The azure-native:containerregistry:Task resource, part of the Pulumi Azure Native provider, defines an ACR Task that schedules container image builds and runs based on triggers or manual invocation. This guide focuses on three capabilities: Docker build steps with automated triggers, quick task definitions for manual runs, and managed identity authentication.
Tasks belong to an Azure Container Registry and may reference GitHub repositories, managed identities, and external webhook endpoints. The examples are intentionally small. Combine them with your own registry, source repositories, and identity configuration.
Build and push images with automated triggers
Container registries often need to rebuild images automatically when base images update or source code changes, eliminating manual intervention.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const task = new azure_native.containerregistry.Task("task", {
agentConfiguration: {
cpu: 2,
},
identity: {
type: azure_native.containerregistry.ResourceIdentityType.SystemAssigned,
},
isSystemTask: false,
location: "eastus",
logTemplate: "acr/tasks:{{.Run.OS}}",
platform: {
architecture: azure_native.containerregistry.Architecture.Amd64,
os: azure_native.containerregistry.OS.Linux,
},
registryName: "myRegistry",
resourceGroupName: "myResourceGroup",
status: azure_native.containerregistry.TaskStatus.Enabled,
step: {
arguments: [
{
isSecret: false,
name: "mytestargument",
value: "mytestvalue",
},
{
isSecret: true,
name: "mysecrettestargument",
value: "mysecrettestvalue",
},
],
contextPath: "src",
dockerFilePath: "src/DockerFile",
imageNames: ["azurerest:testtag"],
isPushEnabled: true,
noCache: false,
type: "Docker",
},
tags: {
testkey: "value",
},
taskName: "mytTask",
trigger: {
baseImageTrigger: {
baseImageTriggerType: azure_native.containerregistry.BaseImageTriggerType.Runtime,
name: "myBaseImageTrigger",
updateTriggerEndpoint: "https://user:pass@mycicd.webhook.com?token=foo",
updateTriggerPayloadType: azure_native.containerregistry.UpdateTriggerPayloadType.Token,
},
sourceTriggers: [{
name: "mySourceTrigger",
sourceRepository: {
branch: "master",
repositoryUrl: "https://github.com/Azure/azure-rest-api-specs",
sourceControlAuthProperties: {
token: "xxxxx",
tokenType: azure_native.containerregistry.TokenType.PAT,
},
sourceControlType: azure_native.containerregistry.SourceControlType.Github,
},
sourceTriggerEvents: [azure_native.containerregistry.SourceTriggerEvent.Commit],
}],
timerTriggers: [{
name: "myTimerTrigger",
schedule: "30 9 * * 1-5",
}],
},
});
import pulumi
import pulumi_azure_native as azure_native
task = azure_native.containerregistry.Task("task",
agent_configuration={
"cpu": 2,
},
identity={
"type": azure_native.containerregistry.ResourceIdentityType.SYSTEM_ASSIGNED,
},
is_system_task=False,
location="eastus",
log_template="acr/tasks:{{.Run.OS}}",
platform={
"architecture": azure_native.containerregistry.Architecture.AMD64,
"os": azure_native.containerregistry.OS.LINUX,
},
registry_name="myRegistry",
resource_group_name="myResourceGroup",
status=azure_native.containerregistry.TaskStatus.ENABLED,
step={
"arguments": [
{
"is_secret": False,
"name": "mytestargument",
"value": "mytestvalue",
},
{
"is_secret": True,
"name": "mysecrettestargument",
"value": "mysecrettestvalue",
},
],
"context_path": "src",
"docker_file_path": "src/DockerFile",
"image_names": ["azurerest:testtag"],
"is_push_enabled": True,
"no_cache": False,
"type": "Docker",
},
tags={
"testkey": "value",
},
task_name="mytTask",
trigger={
"base_image_trigger": {
"base_image_trigger_type": azure_native.containerregistry.BaseImageTriggerType.RUNTIME,
"name": "myBaseImageTrigger",
"update_trigger_endpoint": "https://user:pass@mycicd.webhook.com?token=foo",
"update_trigger_payload_type": azure_native.containerregistry.UpdateTriggerPayloadType.TOKEN,
},
"source_triggers": [{
"name": "mySourceTrigger",
"source_repository": {
"branch": "master",
"repository_url": "https://github.com/Azure/azure-rest-api-specs",
"source_control_auth_properties": {
"token": "xxxxx",
"token_type": azure_native.containerregistry.TokenType.PAT,
