Create Service Connection in Azure DevOps for Azure Container Registry

 To push docker contianer images from Azure Pipelines to Azure Container Registry (ACR) you need to establish a connection between the Azure DevOps Team Project and the Azure Continer Registry in the Azure Subscription. General service principal based Azure Resource Manager Service Connection cannot be used to push docker images to Azure Contianer Registry. We need to instead create a service connection of type docker registry in Azure DevOps. Let's look at few simple steps to get such service connction created.

It is simple to setup this service connection if your Azure subscription and the Azure DevOps belong to the same account as described in this post. If you have your Azure subscription account as a different account form your Azure DevOps account refer one of below options to create the service connectiont to ACR. 

• Create Service Connection in Azure DevOps for Azure Container Registry - Using Basic Authentication
• Create Service Connection in Azure DevOps for Azure Container Registry - Using a Service Principal

In Azure DevOps Team Project settings page you need to go to service connections tab. In this tab click on "New service connection" button. Then select the Docker Registry as the option and click Next button at the bottom of the pane.

In the New Docker Registry service connection pane sect the Azure subscription with your Azure Continer Registry. There might be a popup asking you to log in to Azure (make sure your browser does not block this pop up window). Log in to your Azure account. Then you will be able to select the Azure Container Registry from the drop down. Provide a service connection name of your preference and make sure to check "Grant access permission to all pipelines", so that the service connection can be used with Azure pipeline task to push container images to ACR.

Once you save the docker registry service connection there will be a SPN created automatically and service connection will be created. The SPN is assigned AcrPush role in the ACR.

The Azure Container Registry service connecion can be used in Azure pipeline tasks to push docker images.

- task: Docker@2
    displayName: push docker image
    inputs:
      containerRegistry: 'acrdev03'
      repository: 'demo/orderapi'
      command: push
      tags: '$(Build.BuildId)'