Hello!

Here is my reproduction step:

• Build docker image with GH Actions (docker/build-push-action@v3)
• Push docker image to Azure Container Registry with GH Actions. (docker/build-push-action@v3)
• Deploy the pushed image to Container Instances with GH Actions with log-analytics-workspace and log-analytics-workspace-key (azure/aci-deploy@v1)

Of course, it must be a first creation, and not an update, otherwise it is not does not work.
At this point, everything seems to work as expected, the container group logs are aggregated into the "Azure Log Analytics workspace".

Nevertheless, if we launch again the same GH actions pipeline after any commit, the azure/aci-deploy@v1 doesn't deploy the new image, Azure ACI don't receive any event. The worst, is that there is no error triggered, nothing.

If you remove afterward the log-analytics-workspace-* keys, azure/aci-deploy@v1 work again as expected, and without a need to destroy a rebuild the container group. (the connexion with "Azure Log Analytics workspace" is of course broken at this point).

Here is an example of pipeline :

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Cache Docker layers
        uses: actions/cache@v3
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
      - name: 'Login to Azure Container Registry'
        uses: docker/login-action@v2
        with:
          registry: ${{ secrets.REGISTRY_LOGIN_SERVER }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      -
        name: 'Build and push'
        uses: docker/build-push-action@v3
        with:
          context: .
          file: packages/backend/Dockerfile
          platforms: linux/amd64,linux/arm64
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
          push: true
          tags: |
            ${{ secrets.BACKEND_IMAGE_NAME }}
      - name: 'Login via Azure CLI'
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
      - name: 'Deploy to Azure Container Instances'
        uses: 'azure/aci-deploy@v1'
        with:
          resource-group: ${{ secrets.ACI_RESOURCE_GROUP }}
          dns-name-label: ${{ secrets.ACI_DNS_RESSOURCE_GROUP }}
          image: ${{ secrets.BACKEND_IMAGE_NAME }}
          registry-login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
          registry-username: ${{ secrets.REGISTRY_USERNAME }}
          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
          log-analytics-workspace: ${{ secrets.AZ_LOG_AGGREGATOR_WORKSPACE_ID }}
          log-analytics-workspace-key: ${{ secrets.AZ_LOG_AGGREGATOR_WORKSPACE_KEY }}
          cpu: 4
          memory: 4
          ports: ${{ secrets.BACKEND_PORTS }}
          name: ${{ secrets.ACI_CONTAINER_GROUP_NAME }}
          location: ${{ secrets.ACI_LOCATION }}
      - name: Move Docker Cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

Why it is a problem?

We cannot configure "Azure Log Analytics workspace" with this github action.

How would be better?

1. Raise error is something is not written as expected with log-analytics-workspace and log-analytics-workspace-key
2. Update the Azure ACI if everything is fine

Regards,

Following this:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-container-group-ssl

I'd like to deploy a asp.net core web app with SSL support via Nginx sidecar. However, there doesn't seem to be a way to either specify a yml/yaml file with this config or as an input in the action.yml. If you had an action UseSSL: Nginx as a value, that would be great for it to do it for me else have an action for file: myapp.yaml and pass in the base64 encode certs and nginx.conf.

Hi, im using this action for testing deployment from ACR to ACI and get the following error:
Error: The server '' in the 'imageRegistryCredentials' of container group 'timekeeping-container' is invalid. It should be a valid host name without protocol.

Here is my workflow file:

name: Build and deploy timekeeping app

on:
  push:
    branches: [ master ]

jobs:

  build_and_deploy:

    runs-on: ubuntu-latest

    steps:
    - name: Checkout master branch
      uses: actions/checkout@v2
      
    - name: Azure authorization
      uses: azure/[email protected]
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}  
      
    - name: Login to private azure container registry
      uses: azure/docker-login@v1
      with:
        login-server: registry.azurecr.io
        username: ${{ secrets.REGISTRY_USERNAME }}
        password: ${{ secrets.REGISTRY_PASSWORD }}
        