},
"source_control_type": azure_native.containerregistry.SourceControlType.GITHUB,
},
"source_trigger_events": [azure_native.containerregistry.SourceTriggerEvent.COMMIT],
}],
"timer_triggers": [{
"name": "myTimerTrigger",
"schedule": "30 9 * * 1-5",
}],
})
package main
import (
containerregistry "github.com/pulumi/pulumi-azure-native-sdk/containerregistry/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := containerregistry.NewTask(ctx, "task", &containerregistry.TaskArgs{
AgentConfiguration: &containerregistry.AgentPropertiesArgs{
Cpu: pulumi.Int(2),
},
Identity: &containerregistry.IdentityPropertiesArgs{
Type: containerregistry.ResourceIdentityTypeSystemAssigned,
},
IsSystemTask: pulumi.Bool(false),
Location: pulumi.String("eastus"),
LogTemplate: pulumi.String("acr/tasks:{{.Run.OS}}"),
Platform: &containerregistry.PlatformPropertiesArgs{
Architecture: pulumi.String(containerregistry.ArchitectureAmd64),
Os: pulumi.String(containerregistry.OSLinux),
},
RegistryName: pulumi.String("myRegistry"),
ResourceGroupName: pulumi.String("myResourceGroup"),
Status: pulumi.String(containerregistry.TaskStatusEnabled),
Step: &containerregistry.DockerBuildStepArgs{
Arguments: containerregistry.ArgumentArray{
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(false),
Name: pulumi.String("mytestargument"),
Value: pulumi.String("mytestvalue"),
},
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(true),
Name: pulumi.String("mysecrettestargument"),
Value: pulumi.String("mysecrettestvalue"),
},
},
ContextPath: pulumi.String("src"),
DockerFilePath: pulumi.String("src/DockerFile"),
ImageNames: pulumi.StringArray{
pulumi.String("azurerest:testtag"),
},
IsPushEnabled: pulumi.Bool(true),
NoCache: pulumi.Bool(false),
Type: pulumi.String("Docker"),
},
Tags: pulumi.StringMap{
"testkey": pulumi.String("value"),
},
TaskName: pulumi.String("mytTask"),
Trigger: &containerregistry.TriggerPropertiesArgs{
BaseImageTrigger: &containerregistry.BaseImageTriggerArgs{
BaseImageTriggerType: pulumi.String(containerregistry.BaseImageTriggerTypeRuntime),
Name: pulumi.String("myBaseImageTrigger"),
UpdateTriggerEndpoint: pulumi.String("https://user:pass@mycicd.webhook.com?token=foo"),
UpdateTriggerPayloadType: pulumi.String(containerregistry.UpdateTriggerPayloadTypeToken),
},
SourceTriggers: containerregistry.SourceTriggerArray{
&containerregistry.SourceTriggerArgs{
Name: pulumi.String("mySourceTrigger"),
SourceRepository: &containerregistry.SourcePropertiesArgs{
Branch: pulumi.String("master"),
RepositoryUrl: pulumi.String("https://github.com/Azure/azure-rest-api-specs"),
SourceControlAuthProperties: &containerregistry.AuthInfoArgs{
Token: pulumi.String("xxxxx"),
TokenType: pulumi.String(containerregistry.TokenTypePAT),
},
SourceControlType: pulumi.String(containerregistry.SourceControlTypeGithub),
},
SourceTriggerEvents: pulumi.StringArray{
pulumi.String(containerregistry.SourceTriggerEventCommit),
},
},
},
TimerTriggers: containerregistry.TimerTriggerArray{
&containerregistry.TimerTriggerArgs{
Name: pulumi.String("myTimerTrigger"),
Schedule: pulumi.String("30 9 * * 1-5"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var task = new AzureNative.ContainerRegistry.Task("task", new()
{
AgentConfiguration = new AzureNative.ContainerRegistry.Inputs.AgentPropertiesArgs
{
Cpu = 2,
},
Identity = new AzureNative.ContainerRegistry.Inputs.IdentityPropertiesArgs
{
Type = AzureNative.ContainerRegistry.ResourceIdentityType.SystemAssigned,
},
IsSystemTask = false,
Location = "eastus",
LogTemplate = "acr/tasks:{{.Run.OS}}",
Platform = new AzureNative.ContainerRegistry.Inputs.PlatformPropertiesArgs
{
Architecture = AzureNative.ContainerRegistry.Architecture.Amd64,
Os = AzureNative.ContainerRegistry.OS.Linux,
},
RegistryName = "myRegistry",
ResourceGroupName = "myResourceGroup",
Status = AzureNative.ContainerRegistry.TaskStatus.Enabled,
Step = new AzureNative.ContainerRegistry.Inputs.DockerBuildStepArgs
{
Arguments = new[]
{
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = false,
Name = "mytestargument",
Value = "mytestvalue",
},
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = true,
