The azure-native:containerregistry:Task resource, part of the Pulumi Azure Native provider, defines an ACR Task that schedules container image builds and runs based on triggers or manual invocation. This guide focuses on three capabilities: Docker build steps with automated triggers, quick task definitions for manual runs, and managed identity authentication.
Tasks belong to an Azure Container Registry and may reference GitHub repositories, managed identities, and external webhook endpoints. The examples are intentionally small. Combine them with your own registry, source repositories, and identity configuration.
Build and push images with automated triggers
Container registries often need to rebuild images automatically when base images update or source code changes, eliminating manual intervention.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const task = new azure_native.containerregistry.Task("task", {
agentConfiguration: {
cpu: 2,
},
identity: {
type: azure_native.containerregistry.ResourceIdentityType.SystemAssigned,
},
isSystemTask: false,
location: "eastus",
logTemplate: "acr/tasks:{{.Run.OS}}",
platform: {
architecture: azure_native.containerregistry.Architecture.Amd64,
os: azure_native.containerregistry.OS.Linux,
},
registryName: "myRegistry",
resourceGroupName: "myResourceGroup",
status: azure_native.containerregistry.TaskStatus.Enabled,
step: {
arguments: [
{
isSecret: false,
name: "mytestargument",
value: "mytestvalue",
},
{
isSecret: true,
name: "mysecrettestargument",
value: "mysecrettestvalue",
},
],
contextPath: "src",
dockerFilePath: "src/DockerFile",
imageNames: ["azurerest:testtag"],
isPushEnabled: true,
noCache: false,
type: "Docker",
},
tags: {
testkey: "value",
},
taskName: "mytTask",
trigger: {
baseImageTrigger: {
baseImageTriggerType: azure_native.containerregistry.BaseImageTriggerType.Runtime,
name: "myBaseImageTrigger",
updateTriggerEndpoint: "https://user:pass@mycicd.webhook.com?token=foo",
updateTriggerPayloadType: azure_native.containerregistry.UpdateTriggerPayloadType.Token,
},
sourceTriggers: [{
name: "mySourceTrigger",
sourceRepository: {
branch: "master",
repositoryUrl: "https://github.com/Azure/azure-rest-api-specs",
sourceControlAuthProperties: {
token: "xxxxx",
tokenType: azure_native.containerregistry.TokenType.PAT,
},
sourceControlType: azure_native.containerregistry.SourceControlType.Github,
},
sourceTriggerEvents: [azure_native.containerregistry.SourceTriggerEvent.Commit],
}],
timerTriggers: [{
name: "myTimerTrigger",
schedule: "30 9 * * 1-5",
}],
},
});
import pulumi
import pulumi_azure_native as azure_native
task = azure_native.containerregistry.Task("task",
agent_configuration={
"cpu": 2,
},
identity={
"type": azure_native.containerregistry.ResourceIdentityType.SYSTEM_ASSIGNED,
},
is_system_task=False,
location="eastus",
log_template="acr/tasks:{{.Run.OS}}",
platform={
"architecture": azure_native.containerregistry.Architecture.AMD64,
"os": azure_native.containerregistry.OS.LINUX,
},
registry_name="myRegistry",
resource_group_name="myResourceGroup",
status=azure_native.containerregistry.TaskStatus.ENABLED,
step={
"arguments": [
{
"is_secret": False,
"name": "mytestargument",
"value": "mytestvalue",
},
{
"is_secret": True,
"name": "mysecrettestargument",
"value": "mysecrettestvalue",
},
],
"context_path": "src",
"docker_file_path": "src/DockerFile",
"image_names": ["azurerest:testtag"],
"is_push_enabled": True,
"no_cache": False,
"type": "Docker",
},
tags={
"testkey": "value",
},
task_name="mytTask",
trigger={
"base_image_trigger": {
"base_image_trigger_type": azure_native.containerregistry.BaseImageTriggerType.RUNTIME,
"name": "myBaseImageTrigger",
"update_trigger_endpoint": "https://user:pass@mycicd.webhook.com?token=foo",
"update_trigger_payload_type": azure_native.containerregistry.UpdateTriggerPayloadType.TOKEN,
},
"source_triggers": [{
"name": "mySourceTrigger",
"source_repository": {
"branch": "master",
"repository_url": "https://github.com/Azure/azure-rest-api-specs",
"source_control_auth_properties": {
"token": "xxxxx",
"token_type": azure_native.containerregistry.TokenType.PAT,