    - name: Build and push to private azure container registry
      run: |
        docker build -t registry.azurecr.io/timekeeping-app:latest .
        docker push registry.azurecr.io/timekeeping-app:latest
        
    - name: Deploy container to an azure container instance
      uses: 'azure/aci-deploy@v1'
      with:
        resource-group: docker-registry
        dns-name-label: timekeeping-app
        image: registry.azurecr.io/timekeeping-app:latest
        registry-username: ${{ secrets.REGISTRY_USERNAME }}
        registry-password: ${{ secrets.REGISTRY_PASSWORD }}
        name: timekeeping-container
        location: 'west europe'

Hello,
I have a security related issue with secure-environment-variables parameter of the pipeline.

I wanted to declare env secrets in pipeline, so the action would not overwrite the values setted in Container Instances in Azure Portal. Hre is my usage of the Action

- name: 'Deploy to Azure Container Instances'
      uses: 'azure/aci-deploy@v1'
      with:
        resource-group: ${{ secrets.RESOURCE_GROUP }}
        dns-name-label: backend-name
        image: ${{ secrets.REGISTRY_LOGIN_SERVER }}/image-name:${{ github.sha }}
        registry-login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
        registry-username: ${{ secrets.REGISTRY_USERNAME }}
        registry-password: ${{ secrets.REGISTRY_PASSWORD }}
        name: backend-name
        location: 'westeurope'
        ports: 80 8080 8070
        restart-policy: 'OnFailure'
        memory: 1
        secure-environment-variables: DB_URL="${{ secrets.DB_URL }}" DB_NAME="${{ secrets.DB_NAME }}" DB_PRIMARY_KEY="${{ secrets.DB_PRIMARY_KEY }}"

Expectation

I expected that when I look at properties of the container in azure portal I would see name of variables but not the values.

** Reality **

There were both name and values of the properites.

Description:

Hello, hope you're good. After reading the documentation, I noticed that we can only specify a single image to be deployed in the ACI, but in my use case I need to deploy other containers as well.

When using the CLI I can use the docker compose to deploy all the required containers to the Azure Container Group.

Is it possible to use this same approach with this Action?

When the ip-address setting is set to Private the deployment fails with the following error "The Value of IP Address must be either Public or Private".

I suspect this issue will be true for all other properties that have either or options such as os-type, protocol, restart-policy.

Would be good to support this as well?

Hello!

I wanted to to use this action for the following use-case:

• Build docker image with GH Actions
• Push docker image to Azure Container Registry with GH Actions
• Deploy the pushed image to Container Instances with GH Actions (this action does it actually)

Description

For some reason it failed and GH Actions log said that if I wish to update memory, cpu, os, restart strategy (and whatnot) I should delete and create a new ACI.

After some thinking I checked the actions.yml and I found these optional inputs with default values:

• cpu (default is: 1)
• memory (default is: 1.5)
• restart-policy (default is: Always)

However I created my ACI with 2 cpus, 7GB memory, and OnFailure restart policy.

After I set these optional inputs to actual values in my GitHub Action deployment works.

Why it is a problem?

I simple want to deploy a new image from the container registry to the container instance. I create my ACI with arm template or Bicep and I don't want to define cpu, memory, os (etc) specific metadata during this action.

How would be better?

If someone does not defines these inputs, don't set a default value to it. If the action cannot update ACI without them, make these inputs required without default values.

Regards,
roncsak

When I create a container it shows the ip address. I can retrieve that ip address with the below command.

cmd="az container show \
-n $CONTAINER \
--query ipAddress.ip \
-o tsv \
-g $RG"

The problem is, that is not the ip address under which the container actually runs. When checking container logs in azure portal, I see the error that says the server is trying to connect to my database under a different ip. I need that ip to be able to configure server firewall.

  az sql server firewall-rule create \
  -g $DB_RG \
  -s $DB_SERVER \
  -n $FIREWALL_RULE \
  --start-ip-address $IP \
  --end-ip-address $IP

How to retrieve the correct ip dynamically so it can be set in create-container script?

I'm trying to deploy an ACI with the aci-deploy action, which has always worked until recently. Now I suddenly get this error:

Error: Encountered an internal server error. The tracking activity id is '..., correlation id is '...'