Name = "mysecrettestargument",
Value = "mysecrettestvalue",
},
},
ContextPath = "src",
DockerFilePath = "src/DockerFile",
ImageNames = new[]
{
"azurerest:testtag",
},
IsPushEnabled = true,
NoCache = false,
Type = "Docker",
},
Tags =
{
{ "testkey", "value" },
},
TaskName = "mytTask",
Trigger = new AzureNative.ContainerRegistry.Inputs.TriggerPropertiesArgs
{
BaseImageTrigger = new AzureNative.ContainerRegistry.Inputs.BaseImageTriggerArgs
{
BaseImageTriggerType = AzureNative.ContainerRegistry.BaseImageTriggerType.Runtime,
Name = "myBaseImageTrigger",
UpdateTriggerEndpoint = "https://user:pass@mycicd.webhook.com?token=foo",
UpdateTriggerPayloadType = AzureNative.ContainerRegistry.UpdateTriggerPayloadType.Token,
},
SourceTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.SourceTriggerArgs
{
Name = "mySourceTrigger",
SourceRepository = new AzureNative.ContainerRegistry.Inputs.SourcePropertiesArgs
{
Branch = "master",
RepositoryUrl = "https://github.com/Azure/azure-rest-api-specs",
SourceControlAuthProperties = new AzureNative.ContainerRegistry.Inputs.AuthInfoArgs
{
Token = "xxxxx",
TokenType = AzureNative.ContainerRegistry.TokenType.PAT,
},
SourceControlType = AzureNative.ContainerRegistry.SourceControlType.Github,
},
SourceTriggerEvents = new[]
{
AzureNative.ContainerRegistry.SourceTriggerEvent.Commit,
},
},
},
TimerTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.TimerTriggerArgs
{
Name = "myTimerTrigger",
Schedule = "30 9 * * 1-5",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.containerregistry.Task;
import com.pulumi.azurenative.containerregistry.TaskArgs;
import com.pulumi.azurenative.containerregistry.inputs.AgentPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.IdentityPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.PlatformPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.TriggerPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.BaseImageTriggerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var task = new Task("task", TaskArgs.builder()
.agentConfiguration(AgentPropertiesArgs.builder()
.cpu(2)
.build())
.identity(IdentityPropertiesArgs.builder()
.type("SystemAssigned")
.build())
.isSystemTask(false)
.location("eastus")
.logTemplate("acr/tasks:{{.Run.OS}}")
.platform(PlatformPropertiesArgs.builder()
.architecture("amd64")
.os("Linux")
.build())
.registryName("myRegistry")
.resourceGroupName("myResourceGroup")
.status("Enabled")
.step(DockerBuildStepArgs.builder()
.arguments(
ArgumentArgs.builder()
.isSecret(false)
.name("mytestargument")
.value("mytestvalue")
.build(),
ArgumentArgs.builder()
.isSecret(true)
.name("mysecrettestargument")
.value("mysecrettestvalue")
.build())
.contextPath("src")
.dockerFilePath("src/DockerFile")
.imageNames("azurerest:testtag")
.isPushEnabled(true)
.noCache(false)
.type("Docker")
.build())
.tags(Map.of("testkey", "value"))
.taskName("mytTask")
.trigger(TriggerPropertiesArgs.builder()
.baseImageTrigger(BaseImageTriggerArgs.builder()
.baseImageTriggerType("Runtime")
.name("myBaseImageTrigger")
.updateTriggerEndpoint("https://user:pass@mycicd.webhook.com?token=foo")
.updateTriggerPayloadType("Token")
.build())
.sourceTriggers(SourceTriggerArgs.builder()
.name("mySourceTrigger")
.sourceRepository(SourcePropertiesArgs.builder()
.branch("master")
.repositoryUrl("https://github.com/Azure/azure-rest-api-specs")
.sourceControlAuthProperties(AuthInfoArgs.builder()
.token("xxxxx")
.tokenType("PAT")
.build())
.sourceControlType("Github")
.build())
.sourceTriggerEvents("commit")
.build())
.timerTriggers(TimerTriggerArgs.builder()
.name("myTimerTrigger")
.schedule("30 9 * * 1-5")
.build())
.build())
.build());
}
}
resources:
task:
type: azure-native:containerregistry:Task
properties:
agentConfiguration:
cpu: 2
identity:
type: SystemAssigned
isSystemTask: false
location: eastus
logTemplate: acr/tasks:{{.Run.OS}}
platform:
architecture: amd64
os: Linux
registryName: myRegistry
resourceGroupName: myResourceGroup
status: Enabled
step:
arguments:
- isSecret: false
name: mytestargument
value: mytestvalue
- isSecret: true
name: mysecrettestargument
