Pushing to Azure with Wercker

Wercker is a company that enables development teams to achieve their CI/CD goals with microservices and Docker.

Faiq Raza
Faiq Raza
January 26, 2017

Wercker now supports pushing to Azure Container Registry! Setting up a dependable and reproducible pipeline has never been easier.

Here's what we need to do to get there:

  1. Create an Azure Container Registry! Here's a guide to get you set up with your own container registry.
  2. Set up a service account with the proper permissions for your Container Registry
  3. Configure your Container Registry to have an admin account

The first thing we're going to do is download the Azure CLI tool from here, and install it with the proper instructions for your given system. For my Macbook, I ran the following commands:

curl -L https://aka.ms/InstallAzureCli | bash

After installing the Azure CLI, we're going to login with our credentials by running az login and following the subsequent instructions.

Now that we've got the Azure CLI setup and running, we're going to create a service account for your registry.

az ad sp create-for-rbac --scopes /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myresourcegroup/providers/Microsoft.ContainerRegistry/registries/myregistry --role Contributor --password myPassword

Which gives us the following response:

{
  "appId": ${APP-ID},
  "displayName": "azure-cli-2017-01-25-21-47-27",
  "name": "http://azure-cli-2017-01-25-21-47-27",
  "password": "myPassword",
  "tenant": ${TENNANT-ID}
}

Save these credentials, as we'll be using them later on. The next step is to configure keys so we can programmatically access the Azure API on behalf of this user. We will use the azure portal to do this.

On the Azure portal we're going to select Azure Active Directory:

 

alt text

 

On the next screen select App Registrations:

 

alt text

 

Click the entry for the service principal that we created in the previous step, select keys, set the description and expiration date, and finally click save.

Once again, hold on to the key that we created! We'll be using it in just a sec!

That's all the configuration for Azure. Let's move on to the Wercker pipeline that we'll use to push an alpine image to our private container registry:

We'll name this pipeline azure-push:

box:
  id: alpine
  cmd: /bin/sh
azure-push:
  steps:
    - script:
        code: |
          echo 'hi from alpine'
    - internal/docker-push:
        azure-client-id: $AZURE_CLIENT_ID
        azure-client-secret: $AZURE_CLIENT_SECRET
        azure-subscription-id: $AZURE_SUBSCRIPTION_ID
        azure-tenant-id: $AZURE_TENANT_ID
        azure-resource-group: $AZURE_RESOURCE_GROUP
        azure-registry-name: $AZURE_REGISTRY_NAME
        azure-login-server: $AZURE_LOGIN_SERVER
        repository: alpine

There are a lot fields here, so let's break down what they are and where to get the proper value for them.

  • $AZURE_CLIENT_IDis the appID in the response after running az ad sp create-for-rbac --scopes /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/myresourcegroup/providers/Microsoft.ContainerRegistry/registries/myregistry --role Contributor --password myPassword
  • $AZURE_CLIENT_SECRETis the key that you created in the Azure Portal for the appID above
  • $AZURE_SUBSCRIPTION_IDcan also be found in the create service principal command, it's the xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx part of the command
  • $AZURE_TENANT_IDis the "tenant" field in the response for the create service administrator account
  • $AZURE_RESOURCE_GROUPis the name of the resource group your registry is in$AZURE_REGISTRY_NAMEis the name of your registry.
  • $AZURE_LOGIN_SERVERis the URL for your registry. You can find it by going on the azure portal and clicking your registry.

That's all for now! Have fun pushing to Azure!

Like Wercker?

We’re hiring! Check out the careers page for open positions in Amsterdam, London and San Francisco.

As usual, if you want to stay in the loop follow us on twitter @wercker or hop on our public slack channel. If it’s your first time using Wercker, be sure to tweet out your #greenbuilds, and we’ll send you some swag!

Topics: Containers, Tutorials