I've tried omitting optional parameters, but nothing seems to work. I've requested support from Microsoft, but wasn't able to resolve the issue.

I'd be grateful if you could help me get it to work again.

Here's my workflow file:

name: Deploy ACI

on: 
  workflow_call:
    inputs:
      environment:
        required: true
        type: string
      resource_group:
        required: true
        type: string
      acr_name:
        required: true
        type: string
      short_name:
        required: true
        type: string
      aci_name:
        required: true
        type: string
      cpu:
        required: true
        type: string
      memory:
        required: true
        type: string

    secrets:
      azure_credentials:
        required: true


jobs:
  deploy-aci:
    name: Deploy ACI
    runs-on: ubuntu-latest
    environment: ${{ inputs.environment }}
    steps:
      - uses: actions/checkout@v2
      - uses: azure/login@v1
        with:
          creds: ${{ secrets.azure_credentials }}
      - run: |
          export username=$(az acr credential show --name ${{ inputs.acr_name }} --resource-group ${{ inputs.resource_group }} --query 'username' --output tsv)
          echo "acr_username=$username" >> $GITHUB_OUTPUT
        name: 'Get ACR username'
        id: acr_username_step  
      - run: |                   
          password=$(az acr credential show --name ${{ inputs.acr_name }} --resource-group ${{ inputs.resource_group }} --query 'passwords[0].value' --output tsv)
          echo "acr_password=$password" >> $GITHUB_OUTPUT
        name: 'Get ACR Password'
        id: acr_password_step
      - name: 'Deploy to Azure Container Instances'
        uses: 'azure/aci-deploy@v1'
        with:
          resource-group: ${{ inputs.resource_group }}
          dns-name-label: ${{ inputs.resource_group }}${{ github.run_number }}
          image: ${{ inputs.acr_name }}.azurecr.io/${{ inputs.short_name }}-${{ inputs.environment }}-image:${{ github.run_number }}
          registry-login-server: '${{ inputs.acr_name }}.azurecr.io'
          registry-username: ${{ steps.acr_username_step.outputs.acr_username }}
          registry-password: ${{ steps.acr_password_step.outputs.acr_password }}
          name: ${{ inputs.aci_name }}
          location: 'west europe'
          cpu: ${{ inputs.cpu }}
          memory: ${{ inputs.memory }}
          restart-policy: 'Never'

    outputs:
      acr_username: ${{ steps.acr_username_step.outputs.acr_username }}
      acr_password: ${{ steps.acr_password_step.outputs.acr_password }}

For some reason the 'deploy' step of the CI workflow keeps failing with the following error:

Run azure/login@v1
  with:
    creds: ***
    enable-AzPSSession: false
    environment: azurecloud
    allow-no-subscriptions: false
    audience: api://AzureADTokenExchange
/usr/bin/az cloud set -n azurecloud
Done setting cloud: "azurecloud"
Error: : No subscriptions found for ***.

Error: Az CLI Login failed. Please check the credentials. For more information refer aka.ms/create-secrets-for-GitHub-workflows

The workflow.yml has automatically been created after setting up CI in the Azure Container Apps Page. I have registered the application in AAD and added a secret to the CI. I can see that the secrets.AZURE_CREDENTIALS value is also updated together with the workflow (and the registry credentials). The App registration has the "Cloud application administrator" role.
I've deleted and recreated the Container App & AAD registration multiple times without luck.

The only thing that comes to my mind is that 2 days ago ownership of the subscription was transferred to me, not sure if that could be causing any problems?

I've configured these workflows for a few GitHub repositories, including this repository without any issues so I'm really not sure what's going on. Maybe it's just me messing up somewhere in the process, please let me know if you have any ideas about what I could be doing wrong this time. Thanks!

Edit: I tried running the workflow with the allow-no-subscriptions: true setting, however, now the deployment fails a few steps later: ERROR: cli.azure.cli.core.azclierror: The containerapp 'actions-test-app' does not exist (created a new test Container App).