value: mysecrettestvalue
contextPath: src
dockerFilePath: src/DockerFile
imageNames:
- azurerest:testtag
isPushEnabled: true
noCache: false
type: Docker
tags:
testkey: value
taskName: mytTask
trigger:
baseImageTrigger:
baseImageTriggerType: Runtime
name: myBaseImageTrigger
updateTriggerEndpoint: https://user:pass@mycicd.webhook.com?token=foo
updateTriggerPayloadType: Token
sourceTriggers:
- name: mySourceTrigger
sourceRepository:
branch: master
repositoryUrl: https://github.com/Azure/azure-rest-api-specs
sourceControlAuthProperties:
token: xxxxx
tokenType: PAT
sourceControlType: Github
sourceTriggerEvents:
- commit
timerTriggers:
- name: myTimerTrigger
schedule: 30 9 * * 1-5
The step property defines a Docker build that reads from contextPath, builds using dockerFilePath, and pushes to the registry when isPushEnabled is true. The trigger property configures three automation types: baseImageTrigger rebuilds when base images update, sourceTriggers watch GitHub for commits, and timerTriggers run on a cron schedule. The platform property specifies the build environment (Linux amd64), while agentConfiguration sets CPU allocation for the build agent.
Create a minimal task for quick runs
Some workflows need tasks that run on-demand rather than automatically, providing a lightweight definition without build steps or triggers.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const task = new azure_native.containerregistry.Task("task", {
isSystemTask: true,
location: "eastus",
logTemplate: "acr/tasks:{{.Run.OS}}",
registryName: "myRegistry",
resourceGroupName: "myResourceGroup",
status: azure_native.containerregistry.TaskStatus.Enabled,
tags: {
testkey: "value",
},
taskName: "quicktask",
});
import pulumi
import pulumi_azure_native as azure_native
task = azure_native.containerregistry.Task("task",
is_system_task=True,
location="eastus",
log_template="acr/tasks:{{.Run.OS}}",
registry_name="myRegistry",
resource_group_name="myResourceGroup",
status=azure_native.containerregistry.TaskStatus.ENABLED,
tags={
"testkey": "value",
},
task_name="quicktask")
package main
import (
containerregistry "github.com/pulumi/pulumi-azure-native-sdk/containerregistry/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := containerregistry.NewTask(ctx, "task", &containerregistry.TaskArgs{
IsSystemTask: pulumi.Bool(true),
Location: pulumi.String("eastus"),
LogTemplate: pulumi.String("acr/tasks:{{.Run.OS}}"),
RegistryName: pulumi.String("myRegistry"),
ResourceGroupName: pulumi.String("myResourceGroup"),
Status: pulumi.String(containerregistry.TaskStatusEnabled),
Tags: pulumi.StringMap{
"testkey": pulumi.String("value"),
},
TaskName: pulumi.String("quicktask"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var task = new AzureNative.ContainerRegistry.Task("task", new()
{
IsSystemTask = true,
Location = "eastus",
LogTemplate = "acr/tasks:{{.Run.OS}}",
RegistryName = "myRegistry",
ResourceGroupName = "myResourceGroup",
Status = AzureNative.ContainerRegistry.TaskStatus.Enabled,
Tags =
{
{ "testkey", "value" },
},
TaskName = "quicktask",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.containerregistry.Task;
import com.pulumi.azurenative.containerregistry.TaskArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var task = new Task("task", TaskArgs.builder()
.isSystemTask(true)
.location("eastus")
.logTemplate("acr/tasks:{{.Run.OS}}")
.registryName("myRegistry")
.resourceGroupName("myResourceGroup")
.status("Enabled")
.tags(Map.of("testkey", "value"))
.taskName("quicktask")
.build());
}
}
resources:
task:
type: azure-native:containerregistry:Task
properties:
isSystemTask: true
location: eastus
logTemplate: acr/tasks:{{.Run.OS}}
registryName: myRegistry
resourceGroupName: myResourceGroup
status: Enabled
tags:
testkey: value
taskName: quicktask
Setting isSystemTask to true marks this as a system-managed task. The status property controls whether the task accepts new runs. The logTemplate property defines where run logs are stored using a Go template syntax. Without step or trigger properties, this task waits for manual execution or external orchestration.
