGE_NAME:TAG . -- name of the image with tag
docker run --rm IMAGE_NAME:TAG -- you can run it locally
Now to push this image to Azure, below are the commands. First login into azure and then azure container registery.
az login -- it will navigate to browser for login
docker login ACR_LOGIN_SERVER_NAME -u ACR_USERNAME --password ACR_PASSWORD
docker tag IMAGE_NAME:TAG ACR_LOGIN_SERVER_NAME/IMAGE_NAME:TAG -- tag local image to azure inside ACR
docker push ACR_LOGIN_SERVER_NAME/IMAGE_NAME:TAG -- push image to ACR
Once you have pushed docker image to ACR, you can see it under Repositories in ACR. Based on this repository, you need to create Azure Container Instance to run your docker image.
To create ACI, click on "Create a resource" and select Containers > Container Instances. Here, you need to key some info like resource group and docker image credentials. Make sure you select Private as Image type and key image registry credentials. This ACI deployment process may take couple of minutes as it will fetch the docker image and then deploy. Once deployment is done, you will see Container running and you can check logs as well.
Hope it helps!!

Resources