},
"source_control_type": azure_native.containerregistry.SourceControlType.GITHUB,
},
"source_trigger_events": [azure_native.containerregistry.SourceTriggerEvent.COMMIT],
}],
"timer_triggers": [{
"name": "myTimerTrigger",
"schedule": "30 9 * * 1-5",
}],
})
package main
import (
containerregistry "github.com/pulumi/pulumi-azure-native-sdk/containerregistry/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := containerregistry.NewTask(ctx, "task", &containerregistry.TaskArgs{
AgentConfiguration: &containerregistry.AgentPropertiesArgs{
Cpu: pulumi.Int(2),
},
Identity: &containerregistry.IdentityPropertiesArgs{
Type: containerregistry.ResourceIdentityTypeSystemAssigned,
},
IsSystemTask: pulumi.Bool(false),
Location: pulumi.String("eastus"),
LogTemplate: pulumi.String("acr/tasks:{{.Run.OS}}"),
Platform: &containerregistry.PlatformPropertiesArgs{
Architecture: pulumi.String(containerregistry.ArchitectureAmd64),
Os: pulumi.String(containerregistry.OSLinux),
},
RegistryName: pulumi.String("myRegistry"),
ResourceGroupName: pulumi.String("myResourceGroup"),
Status: pulumi.String(containerregistry.TaskStatusEnabled),
Step: &containerregistry.DockerBuildStepArgs{
Arguments: containerregistry.ArgumentArray{
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(false),
Name: pulumi.String("mytestargument"),
Value: pulumi.String("mytestvalue"),
},
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(true),
Name: pulumi.String("mysecrettestargument"),
Value: pulumi.String("mysecrettestvalue"),
},
},
ContextPath: pulumi.String("src"),
DockerFilePath: pulumi.String("src/DockerFile"),
ImageNames: pulumi.StringArray{
pulumi.String("azurerest:testtag"),
},
IsPushEnabled: pulumi.Bool(true),
NoCache: pulumi.Bool(false),
Type: pulumi.String("Docker"),
},
Tags: pulumi.StringMap{
"testkey": pulumi.String("value"),
},
TaskName: pulumi.String("mytTask"),
Trigger: &containerregistry.TriggerPropertiesArgs{
BaseImageTrigger: &containerregistry.BaseImageTriggerArgs{
BaseImageTriggerType: pulumi.String(containerregistry.BaseImageTriggerTypeRuntime),
Name: pulumi.String("myBaseImageTrigger"),
UpdateTriggerEndpoint: pulumi.String("https://user:pass@mycicd.webhook.com?token=foo"),
UpdateTriggerPayloadType: pulumi.String(containerregistry.UpdateTriggerPayloadTypeToken),
},
SourceTriggers: containerregistry.SourceTriggerArray{
&containerregistry.SourceTriggerArgs{
Name: pulumi.String("mySourceTrigger"),
SourceRepository: &containerregistry.SourcePropertiesArgs{
Branch: pulumi.String("master"),
RepositoryUrl: pulumi.String("https://github.com/Azure/azure-rest-api-specs"),
SourceControlAuthProperties: &containerregistry.AuthInfoArgs{
Token: pulumi.String("xxxxx"),
TokenType: pulumi.String(containerregistry.TokenTypePAT),
},
SourceControlType: pulumi.String(containerregistry.SourceControlTypeGithub),
},
SourceTriggerEvents: pulumi.StringArray{
pulumi.String(containerregistry.SourceTriggerEventCommit),
},
},
},
TimerTriggers: containerregistry.TimerTriggerArray{
&containerregistry.TimerTriggerArgs{
Name: pulumi.String("myTimerTrigger"),
Schedule: pulumi.String("30 9 * * 1-5"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var task = new AzureNative.ContainerRegistry.Task("task", new()
{
AgentConfiguration = new AzureNative.ContainerRegistry.Inputs.AgentPropertiesArgs
{
Cpu = 2,
},
Identity = new AzureNative.ContainerRegistry.Inputs.IdentityPropertiesArgs
{
Type = AzureNative.ContainerRegistry.ResourceIdentityType.SystemAssigned,
},
IsSystemTask = false,
Location = "eastus",
LogTemplate = "acr/tasks:{{.Run.OS}}",
Platform = new AzureNative.ContainerRegistry.Inputs.PlatformPropertiesArgs
{
Architecture = AzureNative.ContainerRegistry.Architecture.Amd64,
Os = AzureNative.ContainerRegistry.OS.Linux,
},
RegistryName = "myRegistry",
ResourceGroupName = "myResourceGroup",
Status = AzureNative.ContainerRegistry.TaskStatus.Enabled,
Step = new AzureNative.ContainerRegistry.Inputs.DockerBuildStepArgs
{
Arguments = new[]
{
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = false,
Name = "mytestargument",
Value = "mytestvalue",
},
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = true,