Authenticate with managed identities
Tasks that access Azure resources or external services need identity configuration for authentication, eliminating stored credentials.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const task = new azure_native.containerregistry.Task("task", {
agentConfiguration: {
cpu: 2,
},
identity: {
type: azure_native.containerregistry.ResourceIdentityType.SystemAssigned_UserAssigned,
userAssignedIdentities: {
"/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2": {},
},
},
isSystemTask: false,
location: "eastus",
platform: {
architecture: azure_native.containerregistry.Architecture.Amd64,
os: azure_native.containerregistry.OS.Linux,
},
registryName: "myRegistry",
resourceGroupName: "myResourceGroup",
status: azure_native.containerregistry.TaskStatus.Enabled,
step: {
arguments: [
{
isSecret: false,
name: "mytestargument",
value: "mytestvalue",
},
{
isSecret: true,
name: "mysecrettestargument",
value: "mysecrettestvalue",
},
],
contextPath: "src",
dockerFilePath: "src/DockerFile",
imageNames: ["azurerest:testtag"],
isPushEnabled: true,
noCache: false,
type: "Docker",
},
tags: {
testkey: "value",
},
taskName: "mytTask",
trigger: {
baseImageTrigger: {
baseImageTriggerType: azure_native.containerregistry.BaseImageTriggerType.Runtime,
name: "myBaseImageTrigger",
updateTriggerEndpoint: "https://user:pass@mycicd.webhook.com?token=foo",
updateTriggerPayloadType: azure_native.containerregistry.UpdateTriggerPayloadType.Default,
},
sourceTriggers: [{
name: "mySourceTrigger",
sourceRepository: {
branch: "master",
repositoryUrl: "https://github.com/Azure/azure-rest-api-specs",
sourceControlAuthProperties: {
token: "xxxxx",
tokenType: azure_native.containerregistry.TokenType.PAT,
},
sourceControlType: azure_native.containerregistry.SourceControlType.Github,
},
sourceTriggerEvents: [azure_native.containerregistry.SourceTriggerEvent.Commit],
}],
timerTriggers: [{
name: "myTimerTrigger",
schedule: "30 9 * * 1-5",
}],
},
});
import pulumi
import pulumi_azure_native as azure_native
task = azure_native.containerregistry.Task("task",
agent_configuration={
"cpu": 2,
},
identity={
"type": azure_native.containerregistry.ResourceIdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED,
"user_assigned_identities": {
"/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2": {},
},
},
is_system_task=False,
location="eastus",
platform={
"architecture": azure_native.containerregistry.Architecture.AMD64,
"os": azure_native.containerregistry.OS.LINUX,
},
registry_name="myRegistry",
resource_group_name="myResourceGroup",
status=azure_native.containerregistry.TaskStatus.ENABLED,
step={
"arguments": [
{
"is_secret": False,
"name": "mytestargument",
"value": "mytestvalue",
},
{
"is_secret": True,
"name": "mysecrettestargument",
"value": "mysecrettestvalue",
},
],
"context_path": "src",
"docker_file_path": "src/DockerFile",
"image_names": ["azurerest:testtag"],
"is_push_enabled": True,
"no_cache": False,
"type": "Docker",
},
tags={
"testkey": "value",
},
task_name="mytTask",
trigger={
"base_image_trigger": {
"base_image_trigger_type": azure_native.containerregistry.BaseImageTriggerType.RUNTIME,
"name": "myBaseImageTrigger",
"update_trigger_endpoint": "https://user:pass@mycicd.webhook.com?token=foo",
"update_trigger_payload_type": azure_native.containerregistry.UpdateTriggerPayloadType.DEFAULT,
},
"source_triggers": [{
"name": "mySourceTrigger",
"source_repository": {
"branch": "master",
"repository_url": "https://github.com/Azure/azure-rest-api-specs",
"source_control_auth_properties": {
"token": "xxxxx",
"token_type": azure_native.containerregistry.TokenType.PAT,
},
"source_control_type": azure_native.containerregistry.SourceControlType.GITHUB,
},
"source_trigger_events": [azure_native.containerregistry.SourceTriggerEvent.COMMIT],
}],
"timer_triggers": [{
"name": "myTimerTrigger",
"schedule": "30 9 * * 1-5",
}],
})
package main
import (
containerregistry "github.com/pulumi/pulumi-azure-native-sdk/containerregistry/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := containerregistry.NewTask(ctx, "task", &containerregistry.TaskArgs{