Environment variables that are registered using the secure-environment-variables syntax are grouped together with the environment-variables and the values of the variable are visible in plain text in the container properties.

Please add some guidance on how to properly deploy a .NET 8 container to ACI , that is running as non-root user and wants to listen to port 80.

There's some recent changes in .NET 8 as described here:
https://learn.microsoft.com/en-us/dotnet/core/compatibility/containers/8.0/aspnet-port

The change to the port number was made because of the need to provide a good usability experience when switching to a non-root user. Running as a non-root user requires the use of a non-privileged port in some environments. Since port 80, the previous default port, is a privileged port, the default was updated to port 8080, which is a non-privileged port.

So, what is the guidance, if I want to expose 80, can I do that as a non-root user or how do I avoid running my container as a non-root user?

confusing times...

The Problem

This action adds support for the basic Azure CLI deploy commands. However, there are some circumstances like supporting multiple volumes or configuring the container's resources (CPU, RAM) where the Azure CLI, and therefore this action, are unable to address.

The Azure CLI solves these limitations using the file configuration option

# Deploy with YAML template
az container create --resource-group myResourceGroup --file deploy-aci.yaml

The solution

Add support for the file configuration in this action.

https://docs.microsoft.com/en-us/azure/templates/microsoft.containerinstance/containergroups?tabs=json

Related Issues

#62

The source of truth for this repository is typescript code which is transpiled into JavaScript. Since we are storing both TS and JS code (which is derived from the former), it leads to issues like #59

Question: why are we storing JS? Can we do without it?

This issue is marked need-to-triage for generating issues report.

Originally posted by @github-actions[bot] in #39 (comment)

Hi,

If I have an environment variable which contains an "=", it does not behave properly. For example,

environment-variables: key1=this-is-=some=value

gets stored as key1=this-is-

The Problem

I'm trying to run a container that has multiple volumes mounts.

For example, my docker-compose would look something like:

version: '3.8'

services:
  my-container:
    image: my-container-image
    ports:
      - 3001:3001
      - 3333:3333
    environment:
      - SOME_ENV=<env-value>
    volumes:
      - vol1_host:/vol1
      - vol2_host:/vol2

volumes:
  vol1_host:
  vol2_host:

I've created two Azure Storage Shares vol1_host and vol2_host using the same Azure Storage Account.

Now I need to connect my two volumes using the aci-deploy action, but I can not find any example of what is the syntax for multiple volumes.

How to support multiple pairs of azure-file-volume-share-name and azure-file-volume-mount-path?

I have been using this action for a while and it has worked great. But I never realized that I might need/should set the CPU/RAM for my very tiny Linux containers (using like 100MB ram). I discovered that the containers have a 1.5 GB ram as default and I think that is way to big for the average container.

So, my suggestion is to add the CPU and memory as parameters in the examples found in the README.md, so it makes it more explicit and clear that you can/should configure them.

Also make it clear where I can find all the possible parameters that I can set. Perhaps some guidance and best-practices for a production and painless operation. I found it hard where to find them. Also do include the minimum value for CPU/RAM that you can set in action.yml.

Logging this request to tag a new release of this action as it looks like a fix has been merged that addresses a bug relating to the parsing of secrets/strings. There have been a few issues/PR raised for the handling of = in environment secrets

• #13
• #10
• #14
• #8

--

The following was Originally posted by @mitsha-microsoft in #8 (comment)

@jesseward yes simply pointing to aci-deploy@master won't work since it's not a good advice to point directly to the master branch. Forwarding your issue to @narula0781 and @ashishonce who can release a new version of this action with the updates.

There is a bug here.
This will throw error for anything except "Always"

I have to run an application that is dependent on three docker images that communicate to each other.
While we are able to create a new multi-container group using a YAML where the developer mentions the configurations of multiple images. az contianer --name <> --resource-group <> --file <>
Our Azure/aci-delpoy does not have a file argument here.
Does Azure/aci-deploy support multiple container group deployment? If so please help me understand how to do that?

Hi there

Just raising this, as it does not look like there is already an issue for this, but I am getting two warnings in my actions that use aci-deploy:

Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: Azure/aci-deploy

The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

It would be nice if someone could make sure aci-deploy is updated, to we can get rid of these warnings 😅

Thanks!

Not sure if I understand what is happening in the following piece:

This can also be observed if I use Terraform azurerm_container_group resource to deploy the same container group instance and have both environment_variables and secure_environment_variables defined in both places.

For example, if my github workflow goes like this:

    [...]
    - name: Deploy to Azure Container Instances
      uses: azure/aci-deploy@v1
      with:
        [...]
        environment-variables: FOO = "bar"
        secure-environment-variables: BAR = "foo"

And my TF goes like this

resource "azurerm_container_group" "containergroup" {

   [...]
   container {
     [...]
     environment_variables = {
      FOO = "bar"
     }
     secure_environment_variables = {
      BAR = "foo"
     }
  }
}

Then terraform plan will find BAR among clear text variables

          ~ environment_variables        = { # forces replacement
              - "BAR"  = "foo" -> null
            }

One can also confirm the secure env vars are stored as clear text using az container show or in the azure portal
Example

$ az container show -g my-group --name my-container | jq .containers[].environmentVariables
[
  {
    "name": "BAR",
    "secureValue": null,
    "value": "foo"
  },

Hi folks,

I'm trying to specify the os-type as Windows. Regardless of how I specify it, it doesn't seem to satisfy the parameter. Here's my github action step ...

      - uses: Azure/aci-deploy@v1
        with:
          name: xxx
          image: xxx.azurecr.io/xxx:${{ github.event.release.tag_name }}
          os-type: "Windows"
          location: "South Central US"
          dns-name-label: xxx
          resource-group: xxx
          registry-username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
          registry-password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
          registry-login-server: xxx.azurecr.io

And below is the error output ...

Error: Error: The Value of OS Type must be either Linux or Windows only!

During azure/aci-deploy@v1 you get the following warning.

https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

It would be create to point to a docker-compose file.

Hi, this is a great action. I need also to start, stop and restart the instances. Therefore I would need a wrapper for

az container start
az container stop
az container restart

Is it in the scope of this action to wrap this commands, or would it better to make another action for that?

I'm trying to use the master branch of azure/aci-deploy since v1 contains the error with set-env in @actions/core (which was fixed with #27), but now I'm getting an error where the '@actions/core' module can't be found.

I tried forking the repo and creating a v2 to see if that would resolve it, but no luck.

2020-11-17T15:17:51.9589709Z ##[group]Run azure/aci-deploy@master
2020-11-17T15:17:51.9590224Z with:
2020-11-17T15:17:51.9590722Z   resource-group: ***
2020-11-17T15:17:51.9591312Z   dns-name-label: prd-container-iati-devops
2020-11-17T15:17:51.9592322Z   image: ***/prd-cont-img-iati-devops:36f5112357cf884cc63a105829a2ef08ec56bb2c
2020-11-17T15:17:51.9593256Z   registry-login-server: ***
2020-11-17T15:17:51.9594072Z   registry-username: ***
2020-11-17T15:17:51.9594694Z   registry-password: ***
2020-11-17T15:17:51.9595205Z   name: prd-container-iati-devops
2020-11-17T15:17:51.9595700Z   location: uksouth
2020-11-17T15:17:51.9596040Z   cpu: 1
2020-11-17T15:17:51.9596402Z   ip-address: Public
2020-11-17T15:17:51.9596753Z   memory: 1.5
2020-11-17T15:17:51.9597085Z   os-type: Linux
2020-11-17T15:17:51.9597461Z   ports: 80
2020-11-17T15:17:51.9597789Z   protocol: TCP
2020-11-17T15:17:51.9598198Z   restart-policy: Always
2020-11-17T15:17:51.9598562Z env:
2020-11-17T15:17:51.9598898Z   STAGE: prd
2020-11-17T15:17:51.9599537Z   IMAGE_NAME: cont-img-iati-devops
2020-11-17T15:17:51.9600110Z   CONTAINER_NAME: container-iati-devops
2020-11-17T15:17:51.9600675Z   TAG: 36f5112357cf884cc63a105829a2ef08ec56bb2c
2020-11-17T15:17:51.9601173Z   AZURE_HTTP_USER_AGENT: 
2020-11-17T15:17:51.9601581Z   AZUREPS_HOST_ENVIRONMENT: 
2020-11-17T15:17:51.9602095Z   DOCKER_CONFIG: /home/runner/work/_temp/docker_login_1605626249059
2020-11-17T15:17:51.9602546Z ##[endgroup]
2020-11-17T15:17:51.9931218Z internal/modules/cjs/loader.js:800
2020-11-17T15:17:51.9931730Z     throw err;
2020-11-17T15:17:51.9932094Z     ^
2020-11-17T15:17:51.9932299Z 
2020-11-17T15:17:51.9933146Z Error: Cannot find module '@actions/core'
2020-11-17T15:17:51.9933619Z Require stack:
2020-11-17T15:17:51.9934657Z - /home/runner/work/_actions/azure/aci-deploy/master/lib/main.js
2020-11-17T15:17:51.9936232Z     at Function.Module._resolveFilename (internal/modules/cjs/loader.js:797:15)
2020-11-17T15:17:51.9937274Z     at Function.Module._load (internal/modules/cjs/loader.js:690:27)
2020-11-17T15:17:51.9937983Z     at Module.require (internal/modules/cjs/loader.js:852:19)
2020-11-17T15:17:51.9938601Z     at require (internal/modules/cjs/helpers.js:74:18)
2020-11-17T15:17:51.9939952Z     at Object.<anonymous> (/home/runner/work/_actions/azure/aci-deploy/master/lib/main.js:19:27)
2020-11-17T15:17:51.9940618Z     at Module._compile (internal/modules/cjs/loader.js:959:30)
2020-11-17T15:17:51.9941345Z     at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
2020-11-17T15:17:51.9941991Z     at Module.load (internal/modules/cjs/loader.js:815:32)
2020-11-17T15:17:51.9942627Z     at Function.Module._load (internal/modules/cjs/loader.js:727:14)
2020-11-17T15:17:51.9943404Z     at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10) ***
2020-11-17T15:17:51.9944191Z   code: 'MODULE_NOT_FOUND',
2020-11-17T15:17:51.9944913Z   requireStack: [ '/home/runner/work/_actions/azure/aci-deploy/master/lib/main.js' ]
2020-11-17T15:17:51.9945465Z ***
2020-11-17T15:17:52.0025493Z Post job cleanup.

Hi there. I'm in the progress of moving my deployment from GCP to Azure, and came across an error that has me feeling pretty stuck.

I've been following this guide, except that I'm using Github Packages instead of ACR

steps:
  - name: Checkout
    uses: actions/checkout@v2

  - name: Push to Github Packages
    uses: docker/build-push-action@v1
    with:
      path: backend
      username: ${{ github.actor }}
      password: ${{ secrets.GITHUB_TOKEN }}
      registry: docker.pkg.github.com
      repository: andrioid/howbs/howbs-backend
      tags: ${{ env.GITHUB_SHA }}
      tag_with_ref: true
      tag_with_sha: true

steps:
  - name: "Login via Azure CLI"
    uses: azure/login@v1
    with:
      creds: ${{ secrets.AZURE_CREDENTIALS }}

  # Its amazing how crappy these docs are
  - name: "Deploy to Azure Container Instances"
    uses: "azure/aci-deploy@v1"
    with:
      resource-group: ${{ secrets.AZURE_RESOURCE_GROUP }}
      dns-name-label: ${{ secrets.AZURE_RESOURCE_GROUP }}${{ github.run_number }}
      image: docker.pkg.github.com/andrioid/howbs/howbs-backend:${{ github.sha }}
      registry-login-server: docker.pkg.github.com
      registry-username: andrioid
      registry-password: ${{ secrets.GITHUB_TOKEN }}
      name: howbs-backend
      location: "westeurope"

</details>

Hello, I am trying to use this workflow to deploy my latest docker image from ACR onto ACI. I am getting the following error:

##[error]Error: The server '$IMAGE_SERVER' in the 'imageRegistryCredentials' of container group 'somevalue-container' is invalid. It should be a valid host name without protocol.

• The value of $IMAGE_SERVER is in the format somevalue.azurecr.io

Is there any way to restart the container instances after the system has updated through aci?

Setting below

    - name: 'Deploy'
      uses: azure/aci-deploy@v1
      with:
        resource-group: ${{ secrets.AZURE_RESOURCE_GROUP }}
        registry-login-server: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}
        registry-username: ${{ secrets.AZURE_REGISTRY_USERNAME }}
        registry-password: ${{ secrets.AZURE_REGISTRY_PASSWORD }}
        name: $DEPLOYMENT_NAME
        image: $IMAGE:$GITHUB_SHA
        location: 'south central us'
        os-type: Windows
        cpu: 4
        memory: 16
        environment-variables: DOTNET_ENVIRONMENT=Production
        restart-policy: OnFailure
        dns-name-label: $DEPLOYMENT_NAME
        ip-address: Private

throws the error below

Error: DNS name label for container group is only supported when IP Address type is public.

and removing dns-name-label throws the error below

Error: Input required and not supplied: dns-name-label

Hello!

I'm running into an issue, when I deploy a docker container to Azure Container Instances.
The deployment is successful and the container is running on the Azure container Instances and works great. This isn't reflected in GitHub-Actions though, there this step in my workflow file is still running. This step runs for 30 mins and then fails, because of its length. This is the Error:

Error: Long running operation failed with error: "pulling image "***/***_celery@sha256:67a5f6b08d8d2ca11f9990a88b6d195c50623d11fd5fd90e2cc866f185f4bc";Successfully pulled image "***/***_celery@sha256:67a5f6b08d8d2ca11f9990a88b6d195c50623d141d5fd90e2cc866f185f4bc";Started container;Killing container with id a6e32d3618b10e8cd39e65222c528626d9f817b25675a361cf664e0f2b0cf9.;pulling image "***/***_celery@sha256:d98f340067dba7a356dcb4265f369f7168b32b00e377862499ecaabdafe0f2";Successfully pulled image "***/***_celery@sha256:d98f340067dba7a356dcb4265f369f7168b320e54377862499ecaabdafe0f2";Started container;pulling image "***/***_celery@sha256:3d40fbf58a48a147543b35e701c25f2d4f284100f1203e26fd70540a7fe85e";Successfully pulled image "***/***_celery@sha256:3d40fbf58a48a147543b35e701c25f2d4f284100f1df3e26fd70540a7fe85e";Started container;Subscription deployment didn't reach a successful provisioning state after '00:30:00'.".

As I said, everything works fine on Azure, only the Action is marked as failed.

I start my container like this:
exec supervisord -c /etc/supervisor/conf.d/supervisord.conf

This is the part of my workflow:
`- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

• name: 'Deploy celery to Azure Container Instances'
  uses: 'azure/aci-deploy@v1'
  with:
  resource-group: myResourceGroup
  dns-name-label: my-dns-name-label
  image: myregistry/myimage:${{ github.sha }}
  registry-login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
  registry-username: ${{ secrets.REGISTRY_USERNAME }}
  registry-password: ${{ secrets.REGISTRY_PASSWORD }}
  name: myContainerName
  location:
  restart-policy: 'Never'`

If you have any questions or need more information, let me know.

Any insights or suggestions to resolve this issue would be greatly appreciated.

Thank you :)

I'm using the workflow file below.
But I'm receiving the following error on the "Deploy to Azure Container Instances" step:

Error: Error: The environment variable name in container 'localization-server' of container group 'localization-server' is invalid. A valid environment variable name must start with alphabetic character or _ , followed by a string of alphanumeric characters or _ (e.g. 'my_name', or 'MY_NAME', or 'MyName').

name: Azure Deployment

on: [push]

# This is to by-pass the set-env issue.
env:
  ACTIONS_ALLOW_UNSECURE_COMMANDS: true

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - name: 'Checkout'
      uses: actions/checkout@v2

    - name: 'Login via Azure CLI'
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}

    - name: 'Docker Login via Azure Container Registry'
      uses: azure/docker-login@v1
      with:
        login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
        username: ${{ secrets.REGISTRY_USERNAME }}
        password: ${{ secrets.REGISTRY_PASSWORD }}

    - name: 'Build and push image'
    - run: |
        docker build --build-arg SSH_PRIVATE_KEY="${{ secrets.GH_SSH_PRIVATE_KEY }}" --tag ${{ secrets.REGISTRY_LOGIN_SERVER }}/my-org/my-app:${{ github.sha }} .
        docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/my-org/my-app:${{ github.sha }}
     
    - name: 'Deploy to Azure Container Instances'
      uses: 'azure/aci-deploy@v1'
      with:
        resource-group: ${{ secrets.RESOURCE_GROUP }}
        image: ${{ secrets.REGISTRY_LOGIN_SERVER }}/my-org/my-app:${{ github.sha }}
        name: localization-server
        location: 'west us'
        dns-name-label: 'localization-server-${{ github.run_number }}'
        registry-login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
        registry-username: ${{ secrets.REGISTRY_USERNAME }}
        registry-password: ${{ secrets.REGISTRY_PASSWORD }}
        environment-variables: TEST_ONE=testing
        secure-environment-variables: TEST_TWO=${{ secrets.ENV_TEST_TWO }}

Today its pretty impossible to get some insights in why deploys are slow. Some more timing details in the log would be helpful here. Personally I notice that deployment is 2x as slow today as it used to be earlier this year. But its impossible for me to figure out where the bottleneck is..

Description:
I am trying to deploy Prophet Model.
Model is logged as mlflow.prophet flavour.
When I am creating image from Model Artifact this error came :
WebserviceException: WebserviceException:
"error": {
"message": "Image creation polling reached non-successful terminal state, current state: Failed\nError response from server:\nStatusCode: 400\nMessage: Docker image build failed."
}
}

Code to reproduce issue

import azureml
import mlflow.azureml
from azureml.core import Workspace
from azureml.core.authentication import ServicePrincipalAuthentication
from azureml.core.webservice import AciWebservice, Webservice

principal_auth = ServicePrincipalAuthentication(tenant_id, principal_id, app_secret)
workspace = Workspace.get(name=workspace_name, subscription_id=subscription_id, auth=principal_auth, resource_group=workspace_rg)
model_image, azureml_model = mlflow.azureml.build_image(model_uri='runs:/016fc3f2d5c34c8eadbeb20ad16d3/082358timeseriesforecasting', workspace=workspace)
model_image.wait_for_creation(show_output=True)

Other info / logs

In Container logs error is shown below:

[0mThe command '/bin/sh -c CONDA_ROOT_DIR=$(conda info --root) && if [ -n "$AZUREML_CONDA_ENVIRONMENT_PATH" ]; then conda env update -p "$AZUREML_CONDA_ENVIRONMENT_PATH" -f '/var/azureml-app/conda.yaml'; else conda env update -n base -f '/var/azureml-app/conda.yaml'; fi && conda clean -aqy && rm -rf /root/.cache/pip && rm -rf "$CONDA_ROOT_DIR/pkgs" && find "$CONDA_ROOT_DIR" -type d -name pycache -exec rm -rf {} +' returned a non-zero code: 137
2021/11/23 12:21:39 Container failed during run: acb_step_0. No retries remaining.
failed to run step ID: acb_step_0: exit status 137

Run ID: cj58 failed after 6m19s. Error: failed during run, err: exit status 1

System information
OS Platform and Distribution (e.g., Linux Ubuntu 16.04): Azure Distributed cluster
MLflow installed from (source or binary): source
MLflow version (run mlflow --version): 1.12.0
Python version: 3.7.3

Same error as #17

The above is obvs a bug the and condition is incorrect and makes it so that you are unable to set the ip address to Private because this is always only true for Public.

As a workaround, I'll have to stop using this ACI and manually create github action command line deploys using az container create