问题描述
使用Github Action,通过 Azure/functions-container-action@v1 插件来完成 yaml 文件的配置,并成功部署Function Image 的过程记录。
操作步骤
第一步: 准备Function的镜像文件
如在VS Code中,通过Terminal(命令行窗口),根据所使用的语言,创建或初始化DockerFile
func init --worker-runtime python --docker
# --docker 选项生成该项目的 Dockerfile,其中定义了适合用于 Azure Functions 和所选运行时的自定义容器 Python
执行后的效果为在Function 项目中添加Dockerfile文件。
参考文档 -- 在 Linux 上使用自定义容器创建函数:https://docs.azure.cn/zh-cn/azure-functions/functions-create-function-linux-custom-image?tabs=in-process%2Cbash%2Cazure-cli&pivots=programming-language-python
第二步:上传镜像到ACR
首先,在本地启动Docker Desktop后,使用Docker build 生产镜像文件。
然后,登录ACR(Azure Container Registry :Azure 容器注册表)。
命令示例如下:
## 本地生产Image文件 docker build --tag azurefunctionsimage:v1 . ## 登录Azure镜像库 docker login <your-registry-name>.azurecr.cn --username <your-registry-username> ## 设置tag,推送到ACR docker tag azurefunctionsimage <your-registry-name>.azurecr.cn/azurefunctionsimage:v1 docker push <your-registry-name>.azurecr.cn/azurefunctionsimage:v1
参考文档 -- 向 Azure 容器注册表推送映像 : https://docs.azure.cn/zh-cn/app-service/tutorial-custom-container?pivots=container-linux#push-the-image-to-azure-container-registry
第三步:配置用户标识
启用用户标识,主要就是为了能够让它有权限去访问ACR并且拉取镜像文件
1:创建用户标识:Create User Assigned Managed Identity - Microsoft Azure 由世纪互联运营
2:在ACR中为用户标识赋予权限(Contributor or Reader):分配 Azure 角色的步骤 https://docs.azure.cn/zh-cn/role-based-access-control/role-assignments-steps
第四步:配置Github Action的 workflow yaml文件
Action的workflow文件中,有两段内容需要配置,一是设置 用户标识,二是设置镜像路径。
第一段,修改Function App的设置
- name: Azure App Service Settings uses: Azure/appservice-settings with: # Name of the Azure Web App app-name: fun-name general-settings-json: '{"acrUseManagedIdentityCreds": "true", "acrUserManagedIdentityID": "user managed identity id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}'
第二段,配置Image 路径
- name: 'Run Azure Functions Container Action' uses: Azure/functions-container-action id: fa with: app-name: fun-name image: youracrname.azurecr.cn/imagename:version
以上配置与 Azure Funciton 门户上 Development Center 的设置对比关系如下:
参考的github上yaml文件内容:https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp 和 https://github.com/Azure/actions-workflow-samples/blob/master/FunctionApp/linux-container-functionapp-on-azure.yml
修改后的yaml内容:
# Action Requires # 1. Setup the AZURE_CREDENTIALS secrets in your GitHub Repository # 2. Setup the REGISTRY_USERNAME secrets in your GitHub Repository # 3. Setup the REGISTRY_PASSWORD secrets in your GitHub Repository # 4. Replace REGISTRY, NAMESPACE, IMAGE, TAG in the following template with proper values # 5. Add this yaml file to your project's .github/workflows/ # 6. Push your local project to your GitHub Repository name: Linux_Container_Workflow on: [push] #on: # push: # branches: # - master jobs: build-and-deploy: runs-on: ubuntu-latest environment: dev steps: - name: 'Checkout GitHub Action' uses: actions/checkout #- name: 'Login via Azure CLI' # uses: Azure/login.4.6 # with: # creds: ${{ secrets.AZURE_CREDENTIALS }} # environment: AzureChinaCloud # #allow-no-subscriptions: true - name: 'set subscriptions' run: | az cloud set --name AzureChinaCloud az login -u your azure user name -p "password" az account set --subscription "your subscription id" - name: 'Docker Login' uses: azure/docker-login with: login-server: youracrname.azurecr.cn username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} # - name: 'Compose Customized Docker Image' # shell: bash # run: | # # If your function app project is not located in your repository's root # # Please change the path to your directory for docker build # docker build . -t REGISTRY/NAMESPACE/IMAGE:TAG # docker push REGISTRY/NAMESPACE/IMAGE:TAG - name: Azure App Service Settings uses: Azure/appservice-settings with: # Name of the Azure