This example project shows how Buildah, Dive, and Skopeo can be used with GitHub Actions, GitHub Container Registry, and Azure Container Registry. 🚀
site is built, pushed to a "dev" registry, tested for optimization, then pushed to a "prod" registry.
- Create an Azure Container Registry (CLI docs)
- Create a service principal that has push access to the registry (docs)
- Create a GitHub Personal Access Token (PAT) with scopes necessary to push an image to GitHub Container Registry
Required secrets:
CR_PAT- PAT w/ proper scopes for GHCRAZ_LOGIN- Azure Service Principal IDAZ_PASSWORD- Azure Service Principal PasswordAZ_REGISTRY- Azure Container Registry name
Upon push to site or manual trigger, ci.yml kicks off, building a container image out of site using Buildah, tagging it with the Git sha and pushing it to GitHub Container Registry. We're using GHCR as our "dev" registry in this case. This image is private by default and will be available on your user or organization profile, eg. https://github.com/octocat?tab=packages. The workflow then pulls it down again to run optimization tests, and finally pushes it to Azure Container Registry, our "prod" registry.
Adapted from mkdev's tutorial: https://www.youtube.com/watch?v=aViKsSEGwOc