Week 5 - Containers & CI/CD

Introduction to Containers and CI/CD

Dependency Management

Docker Fundamentals

Azure Container Registry

Python CI Pipeline

Week 5 Gotchas & Pitfalls

Practice

Week 5 Assignment: Containerize and Ship a Data Pipeline

Week 5 Lesson Plan

Azure Container Registry

You can build and run images locally, but to deploy them you need a registry. Azure Container Registry (ACR) is a private registry where your team stores and versions container images.

By the end of this chapter, you should be able to log in to a shared ACR instance, tag and push an image, and verify it in the Azure portal.

Concepts

The Azure CLI

This is the first chapter where you use the Azure CLI (az), a command-line tool for managing Azure resources. You installed it in Week 1 as part of your Azure setup.

<aside> 📘 Core program connection: In the Core program Systems week you learned about cloud computing and container registries. Here you apply the same concepts with Azure. Review: Core Program - Cloud Computing

</aside>

Before continuing, make sure you are logged in:

az login

This opens a browser window where you sign in with your Azure account. Once authenticated, all az commands in your terminal use that session. If you get a "not logged in" error later, run az login again.

<aside> 💡 You will use az commands more extensively in Week 6. For now, you only need az acr login.

</aside>

What a registry does

A registry stores container images so they can be pulled from other machines, CI runners, or cloud services. Docker Hub is the default public registry. ACR is a private registry tied to your Azure subscription.

• Image: the built artifact (e.g. weather-pipeline)
• Tag: the version label (e.g. 1.0, abc123)
• Registry: where the image lives (e.g. hyfregistry.azurecr.io)

The full image name combines all three: hyfregistry.azurecr.io/weather-pipeline:1.0

Your shared registry

Your teacher has created a shared ACR instance for the class. You will receive the registry name (e.g. hyfregistry). Open the Azure portal and find it under "Container registries" to confirm you have access.

Log in and push an image

Before you can push, authenticate Docker with the shared registry:

# Log in (uses your Azure credentials)
az acr login --name hyfregistry

Then tag your local image with the registry prefix and push:

# Tag for ACR
docker tag weather-pipeline:1.0 hyfregistry.azurecr.io/weather-pipeline:1.0

# Push to ACR
docker push hyfregistry.azurecr.io/weather-pipeline:1.0

<aside> ⌨️ Hands on: Push your Docker Fundamentals image to the shared registry. Then go to the Azure portal, open the registry, and find your image under "Repositories."

</aside>

Seeing your image in the portal confirms the push worked. This is the same image that CI will push automatically in the next chapter.

Tagging strategy

Use meaningful tags, not just latest:

• Commit SHA (abc123f): every CI build gets a unique, traceable tag
• Semantic version (1.0.3): for releases
• Environment (dev, prod): to track what is deployed where

<aside> ⚠️ latest is just a tag name. It does not automatically point to the newest image. If two people push latest a day apart, only the last push wins. Use explicit tags.

</aside>

Understanding the registry URL

The full image reference follows this pattern:

<registry>.azurecr.io/<image>:<tag>

For example: hyfregistry.azurecr.io/weather-pipeline:1.0

Your CI workflows will construct this string to tag and push images automatically.

<aside> 💡 Using AI to help: If you are unsure about az acr commands, paste the error message into an LLM and ask for the fix. (⚠️ Ensure no PII or sensitive company data is included!)

</aside>

Verify the suggestion with az acr --help before running it.

<aside> 🤓 Curious Geek: The OCI image standard

The Open Container Initiative (OCI) defines a standard image format so images built with Docker also work on containerd, Podman, and other runtimes. That is why your image is portable across tools and clouds.

For how the OCI split Docker into runc and containerd in 2015, see the optional History of Containers and CI/CD page.

</aside>

Exercises

1. Log in to the shared ACR and push an image to it.
2. Find your image in the Azure portal and note the digest.
3. Tag the same image as dev and prod and push both. Confirm they share the same digest.
4. Explain why latest is unreliable for production deployments.

Knowledge Check

1. What is the difference between an image, a tag, and a registry?
2. Why is latest an unreliable tag for production?
3. What does az acr login do, and why is it needed before docker push?

Extra reading

• Azure Container Registry overview
• ACR authentication

In the next chapter you automate everything you just did by hand: a GitHub Actions workflow that lints, tests, builds, and pushes the image to this registry on every commit.

The HackYourFuture curriculum is licensed under CC BY-NC-SA 4.0 *https://hackyourfuture.net/*

Built with ❤️ by the HackYourFuture community · Thank you, contributors

Found a mistake or have a suggestion? Let us know in the feedback form.