Web App app-name: functionappname general-settings-json: '{"acrUseManagedIdentityCreds": "true", "acrUserManagedIdentityID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}' - name: 'Run Azure Functions Container Action' uses: Azure/functions-container-action id: fa with: app-name: functionappname #image: REGISTRY/NAMESPACE/IMAGE:TAG image: youracrname.azurecr.cn/azurefunctionimage:v1 #- name: 'use the published functionapp url in upcoming steps' # run: | # echo "${{ steps.fa.outputs.app-url }}" - name: Azure logout run: | az logout # For more information on GitHub Actions: # https://help.github.com/en/categories/automating-your-workflow-with-github-actions
以上操作完成后,即可上传workflow yaml文件到 .github/workflows/ 目录下。因为条件设置为 on: [push],所以任何对代码库的push操作就会触发该workflow。
成功的效果图如本文最开始“问题描述”中的图片一致。
在Azure Function的log中,也能发现类似的Container启动日志:
2023-01-13T03:09:36.682Z INFO - Logging is not enabled for this container. Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here. 2023-01-13T03:09:45.209Z INFO - Initiating warmup request to container funtest01_1_b4054967_msiProxy for site funtest01 2023-01-13T03:09:45.261Z INFO - Container funtest01_1_b4054967_msiProxy for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T03:09:45.268Z INFO - Initiating warmup request to container funtest01_1_b4054967 for site funtest01 2023-01-13T03:10:01.707Z INFO - Waiting for response to warmup request for container funtest01_1_b4054967. Elapsed time = 16.4981389 sec 2023-01-13T03:10:13.069Z INFO - Container funtest01_1_b4054967 for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T03:10:13.089Z INFO - Initiating warmup request to container funtest01_1_b4054967_middleware for site funtest01 2023-01-13T03:10:17.032Z INFO - Container funtest01_1_b4054967_middleware for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T03:22:40.065Z INFO - Recycling container because of AppSettingsChange and isMainSite = True 2023-01-13T03:22:55.207Z INFO - Pulling image: mcr.microsoft.com/azure-functions/dotnet:3.0-appservice-quickstart 2023-01-13T03:22:56.079Z INFO - 3.0-appservice-quickstart Pulling from azure-functions/dotnet 2023-01-13T03:22:56.080Z INFO - Digest: sha256:99f2de1ba2d097fe7fca8098351bd7d9d2e1cabbc32e3c3506321f7f1811bd1b 2023-01-13T03:22:56.081Z INFO - Status: Image is up to date for mcr.microsoft.com/azure-functions/dotnet:3.0-appservice-quickstart 2023-01-13T03:22:56.084Z INFO - Pull Image successful, Time taken: 0 Minutes and 0 Seconds 2023-01-13T03:22:56.157Z INFO - Starting container for site 2023-01-13T03:22:56.165Z INFO - docker run -d --expose=80 --name funtest01_2_24a23a85 -e WEBSITE_CORS_ALLOWED_ORIGINS=https://portal.azure.cn -e WEBSITE_CORS_SUPPORT_CREDENTIALS=False -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITE_SITE_NAME=funtest01 -e WEBSITE_AUTH_ENABLED=False -e PORT=80 -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=funtest01.chinacloudsites.cn -e WEBSITE_INSTANCE_ID=50a285a49ae3758d44951d408c7ec6cb3077821b90868ed2bf52d6c32be391fa -e WEBSITE_USE_DIAGNOSTIC_SERVER=False mcr.microsoft.com/azure-functions/dotnet:3.0-appservice-quickstart 2023-01-13T03:22:56.166Z INFO - Logging is not enabled for this container. Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here. 2023-01-13T03:23:10.342Z INFO - Initiating warmup request to container funtest01_2_24a23a85_msiProxy for site funtest01 2023-01-13T03:23:10.745Z INFO - Container funtest01_2_24a23a85_msiProxy for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T03:23:10.753Z INFO - Initiating warmup request to container funtest01_2_24a23a85 for site funtest01 2023-01-13T03:23:27.483Z INFO - Waiting for response to warmup request for container funtest01_2_24a23a85. Elapsed time = 17.1407378 sec 2023-01-13T03:23:38.014Z