Name = "mysecrettestargument",
Value = "mysecrettestvalue",
},
},
ContextPath = "src",
DockerFilePath = "src/DockerFile",
ImageNames = new[]
{
"azurerest:testtag",
},
IsPushEnabled = true,
NoCache = false,
Type = "Docker",
},
Tags =
{
{ "testkey", "value" },
},
TaskName = "mytTask",
Trigger = new AzureNative.ContainerRegistry.Inputs.TriggerPropertiesArgs
{
BaseImageTrigger = new AzureNative.ContainerRegistry.Inputs.BaseImageTriggerArgs
{
BaseImageTriggerType = AzureNative.ContainerRegistry.BaseImageTriggerType.Runtime,
Name = "myBaseImageTrigger",
UpdateTriggerEndpoint = "https://user:pass@mycicd.webhook.com?token=foo",
UpdateTriggerPayloadType = AzureNative.ContainerRegistry.UpdateTriggerPayloadType.Token,
},
SourceTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.SourceTriggerArgs
{
Name = "mySourceTrigger",
SourceRepository = new AzureNative.ContainerRegistry.Inputs.SourcePropertiesArgs
{
Branch = "master",
RepositoryUrl = "https://github.com/Azure/azure-rest-api-specs",
SourceControlAuthProperties = new AzureNative.ContainerRegistry.Inputs.AuthInfoArgs
{
Token = "xxxxx",
TokenType = AzureNative.ContainerRegistry.TokenType.PAT,
},
SourceControlType = AzureNative.ContainerRegistry.SourceControlType.Github,
},
SourceTriggerEvents = new[]
{
AzureNative.ContainerRegistry.SourceTriggerEvent.Commit,
},
},
},
TimerTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.TimerTriggerArgs
{
Name = "myTimerTrigger",
Schedule = "30 9 * * 1-5",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.containerregistry.Task;
import com.pulumi.azurenative.containerregistry.TaskArgs;
import com.pulumi.azurenative.containerregistry.inputs.AgentPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.IdentityPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.PlatformPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.TriggerPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.BaseImageTriggerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var task = new Task("task", TaskArgs.builder()
.agentConfiguration(AgentPropertiesArgs.builder()
.cpu(2)
.build())
.identity(IdentityPropertiesArgs.builder()
.type("SystemAssigned")
.build())
.isSystemTask(false)
.location("eastus")
.logTemplate("acr/tasks:{{.Run.OS}}")
.platform(PlatformPropertiesArgs.builder()
.architecture("amd64")
.os("Linux")
.build())
.registryName("myRegistry")
.resourceGroupName("myResourceGroup")
.status("Enabled")
.step(DockerBuildStepArgs.builder()
.arguments(
ArgumentArgs.builder()
.isSecret(false)
.name("mytestargument")
.value("mytestvalue")
.build(),
ArgumentArgs.builder()
.isSecret(true)
.name("mysecrettestargument")
.value("mysecrettestvalue")
.build())
.contextPath("src")
.dockerFilePath("src/DockerFile")
.imageNames("azurerest:testtag")
.isPushEnabled(true)
.noCache(false)
.type("Docker")
.build())
.tags(Map.of("testkey", "value"))
.taskName("mytTask")
.trigger(TriggerPropertiesArgs.builder()
.baseImageTrigger(BaseImageTriggerArgs.builder()
.baseImageTriggerType("Runtime")
.name("myBaseImageTrigger")
.updateTriggerEndpoint("https://user:pass@mycicd.webhook.com?token=foo")
.updateTriggerPayloadType("Token")
.build())
.sourceTriggers(SourceTriggerArgs.builder()
.name("mySourceTrigger")
.sourceRepository(SourcePropertiesArgs.builder()
.branch("master")
.repositoryUrl("https://github.com/Azure/azure-rest-api-specs")
.sourceControlAuthProperties(AuthInfoArgs.builder()
.token("xxxxx")
.tokenType("PAT")
.build())
.sourceControlType("Github")
.build())
.sourceTriggerEvents("commit")
.build())
.timerTriggers(TimerTriggerArgs.builder()
.name("myTimerTrigger")
.schedule("30 9 * * 1-5")
.build())
.build())
.build());
}
}
resources:
task:
type: azure-native:containerregistry:Task
properties:
agentConfiguration:
cpu: 2
identity:
type: SystemAssigned
isSystemTask: false
location: eastus
logTemplate: acr/tasks:{{.Run.OS}}
platform:
architecture: amd64
os: Linux
registryName: myRegistry
resourceGroupName: myResourceGroup
status: Enabled
step:
arguments:
- isSecret: false
name: mytestargument
value: mytestvalue
- isSecret: true
name: mysecrettestargument
value: mysecrettestvalue
contextPath: src
dockerFilePath: src/DockerFile
imageNames:
- azurerest:testtag
isPushEnabled: true
noCache: false
type: Docker
tags:
testkey: value
taskName: mytTask
trigger:
baseImageTrigger:
baseImageTriggerType: Runtime
name: myBaseImageTrigger
updateTriggerEndpoint: https://user:pass@mycicd.webhook.com?token=foo
updateTriggerPayloadType: Token
sourceTriggers:
- name: mySourceTrigger
sourceRepository:
branch: master
repositoryUrl: https://github.com/Azure/azure-rest-api-specs
sourceControlAuthProperties:
token: xxxxx
tokenType: PAT
sourceControlType: Github
sourceTriggerEvents:
- commit
timerTriggers:
- name: myTimerTrigger
schedule: 30 9 * * 1-5
The step property defines a Docker build that reads from contextPath, builds using dockerFilePath, and pushes to the registry when isPushEnabled is true. The trigger property configures three automation types: baseImageTrigger rebuilds when base images update, sourceTriggers watch GitHub for commits, and timerTriggers run on a cron schedule. The platform property specifies the build environment (Linux amd64), while agentConfiguration sets CPU allocation for the build agent.
Create a minimal task for quick runs
Some workflows need tasks that run on-demand rather than automatically, providing a lightweight definition without build steps or triggers.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const task = new azure_native.containerregistry.Task("task", {
isSystemTask: true,
location: "eastus",
logTemplate: "acr/tasks:{{.Run.OS}}",
registryName: "myRegistry",
resourceGroupName: "myResourceGroup",
status: azure_native.containerregistry.TaskStatus.Enabled,
tags: {
testkey: "value",
},
taskName: "quicktask",
});
import pulumi
import pulumi_azure_native as azure_native
task = azure_native.containerregistry.Task("task",
is_system_task=True,
location="eastus",
log_template="acr/tasks:{{.Run.OS}}",
registry_name="myRegistry",
resource_group_name="myResourceGroup",
status=azure_native.containerregistry.TaskStatus.ENABLED,
tags={
"testkey": "value",
},
task_name="quicktask")
package main
import (
containerregistry "github.com/pulumi/pulumi-azure-native-sdk/containerregistry/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := containerregistry.NewTask(ctx, "task", &containerregistry.TaskArgs{
IsSystemTask: pulumi.Bool(true),
Location: pulumi.String("eastus"),
LogTemplate: pulumi.String("acr/tasks:{{.Run.OS}}"),
RegistryName: pulumi.String("myRegistry"),
ResourceGroupName: pulumi.String("myResourceGroup"),
Status: pulumi.String(containerregistry.TaskStatusEnabled),
Tags: pulumi.StringMap{
"testkey": pulumi.String("value"),
},
TaskName: pulumi.String("quicktask"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var task = new AzureNative.ContainerRegistry.Task("task", new()
{
IsSystemTask = true,
Location = "eastus",
LogTemplate = "acr/tasks:{{.Run.OS}}",
RegistryName = "myRegistry",
ResourceGroupName = "myResourceGroup",
Status = AzureNative.ContainerRegistry.TaskStatus.Enabled,
Tags =
{
{ "testkey", "value" },
},
TaskName = "quicktask",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.containerregistry.Task;
import com.pulumi.azurenative.containerregistry.TaskArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var task = new Task("task", TaskArgs.builder()
.isSystemTask(true)
.location("eastus")
.logTemplate("acr/tasks:{{.Run.OS}}")
.registryName("myRegistry")
.resourceGroupName("myResourceGroup")
.status("Enabled")
.tags(Map.of("testkey", "value"))
.taskName("quicktask")
.build());
}
}
resources:
task:
type: azure-native:containerregistry:Task
properties:
isSystemTask: true
location: eastus
logTemplate: acr/tasks:{{.Run.OS}}
registryName: myRegistry
resourceGroupName: myResourceGroup
status: Enabled
tags:
testkey: value
taskName: quicktask
Setting isSystemTask to true marks this as a system-managed task. The status property controls whether the task accepts new runs. The logTemplate property defines where run logs are stored using a Go template syntax. Without step or trigger properties, this task waits for manual execution or external orchestration.
Authenticate with managed identities
Tasks that access Azure resources or external services need identity configuration for authentication, eliminating stored credentials.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const task = new azure_native.containerregistry.Task("task", {
agentConfiguration: {
cpu: 2,
},
identity: {
type: azure_native.containerregistry.ResourceIdentityType.SystemAssigned_UserAssigned,
userAssignedIdentities: {
"/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2": {},
},
},
isSystemTask: false,
location: "eastus",
platform: {
architecture: azure_native.containerregistry.Architecture.Amd64,
os: azure_native.containerregistry.OS.Linux,
},
registryName: "myRegistry",
resourceGroupName: "myResourceGroup",
status: azure_native.containerregistry.TaskStatus.Enabled,
step: {
arguments: [
{
isSecret: false,
name: "mytestargument",
value: "mytestvalue",
},
{
isSecret: true,
name: "mysecrettestargument",
value: "mysecrettestvalue",
},
],
contextPath: "src",
dockerFilePath: "src/DockerFile",
imageNames: ["azurerest:testtag"],
isPushEnabled: true,
noCache: false,
type: "Docker",
},
tags: {
testkey: "value",
},
taskName: "mytTask",
trigger: {
baseImageTrigger: {
baseImageTriggerType: azure_native.containerregistry.BaseImageTriggerType.Runtime,
name: "myBaseImageTrigger",
updateTriggerEndpoint: "https://user:pass@mycicd.webhook.com?token=foo",
updateTriggerPayloadType: azure_native.containerregistry.UpdateTriggerPayloadType.Default,
},
sourceTriggers: [{
name: "mySourceTrigger",
sourceRepository: {
branch: "master",
repositoryUrl: "https://github.com/Azure/azure-rest-api-specs",
sourceControlAuthProperties: {
token: "xxxxx",
tokenType: azure_native.containerregistry.TokenType.PAT,
},
sourceControlType: azure_native.containerregistry.SourceControlType.Github,
},
sourceTriggerEvents: [azure_native.containerregistry.SourceTriggerEvent.Commit],
}],
timerTriggers: [{
name: "myTimerTrigger",
schedule: "30 9 * * 1-5",
}],
},
});
import pulumi
import pulumi_azure_native as azure_native
task = azure_native.containerregistry.Task("task",
agent_configuration={
"cpu": 2,
},
identity={
"type": azure_native.containerregistry.ResourceIdentityType.SYSTEM_ASSIGNED_USER_ASSIGNED,
"user_assigned_identities": {
"/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2": {},
},
},
is_system_task=False,
location="eastus",
platform={
"architecture": azure_native.containerregistry.Architecture.AMD64,
"os": azure_native.containerregistry.OS.LINUX,
},
registry_name="myRegistry",
resource_group_name="myResourceGroup",
status=azure_native.containerregistry.TaskStatus.ENABLED,
step={
"arguments": [
{
"is_secret": False,
"name": "mytestargument",
"value": "mytestvalue",
},
{
"is_secret": True,
"name": "mysecrettestargument",
"value": "mysecrettestvalue",
},
],
"context_path": "src",
"docker_file_path": "src/DockerFile",
"image_names": ["azurerest:testtag"],
"is_push_enabled": True,
"no_cache": False,
"type": "Docker",
},
tags={
"testkey": "value",
},
task_name="mytTask",
trigger={
"base_image_trigger": {
"base_image_trigger_type": azure_native.containerregistry.BaseImageTriggerType.RUNTIME,
"name": "myBaseImageTrigger",
"update_trigger_endpoint": "https://user:pass@mycicd.webhook.com?token=foo",
"update_trigger_payload_type": azure_native.containerregistry.UpdateTriggerPayloadType.DEFAULT,
},
"source_triggers": [{
"name": "mySourceTrigger",
