I have a public GitHub repository with a minimal R application and a Dockerfile: https://github.com/gontcharovd/minimal-shiny-app
My goal is to:
- Build a Docker image
- Push the image to Azure Container Registry
- Deploy the image to Azure App Service
Essentially, it's exactly what's described in this Microsoft Learn article: https://learn.microsoft.com/en-us/azure/app-service/deploy-container-github-action?tabs=publish-profile
However, I would like to do this with GitHub Actions and Bicep (instead of Azure CLI) so that it's completely IaC.
For this, I wrote the following main.bicep file:
param containerImage string = 'minimal-shiny-app'
param containerImageTag string = 'latest'
param location string = 'westeurope'
// define unique service names
var webAppName = 'webbApp${uniqueString(resourceGroup().id)}'
var webAppServicePlanName = 'webbAppServicePlan${uniqueString(resourceGroup().id)}'
var webSiteName = toLower(webAppName)
var containerRegistryName = 'containterregistry${uniqueString(resourceGroup().id)}'
// variables
var roleDefinitionID = '7f951dda-4ed3-4680-a7ca-43fe172d538d' // AcrPull
var linuxFxVersion = 'DOCKER|${containerRegistry.name}.azurecr.io/${containerImage}:${containerImageTag}'
var registryServerUrl = '${containerRegistry.name}.azurecr.io'
var roleAssignmentName= guid(roleDefinitionID, resourceGroup().id)
resource containerRegistry 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = {
name: containerRegistryName
location: location
sku: {
name: 'Basic'
}
properties: {
adminUserEnabled: true
}
}
resource webAppServicePlan 'Microsoft.Web/serverfarms@2020-06-01' = {
name: webAppServicePlanName
location: location
properties: {
reserved: true
}
sku: {
name: 'F1'
}
kind: 'linux'
}
resource webApp 'Microsoft.Web/sites@2022-03-01' = {
name: webSiteName
location: location
kind: 'app,linux,container'
identity: {
type: 'SystemAssigned'
}
properties: {
reserved: true
serverFarmId: webAppServicePlan.id
siteConfig: {
linuxFxVersion: linuxFxVersion
acrUseManagedIdentityCreds: true
}
}
}
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: roleAssignmentName
scope: resourceGroup()
properties: {
description: 'AcrPull'
principalId: webApp.identity.principalId
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionID)
principalType: 'ServicePrincipal'
}
}
resource sourceControl 'Microsoft.Web/sites/sourcecontrols@2022-03-01' = {
name: 'web'
parent: webApp
properties: {
branch: 'main'
deploymentRollbackEnabled: false
gitHubActionConfiguration: {
containerConfiguration: {
imageName: containerImage
serverUrl: registryServerUrl
username: containerRegistry.name
password: 'thisIsNotARealPassword'
}
generateWorkflowFile: true
isLinux: true
}
isGitHubAction: true
isManualIntegration: false
repoUrl: 'https://github.com/gontcharovd/minimal-shiny-app'
}
}
Deploying this bicep file results in the following cryptic error:
ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"<Error xmlns=\\\"http://schemas.microsoft.com/windowsazure\\\" xmlns:i=\\\"http://www.w3.org/2001/XMLSchema-instance\\\"><Code>BadRequest</Code><Message>Repository 'UpdateSiteSourceControl' operation failed with System.NullReferenceException: Object reference not set to an instance of an object.
\\n at Microsoft.Web.Hosting.Administration.GitHubActionConfigurationExtensions.ContainerUsername(GitHubActionConfiguration gitHubActionConfiguration)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<CreateOrUpdateGitHubActionSecret>d__19.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<UpdateSiteSourceControl>d__16.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.<>c__DisplayClass347_1.<<UpdateSiteSourceControl>b__1>d.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.AsyncHelper.RunSync[TResult](Func`1 func)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.UpdateSiteSourceControl(String subscriptionName, String webspaceName, String name, SiteSourceControl siteSourceControl).</Message><ExtendedCode>05007</ExtendedCode><MessageTemplate>Repository '{0}' operation failed with {1}.</MessageTemplate><Parameters xmlns:a=\\\"http://schemas.microsoft.com/2003/10/Serialization/Arrays\\\"><a:string>UpdateSiteSourceControl</a:string><a:string>System.NullReferenceException: Object reference not set to an instance of an object.
\\n at Microsoft.Web.Hosting.Administration.GitHubActionConfigurationExtensions.ContainerUsername(GitHubActionConfiguration gitHubActionConfiguration)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<CreateOrUpdateGitHubActionSecret>d__19.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<UpdateSiteSourceControl>d__16.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.<>c__DisplayClass347_1.<<UpdateSiteSourceControl>b__1>d.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.AsyncHelper.RunSync[TResult](Func`1 func)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.UpdateSiteSourceControl(String subscriptionName, String webspaceName, String name, SiteSourceControl siteSourceControl)</a:string></Parameters><InnerErrors i:nil=\\\"true\\\"/><Details i:nil=\\\"true\\\"/><Target i:nil=\\\"true\\\"/></Error>\",\r\n \"Target\": null,\r\n \"Details\": [\r\n {\r\n \"Message\": \"<Error xmlns=\\\"http://schemas.microsoft.com/windowsazure\\\" xmlns:i=\\\"http://www.w3.org/2001/XMLSchema-instance\\\"><Code>BadRequest</Code><Message>Repository 'UpdateSiteSourceControl' operation failed with System.NullReferenceException: Object reference not set to an instance of an object.
\\n at Microsoft.Web.Hosting.Administration.GitHubActionConfigurationExtensions.ContainerUsername(GitHubActionConfiguration gitHubActionConfiguration)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<CreateOrUpdateGitHubActionSecret>d__19.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<UpdateSiteSourceControl>d__16.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.<>c__DisplayClass347_1.<<UpdateSiteSourceControl>b__1>d.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.AsyncHelper.RunSync[TResult](Func`1 func)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.UpdateSiteSourceControl(String subscriptionName, String webspaceName, String name, SiteSourceControl siteSourceControl).</Message><ExtendedCode>05007</ExtendedCode><MessageTemplate>Repository '{0}' operation failed with {1}.</MessageTemplate><Parameters xmlns:a=\\\"http://schemas.microsoft.com/2003/10/Serialization/Arrays\\\"><a:string>UpdateSiteSourceControl</a:string><a:string>System.NullReferenceException: Object reference not set to an instance of an object.
\\n at Microsoft.Web.Hosting.Administration.GitHubActionConfigurationExtensions.ContainerUsername(GitHubActionConfiguration gitHubActionConfiguration)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<CreateOrUpdateGitHubActionSecret>d__19.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<UpdateSiteSourceControl>d__16.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.<>c__DisplayClass347_1.<<UpdateSiteSourceControl>b__1>d.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.AsyncHelper.RunSync[TResult](Func`1 func)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.UpdateSiteSourceControl(String subscriptionName, String webspaceName, String name, SiteSourceControl siteSourceControl)</a:string></Parameters><InnerErrors i:nil=\\\"true\\\"/><Details i:nil=\\\"true\\\"/><Target i:nil=\\\"true\\\"/></Error>\"\r\n },\r\n {\r\n \"Code\": \"BadRequest\"\r\n },\r\n {\r\n \"ErrorEntity\": {\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"<Error xmlns=\\\"http://schemas.microsoft.com/windowsazure\\\" xmlns:i=\\\"http://www.w3.org/2001/XMLSchema-instance\\\"><Code>BadRequest</Code><Message>Repository 'UpdateSiteSourceControl' operation failed with System.NullReferenceException: Object reference not set to an instance of an object.
\\n at Microsoft.Web.Hosting.Administration.GitHubActionConfigurationExtensions.ContainerUsername(GitHubActionConfiguration gitHubActionConfiguration)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<CreateOrUpdateGitHubActionSecret>d__19.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<UpdateSiteSourceControl>d__16.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.<>c__DisplayClass347_1.<<UpdateSiteSourceControl>b__1>d.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.AsyncHelper.RunSync[TResult](Func`1 func)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.UpdateSiteSourceControl(String subscriptionName, String webspaceName, String name, SiteSourceControl siteSourceControl).</Message><ExtendedCode>05007</ExtendedCode><MessageTemplate>Repository '{0}' operation failed with {1}.</MessageTemplate><Parameters xmlns:a=\\\"http://schemas.microsoft.com/2003/10/Serialization/Arrays\\\"><a:string>UpdateSiteSourceControl</a:string><a:string>System.NullReferenceException: Object reference not set to an instance of an object.
\\n at Microsoft.Web.Hosting.Administration.GitHubActionConfigurationExtensions.ContainerUsername(GitHubActionConfiguration gitHubActionConfiguration)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<CreateOrUpdateGitHubActionSecret>d__19.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.GitHubActionRepositoryProvider.<UpdateSiteSourceControl>d__16.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.<>c__DisplayClass347_1.<<UpdateSiteSourceControl>b__1>d.MoveNext()
\\n--- End of stack trace from previous location where exception was thrown ---
\\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
\\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
\\n at Microsoft.Web.Hosting.AsyncHelper.RunSync[TResult](Func`1 func)
\\n at Microsoft.Web.Hosting.Administration.WebCloudController.UpdateSiteSourceControl(String subscriptionName, String webspaceName, String name, SiteSourceControl siteSourceControl)</a:string></Parameters><InnerErrors i:nil=\\\"true\\\"/><Details i:nil=\\\"true\\\"/><Target i:nil=\\\"true\\\"/></Error>\"\r\n }\r\n }\r\n ],\r\n \"Innererror\": null\r\n}"}]}}
Besides the error I have a few questions:
- Why are username and password required parameters in
containerConfiguration
if the authentication is performed through RBAC with a Managed identity?
- How can this password be known before the ACR is created? It's defined and deployed in this bicep file and there is no parameter to set the password in
Microsoft.ContainerRegistry/registries@2021-06-01-preview
.
- Is it even possible to configure everything in bicep? Or will there always be some manual configuration required in GitHub?