INFO - Container funtest01_2_24a23a85 for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T03:23:38.023Z INFO - Initiating warmup request to container funtest01_2_24a23a85_middleware for site funtest01 2023-01-13T03:23:54.109Z INFO - Container funtest01_2_24a23a85_middleware for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T06:14:26.600Z INFO - Recycling container because of AppFrameworkVersionChange and appFrameworkVersion = <youracrname>.azurecr.cn/azurefunctionimage:v1 2023-01-13T06:14:50.804Z INFO - Pulling image: <youracrname>.azurecr.cn/azurefunctionimage:v1 2023-01-13T06:14:51.203Z INFO - v1 Pulling from azurefunctionimage 2023-01-13T06:14:51.228Z INFO - 3f4ca61aafcd Pulling fs layer 2023-01-13T06:14:51.233Z INFO - 3f487a3359db Pulling fs layer 2023-01-13T06:14:51.233Z INFO - cf20d7997674 Pulling fs layer 2023-01-13T06:14:51.234Z INFO - 8fa944797ac7 Pulling fs layer 2023-01-13T06:14:51.234Z INFO - 268581bec5af Pulling fs layer 2023-01-13T06:14:51.235Z INFO - 320a9b97d2ed Pulling fs layer 2023-01-13T06:14:51.235Z INFO - 14bf15bf0e2a Pulling fs layer 2023-01-13T06:14:51.235Z INFO - 888c871585b1 Pulling fs layer 2023-01-13T06:14:51.243Z INFO - dc54e8c78a21 Pulling fs layer 2023-01-13T06:14:51.244Z INFO - 0b8d318d756a Pulling fs layer 2023-01-13T06:14:51.244Z INFO - 686f382362d7 Pulling fs layer 2023-01-13T06:14:51.252Z INFO - a108b4c555c7 Pulling fs layer 2023-01-13T06:14:51.253Z INFO - 07a70c22a7c4 Pulling fs layer 2023-01-13T06:14:52.512Z INFO - 3f487a3359db Downloading 799KB / 1MB ... 2023-01-13T06:17:09.734Z INFO - 07a70c22a7c4 Extracting 9MB / 9MB 2023-01-13T06:17:09.938Z INFO - 07a70c22a7c4 Pull complete 2023-01-13T06:17:09.955Z INFO - Digest: sha256:26a409b16044e27bdd97627a14118e33e84f840052d9fe4711f1ca471b09d22b 2023-01-13T06:17:09.957Z INFO - Status: Downloaded newer image for <youracrname>.azurecr.cn/azurefunctionimage:v1 2023-01-13T06:17:10.056Z INFO - Pull Image successful, Time taken: 2 Minutes and 19 Seconds 2023-01-13T06:17:10.688Z INFO - Starting container for site 2023-01-13T06:17:10.699Z INFO - docker run -d --expose=80 --name funtest01_3_e9514d82 -e WEBSITE_CORS_ALLOWED_ORIGINS=https://portal.azure.cn -e WEBSITE_CORS_SUPPORT_CREDENTIALS=False -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITE_SITE_NAME=funtest01 -e WEBSITE_AUTH_ENABLED=False -e PORT=80 -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=funtest01.chinacloudsites.cn -e WEBSITE_INSTANCE_ID=50a285a49ae3758d44951d408c7ec6cb3077821b90868ed2bf52d6c32be391fa -e WEBSITE_USE_DIAGNOSTIC_SERVER=False <youracrname>.azurecr.cn/azurefunctionimage:v1 2023-01-13T06:17:10.707Z INFO - Logging is not enabled for this container. Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here. 2023-01-13T06:17:20.451Z INFO - Initiating warmup request to container funtest01_3_e9514d82_msiProxy for site funtest01 2023-01-13T06:17:20.721Z INFO - Container funtest01_3_e9514d82_msiProxy for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T06:17:20.722Z INFO - Initiating warmup request to container funtest01_3_e9514d82 for site funtest01 2023-01-13T06:17:36.951Z INFO - Waiting for response to warmup request for container funtest01_3_e9514d82. Elapsed time = 16.4996091 sec 2023-01-13T06:17:44.426Z INFO - Container funtest01_3_e9514d82 for site funtest01 initialized successfully and is ready to serve requests. 2023-01-13T06:17:44.427Z INFO - Initiating warmup request to container funtest01_3_e9514d82_middleware for site funtest01 2023-01-13T06:17:45.431Z INFO - Container funtest01_3_e9514d82_middleware for site funtest01 initialized successfully and is ready to serve requests.
参考资料
Action Samples for deploying to Azure Functions :https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp
