How to set up CI/CD for container web app in vnet, pulling image from ghcr.io

Nick Hughes 0 Reputation points
2024-10-01T08:40:35.5+00:00

Hi

I have a web app for containers that pulls an image from ghcr.io using github actions workflow. I want to deploy the web app in a virtual network and followed the steps in the docs for virtual network integration, I have also created a service principal using az ad sp create-for-rbac, added the azure/login function to the deployment and removed the publish profile authentication.

When these steps are taken, the docker build process completes successfully, the deploy also completes successfully but I receive Warning: Error: Failed to update deployment history.

Ip Forbidden (CODE: 403)

If you can point me in the right direction that would be fantastic.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,775 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ajkuma 26,136 Reputation points Microsoft Employee
    2024-10-03T18:27:19.6266667+00:00

    Nick Hughes, Apologies for the delayed response.

    Based on my understanding of your issue description, the docker builds successful, but the error message you received indicates that there might be an issue with the authentication.

    Just to clarify, is this issue confined to this specific WebApp? does it occur locally? If you haven't done this already, to isolate the issue:

    You may navigate, could you please go to your App Service >> Networking> Access Restrictions blade and allow the rule under the scm site.
    Set up Azure App Service access restrictions

    Verify that the virtual network is set up properly to permit traffic from the WebApp. Also, please ensure that the subnet of the virtual network has a service endpoint for Azure Container Registry (ACR), and check that the web app's subnet is configured to allow traffic from the virtual network.

    Please check if the IP address of the web app is allowed to access the virtual network. You can do this by verifying that the virtual network's network security group (NSG) allows traffic from the web app's IP address.

    Kindly let us know how it goes, I'll follow-up with you further.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.