Skip to content

azurermContainerRegistryTask

Manages a Container Registry Task.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-rg",
  }
);
const azurermContainerRegistryExample =
  new azurerm.containerRegistry.ContainerRegistry(this, "example_2", {
    location: azurermResourceGroupExample.location,
    name: "example",
    resource_group_name: azurermResourceGroupExample.name,
    sku: "Basic",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermContainerRegistryExample.overrideLogicalId("example");
const azurermContainerRegistryTaskExample =
  new azurerm.containerRegistryTask.ContainerRegistryTask(this, "example_3", {
    container_registry_id: azurermContainerRegistryExample.id,
    docker_step: [
      {
        context_access_token: "<github personal access token>",
        context_path:
          "https://github.com/<user name>/acr-build-helloworld-node#main",
        dockerfile_path: "Dockerfile",
        image_names: ["helloworld:{{.Run.ID}}"],
      },
    ],
    name: "example-task",
    platform: [
      {
        os: "Linux",
      },
    ],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermContainerRegistryTaskExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • name - (Required) The name which should be used for this Container Registry Task. Changing this forces a new Container Registry Task to be created.

  • containerRegistryId - (Required) The ID of the Container Registry that this Container Registry Task resides in. Changing this forces a new Container Registry Task to be created.

  • agentPoolName - (Optional) The name of the dedicated Container Registry Agent Pool for this Container Registry Task.

  • agentSetting - (Optional) A agentSetting block as defined below.

  • enabled - (Optional) Should this Container Registry Task be enabled? Defaults to true.

  • identity - (Optional) An identity block as defined below.

  • platform - (Optional) A platform block as defined below.

\~> NOTE: The platform is required for non-system task (when isSystemTask is set to false).

  • dockerStep - (Optional) A dockerStep block as defined below.

  • encodedStep - (Optional) A encodedStep block as defined below.

  • fileStep - (Optional) A fileStep block as defined below.

\~> NOTE: For non-system task (when isSystemTask is set to false), one and only one of the dockerStep, encodedStep and fileStep should be specified.

  • baseImageTrigger - (Optional) A baseImageTrigger block as defined below.

  • sourceTrigger - (Optional) One or more sourceTrigger blocks as defined below.

  • timerTrigger - (Optional) One or more timerTrigger blocks as defined below.

  • isSystemTask - (Optional) Whether this Container Registry Task is a system task. Changing this forces a new Container Registry Task to be created. Defaults to false.

\~> NOTE: For system task, the name has to be set as quicktask. And the following properties can't be specified: dockerStep, encodedStep, fileStep, platform, baseImageTrigger, sourceTrigger, timerTrigger.

  • logTemplate - (Optional) The template that describes the run log artifact.

  • registryCredential - (Optional) One registryCredential block as defined below.

  • tags - (Optional) A mapping of tags which should be assigned to the Container Registry Task.

  • timeoutInSeconds - (Optional) The timeout of this Container Registry Task in seconds. The valid range lies from 300 to 28800. Defaults to 3600.

A agentSetting block supports the following:

  • cpu - (Required) The number of cores required for the Container Registry Task.

A authentication block supports the following:

  • token - (Required) The access token used to access the source control provider.

  • tokenType - (Required) The type of the token. Possible values are pat (personal access token) and oAuth.

  • expireInSeconds - (Optional) Time in seconds that the token remains valid.

  • refreshToken - (Optional) The refresh token used to refresh the access token.

  • scope - (Optional) The scope of the access token.

A baseImageTrigger block supports the following:

  • name - (Required) The name which should be used for this trigger.

  • type - (Required) The type of the trigger. Possible values are all and runtime.

  • enabled - (Optional) Should the trigger be enabled? Defaults to true.

  • updateTriggerEndpoint - (Optional) The endpoint URL for receiving the trigger.

  • updateTriggerPayloadType - (Optional) Type of payload body for the trigger. Possible values are default and token.

A custom block supports the following:

  • loginServer - (Required) The login server of the custom Container Registry.

  • identity - (Optional) The managed identity assigned to this custom credential. For user assigned identity, the value is the client ID of the identity. For system assigned identity, the value is [system].

  • password - (Optional) The password for logging into the custom Container Registry. It can be either a plain text of password, or a Keyvault Secret ID.

