The Azure Container Registry (ACR) is a hosted docker repository that requires extra configuration for day-to-day use. This configuration is not typical of other repositories, and there are some considerations to account for when using it with Earthly. This guide will walk you through creating an Earthfile, building an image, and pushing it to ACR.
No special considerations are needed in the Earthfile itself. You can use SAVE IMAGE just like any other repository.
FROM alpine:3.15
build:
RUN echo "Hello from Earthly!" > motd
ENTRYPOINT cat motd
SAVE IMAGE --push helloearthly.azurecr.io/hello-earthly:with-love
Login and Configure the ACR Credential Helper
ACR does not issue permanent credentials. Instead, it relies on your Azure AD credentials to issue Docker credentials. As an individual user, you will need to log into your repository first:
❯ az acr login --name helloearthly
Login Succeeded
After logging in, the ACR Credential Helper will help keep your credentials up to date, as long as it is invoked again before your already issued credentials expire. When all this is complete, your .docker/config.json might look like this:
ACR boasts many other methods of logging in, including Service Principals and admin accounts. Note that the admin account method is not recommended for production usage. Please follow the relevant guides to authenticate if you wish to use one of these other methods.
RBAC
Ensure that you have correct permissions to push and pull the images. Please reference the ACR RBAC documentation to ensure you have the correct permissions set. To complete all the activities in this guide, you will need to have at least the AcrPush role.
Earthly also works with Service Principals; and these do not require az acr login. You can simply login directly with docker like this:
Once you are logged in, and have the optional credential helper installed, then you are ready to use Earthly to access images in ACR. To build and push an image, simply execute the build target. Don't forget the --push flag!
By logging in and optionally installing the credential helper; you can also pull images without any special handling in an Earthfile:
FROM earthly/dind:alpine-main
run:
WITH DOCKER --pull helloearthly.azurecr.io/hello-earthly:with-love
RUN docker run helloearthly.azurecr.io/hello-earthly:with-love
END
Re-run az acr login --name to log in again and refresh your credentials. Azure recommends that you run this at the beginning o each automated script; keep this in mind for your CI runs.