AgentConfiguration: &containerregistry.AgentPropertiesArgs{
Cpu: pulumi.Int(2),
},
Identity: &containerregistry.IdentityPropertiesArgs{
Type: containerregistry.ResourceIdentityType_SystemAssigned_UserAssigned,
UserAssignedIdentities: containerregistry.UserIdentityPropertiesMap{
"/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2": &containerregistry.UserIdentityPropertiesArgs{},
},
},
IsSystemTask: pulumi.Bool(false),
Location: pulumi.String("eastus"),
Platform: &containerregistry.PlatformPropertiesArgs{
Architecture: pulumi.String(containerregistry.ArchitectureAmd64),
Os: pulumi.String(containerregistry.OSLinux),
},
RegistryName: pulumi.String("myRegistry"),
ResourceGroupName: pulumi.String("myResourceGroup"),
Status: pulumi.String(containerregistry.TaskStatusEnabled),
Step: &containerregistry.DockerBuildStepArgs{
Arguments: containerregistry.ArgumentArray{
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(false),
Name: pulumi.String("mytestargument"),
Value: pulumi.String("mytestvalue"),
},
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(true),
Name: pulumi.String("mysecrettestargument"),
Value: pulumi.String("mysecrettestvalue"),
},
},
ContextPath: pulumi.String("src"),
DockerFilePath: pulumi.String("src/DockerFile"),
ImageNames: pulumi.StringArray{
pulumi.String("azurerest:testtag"),
},
IsPushEnabled: pulumi.Bool(true),
NoCache: pulumi.Bool(false),
Type: pulumi.String("Docker"),
},
Tags: pulumi.StringMap{
"testkey": pulumi.String("value"),
},
TaskName: pulumi.String("mytTask"),
Trigger: &containerregistry.TriggerPropertiesArgs{
BaseImageTrigger: &containerregistry.BaseImageTriggerArgs{
BaseImageTriggerType: pulumi.String(containerregistry.BaseImageTriggerTypeRuntime),
Name: pulumi.String("myBaseImageTrigger"),
UpdateTriggerEndpoint: pulumi.String("https://user:pass@mycicd.webhook.com?token=foo"),
UpdateTriggerPayloadType: pulumi.String(containerregistry.UpdateTriggerPayloadTypeDefault),
},
SourceTriggers: containerregistry.SourceTriggerArray{
&containerregistry.SourceTriggerArgs{
Name: pulumi.String("mySourceTrigger"),
SourceRepository: &containerregistry.SourcePropertiesArgs{
Branch: pulumi.String("master"),
RepositoryUrl: pulumi.String("https://github.com/Azure/azure-rest-api-specs"),
SourceControlAuthProperties: &containerregistry.AuthInfoArgs{
Token: pulumi.String("xxxxx"),
TokenType: pulumi.String(containerregistry.TokenTypePAT),
},
SourceControlType: pulumi.String(containerregistry.SourceControlTypeGithub),
},
SourceTriggerEvents: pulumi.StringArray{
pulumi.String(containerregistry.SourceTriggerEventCommit),
},
},
},
TimerTriggers: containerregistry.TimerTriggerArray{
&containerregistry.TimerTriggerArgs{
Name: pulumi.String("myTimerTrigger"),
Schedule: pulumi.String("30 9 * * 1-5"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var task = new AzureNative.ContainerRegistry.Task("task", new()
{
AgentConfiguration = new AzureNative.ContainerRegistry.Inputs.AgentPropertiesArgs
{
Cpu = 2,
},
Identity = new AzureNative.ContainerRegistry.Inputs.IdentityPropertiesArgs
{
Type = AzureNative.ContainerRegistry.ResourceIdentityType.SystemAssigned_UserAssigned,
UserAssignedIdentities =
{
{ "/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2", null },
},
},
IsSystemTask = false,
Location = "eastus",
Platform = new AzureNative.ContainerRegistry.Inputs.PlatformPropertiesArgs
{
Architecture = AzureNative.ContainerRegistry.Architecture.Amd64,
Os = AzureNative.ContainerRegistry.OS.Linux,
},
RegistryName = "myRegistry",
ResourceGroupName = "myResourceGroup",
Status = AzureNative.ContainerRegistry.TaskStatus.Enabled,
Step = new AzureNative.ContainerRegistry.Inputs.DockerBuildStepArgs
{
Arguments = new[]
{
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = false,
Name = "mytestargument",
Value = "mytestvalue",
},
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = true,
Name = "mysecrettestargument",
Value = "mysecrettestvalue",
},
},
ContextPath = "src",
DockerFilePath = "src/DockerFile",
ImageNames = new[]
{
"azurerest:testtag",
},
IsPushEnabled = true,
NoCache = false,