  • username - (Optional) The username for logging into the custom Container Registry. It can be either a plain text of username, or a Keyvault Secret ID.

A dockerStep block supports the following:

  • contextAccessToken - (Required) The token (Git PAT or SAS token of storage account blob) associated with the context for this step.

  • contextPath - (Required) The URL (absolute or relative) of the source context for this step.

  • dockerfilePath - (Required) The Dockerfile path relative to the source context.

  • arguments - (Optional) Specifies a map of arguments to be used when executing this step.

  • imageNames - (Optional) Specifies a list of fully qualified image names including the repository and tag.

  • cacheEnabled - (Optional) Should the image cache be enabled? Defaults to true.

  • pushEnabled - (Optional) Should the image built be pushed to the registry or not? Defaults to true.

  • secretArguments - (Optional) Specifies a map of secret arguments to be used when executing this step.

  • target - (Optional) The name of the target build stage for the docker build.

A encodedStep block supports the following:

  • taskContent - (Required) The (optionally base64 encoded) content of the build template.

  • contextAccessToken - (Optional) The token (Git PAT or SAS token of storage account blob) associated with the context for this step.

  • contextPath - (Optional) The URL (absolute or relative) of the source context for this step.

  • secretValues - (Optional) Specifies a map of secret values that can be passed when running a task.

  • valueContent - (Optional) The (optionally base64 encoded) content of the build parameters.

  • values - (Optional) Specifies a map of values that can be passed when running a task.

A fileStep block supports the following:

  • taskFilePath - (Required) The task template file path relative to the source context.

  • contextAccessToken - (Optional) The token (Git PAT or SAS token of storage account blob) associated with the context for this step.

  • contextPath - (Optional) The URL (absolute or relative) of the source context for this step.

  • secretValues - (Optional) Specifies a map of secret values that can be passed when running a task.

  • valueFilePath - (Optional) The parameters file path relative to the source context.

  • values - (Optional) Specifies a map of values that can be passed when running a task.

An identity block supports the following:

  • type - (Required) Specifies the type of Managed Service Identity that should be configured on this Container Registry Task. Possible values are systemAssigned, userAssigned, systemAssigned,UserAssigned (to enable both).

  • identityIds - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Container Registry Task.

\~> NOTE: This is required when type is set to userAssigned or systemAssigned,UserAssigned.

A platform block supports the following:

  • os - (Required) The operating system type required for the task. Possible values are windows and linux.

  • architecture - (Optional) The OS architecture. Possible values are amd64, x86, 386, arm and arm64.

  • variant - (Optional) The variant of the CPU. Possible values are v6, v7, v8.

A registryCredential block supports the following:

  • source - (Optional) One source block as defined below.

  • custom - (Optional) One or more custom blocks as defined above.

A source block supports the following:

  • loginMode - (Required) The login mode for the source registry. Possible values are none and default.

A sourceTrigger block supports the following:

  • name - (Required) The name which should be used for this trigger.

  • events - (Required) Specifies a list of source events corresponding to the trigger. Possible values are commit and pullrequest.

  • repositoryUrl - (Required) The full URL to the source code repository.

  • sourceType - (Required) The type of the source control service. Possible values are github and visualStudioTeamService.

  • authentication - (Optional) A authentication block as defined above.

  • branch - (Optional) The branch name of the source code.

  • enabled - (Optional) Should the trigger be enabled? Defaults to true.

A timerTrigger block supports the following:

  • name - (Required) The name which should be used for this trigger.

  • schedule - (Required) The CRON expression for the task schedule.

  • enabled - (Optional) Should the trigger be enabled? Defaults to true.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Container Registry Task.

  • identity - An identity block as defined below.

An identity block exports the following:

  • principalId - The Principal ID associated with this Managed Service Identity.

  • tenantId - The Tenant ID associated with this Managed Service Identity.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Container Registry Task.
  • read - (Defaults to 5 minutes) Used when retrieving the Container Registry Task.
  • update - (Defaults to 30 minutes) Used when updating the Container Registry Task.
  • delete - (Defaults to 30 minutes) Used when deleting the Container Registry Task.

Import

Container Registry Tasks can be imported using the resourceId, e.g.

terraform import azurerm_container_registry_task.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.ContainerRegistry/registries/registry1/tasks/task1