Type = "Docker",
},
Tags =
{
{ "testkey", "value" },
},
TaskName = "mytTask",
Trigger = new AzureNative.ContainerRegistry.Inputs.TriggerPropertiesArgs
{
BaseImageTrigger = new AzureNative.ContainerRegistry.Inputs.BaseImageTriggerArgs
{
BaseImageTriggerType = AzureNative.ContainerRegistry.BaseImageTriggerType.Runtime,
Name = "myBaseImageTrigger",
UpdateTriggerEndpoint = "https://user:pass@mycicd.webhook.com?token=foo",
UpdateTriggerPayloadType = AzureNative.ContainerRegistry.UpdateTriggerPayloadType.Default,
},
SourceTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.SourceTriggerArgs
{
Name = "mySourceTrigger",
SourceRepository = new AzureNative.ContainerRegistry.Inputs.SourcePropertiesArgs
{
Branch = "master",
RepositoryUrl = "https://github.com/Azure/azure-rest-api-specs",
SourceControlAuthProperties = new AzureNative.ContainerRegistry.Inputs.AuthInfoArgs
{
Token = "xxxxx",
TokenType = AzureNative.ContainerRegistry.TokenType.PAT,
},
SourceControlType = AzureNative.ContainerRegistry.SourceControlType.Github,
},
SourceTriggerEvents = new[]
{
AzureNative.ContainerRegistry.SourceTriggerEvent.Commit,
},
},
},
TimerTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.TimerTriggerArgs
{
Name = "myTimerTrigger",
Schedule = "30 9 * * 1-5",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.containerregistry.Task;
import com.pulumi.azurenative.containerregistry.TaskArgs;
import com.pulumi.azurenative.containerregistry.inputs.AgentPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.IdentityPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.PlatformPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.TriggerPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.BaseImageTriggerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var task = new Task("task", TaskArgs.builder()
.agentConfiguration(AgentPropertiesArgs.builder()
.cpu(2)
.build())
.identity(IdentityPropertiesArgs.builder()
.type("SystemAssigned, UserAssigned")
.userAssignedIdentities(Map.of("/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2", UserIdentityPropertiesArgs.builder()
.build()))
.build())
.isSystemTask(false)
.location("eastus")
.platform(PlatformPropertiesArgs.builder()
.architecture("amd64")
.os("Linux")
.build())
.registryName("myRegistry")
.resourceGroupName("myResourceGroup")
.status("Enabled")
.step(DockerBuildStepArgs.builder()
.arguments(
ArgumentArgs.builder()
.isSecret(false)
.name("mytestargument")
.value("mytestvalue")
.build(),
ArgumentArgs.builder()
.isSecret(true)
.name("mysecrettestargument")
.value("mysecrettestvalue")
.build())
.contextPath("src")
.dockerFilePath("src/DockerFile")
.imageNames("azurerest:testtag")
.isPushEnabled(true)
.noCache(false)
.type("Docker")
.build())
.tags(Map.of("testkey", "value"))
.taskName("mytTask")
.trigger(TriggerPropertiesArgs.builder()
.baseImageTrigger(BaseImageTriggerArgs.builder()
.baseImageTriggerType("Runtime")
.name("myBaseImageTrigger")
.updateTriggerEndpoint("https://user:pass@mycicd.webhook.com?token=foo")
.updateTriggerPayloadType("Default")
.build())
.sourceTriggers(SourceTriggerArgs.builder()
.name("mySourceTrigger")
.sourceRepository(SourcePropertiesArgs.builder()
.branch("master")
.repositoryUrl("https://github.com/Azure/azure-rest-api-specs")
.sourceControlAuthProperties(AuthInfoArgs.builder()
.token("xxxxx")
.tokenType("PAT")
.build())
.sourceControlType("Github")
.build())
.sourceTriggerEvents("commit")
.build())
.timerTriggers(TimerTriggerArgs.builder()
.name("myTimerTrigger")
.schedule("30 9 * * 1-5")
.build())
.build())
.build());
}
}
resources:
task:
type: azure-native:containerregistry:Task
properties:
agentConfiguration:
cpu: 2
identity:
type: SystemAssigned, UserAssigned
userAssignedIdentities:
? /subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2
: {}
isSystemTask: false
location: eastus
platform:
architecture: amd64
os: Linux
registryName: myRegistry
resourceGroupName: myResourceGroup
status: Enabled
step:
arguments:
- isSecret: false
name: mytestargument
value: mytestvalue
- isSecret: true
name: mysecrettestargument
value: mysecrettestvalue
contextPath: src
dockerFilePath: src/DockerFile
imageNames:
- azurerest:testtag
isPushEnabled: true
noCache: false
type: Docker
tags:
testkey: value
taskName: mytTask
trigger:
baseImageTrigger:
baseImageTriggerType: Runtime
name: myBaseImageTrigger
updateTriggerEndpoint: https://user:pass@mycicd.webhook.com?token=foo
updateTriggerPayloadType: Default
sourceTriggers:
- name: mySourceTrigger
sourceRepository:
branch: master
repositoryUrl: https://github.com/Azure/azure-rest-api-specs
sourceControlAuthProperties:
token: xxxxx
tokenType: PAT
sourceControlType: Github
sourceTriggerEvents:
- commit
timerTriggers:
- name: myTimerTrigger
schedule: 30 9 * * 1-5
The identity property configures authentication for the task. Setting type to SystemAssigned_UserAssigned enables both a system-managed identity (created automatically) and user-assigned identities (referenced by ARM resource ID). The task can use these identities to authenticate to Azure Container Registry, Key Vault, or other Azure services during builds.
Beyond these examples
These snippets focus on specific task-level features: Docker build steps with arguments and secrets, automated triggers (source, base image, timer), and managed identity authentication. They’re intentionally minimal rather than full CI/CD pipelines.
The examples may reference pre-existing infrastructure such as Azure Container Registry, GitHub repositories with PAT tokens, user-assigned managed identities, and external webhook endpoints. They focus on configuring the task rather than provisioning everything around it.
To keep things focused, common task patterns are omitted, including:
- Custom agent pools (agentPoolName)
- Credential sets for private registries (credentials)
- Multi-step tasks with FileTaskStep or EncodedTaskStep
- Task run history and logging configuration
These omissions are intentional: the goal is to illustrate how each task feature is wired, not provide drop-in CI/CD modules. See the ACR Task resource reference for all available configuration options.
Let's configure Azure Container Registry Tasks
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Task Types & Configuration
What's the difference between a system task and a regular task?
Set
isSystemTask to true for quick tasks that don’t require platform or step configuration. Regular tasks (false) support full build steps, triggers, and platform specifications.What properties can't be changed after creating a task?
The
location, registryName, resourceGroupName, and taskName properties are immutable after creation.What's the default timeout for task execution?
Tasks default to 3600 seconds (1 hour). You can configure this using the
timeout property.Identity & Authentication
What identity types can I assign to a task?
You can use
SystemAssigned (Azure-managed), UserAssigned (your managed identities), or SystemAssigned, UserAssigned (both types combined).How do I use multiple user-assigned identities?
Set
identity.type to ‘UserAssigned’ and provide a map of identity resource IDs in userAssignedIdentities.How do I pass secret values to my task?
In the
step.arguments array, set isSecret to true for sensitive values like passwords or tokens.Triggers & Automation
How do I schedule a task to run on a cron schedule?
Use
trigger.timerTriggers with a cron expression like ‘30 9 * * 1-5’ for 9:30 AM on weekdays.How do I trigger a task on Git commits?
Configure
trigger.sourceTriggers with your repository URL, branch, authentication token (sourceControlAuthProperties), and set sourceTriggerEvents to ‘commit’.What's the difference between Runtime and All base image triggers?
Set
baseImageTriggerType to ‘Runtime’ to trigger only on runtime dependency updates, or ‘All’ to trigger on any base image dependency change.Platform & Resources
When do I need to specify platform properties?
Platform properties (
architecture and os) are required for regular tasks but not for system tasks (isSystemTask: true).How do I control CPU resources for task execution?
Set
agentConfiguration.cpu to allocate CPU cores (e.g., 2 for dual-core execution).