"source_repository": {
"branch": "master",
"repository_url": "https://github.com/Azure/azure-rest-api-specs",
"source_control_auth_properties": {
"token": "xxxxx",
"token_type": azure_native.containerregistry.TokenType.PAT,
},
"source_control_type": azure_native.containerregistry.SourceControlType.GITHUB,
},
"source_trigger_events": [azure_native.containerregistry.SourceTriggerEvent.COMMIT],
}],
"timer_triggers": [{
"name": "myTimerTrigger",
"schedule": "30 9 * * 1-5",
}],
})
package main
import (
containerregistry "github.com/pulumi/pulumi-azure-native-sdk/containerregistry/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := containerregistry.NewTask(ctx, "task", &containerregistry.TaskArgs{
AgentConfiguration: &containerregistry.AgentPropertiesArgs{
Cpu: pulumi.Int(2),
},
Identity: &containerregistry.IdentityPropertiesArgs{
Type: containerregistry.ResourceIdentityType_SystemAssigned_UserAssigned,
UserAssignedIdentities: containerregistry.UserIdentityPropertiesMap{
"/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2": &containerregistry.UserIdentityPropertiesArgs{},
},
},
IsSystemTask: pulumi.Bool(false),
Location: pulumi.String("eastus"),
Platform: &containerregistry.PlatformPropertiesArgs{
Architecture: pulumi.String(containerregistry.ArchitectureAmd64),
Os: pulumi.String(containerregistry.OSLinux),
},
RegistryName: pulumi.String("myRegistry"),
ResourceGroupName: pulumi.String("myResourceGroup"),
Status: pulumi.String(containerregistry.TaskStatusEnabled),
Step: &containerregistry.DockerBuildStepArgs{
Arguments: containerregistry.ArgumentArray{
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(false),
Name: pulumi.String("mytestargument"),
Value: pulumi.String("mytestvalue"),
},
&containerregistry.ArgumentArgs{
IsSecret: pulumi.Bool(true),
Name: pulumi.String("mysecrettestargument"),
Value: pulumi.String("mysecrettestvalue"),
},
},
ContextPath: pulumi.String("src"),
DockerFilePath: pulumi.String("src/DockerFile"),
ImageNames: pulumi.StringArray{
pulumi.String("azurerest:testtag"),
},
IsPushEnabled: pulumi.Bool(true),
NoCache: pulumi.Bool(false),
Type: pulumi.String("Docker"),
},
Tags: pulumi.StringMap{
"testkey": pulumi.String("value"),
},
TaskName: pulumi.String("mytTask"),
Trigger: &containerregistry.TriggerPropertiesArgs{
BaseImageTrigger: &containerregistry.BaseImageTriggerArgs{
BaseImageTriggerType: pulumi.String(containerregistry.BaseImageTriggerTypeRuntime),
Name: pulumi.String("myBaseImageTrigger"),
UpdateTriggerEndpoint: pulumi.String("https://user:pass@mycicd.webhook.com?token=foo"),
UpdateTriggerPayloadType: pulumi.String(containerregistry.UpdateTriggerPayloadTypeDefault),
},
SourceTriggers: containerregistry.SourceTriggerArray{
&containerregistry.SourceTriggerArgs{
Name: pulumi.String("mySourceTrigger"),
SourceRepository: &containerregistry.SourcePropertiesArgs{
Branch: pulumi.String("master"),
RepositoryUrl: pulumi.String("https://github.com/Azure/azure-rest-api-specs"),
SourceControlAuthProperties: &containerregistry.AuthInfoArgs{
Token: pulumi.String("xxxxx"),
TokenType: pulumi.String(containerregistry.TokenTypePAT),
},
SourceControlType: pulumi.String(containerregistry.SourceControlTypeGithub),
},
SourceTriggerEvents: pulumi.StringArray{
pulumi.String(containerregistry.SourceTriggerEventCommit),
},
},
},
TimerTriggers: containerregistry.TimerTriggerArray{
&containerregistry.TimerTriggerArgs{
Name: pulumi.String("myTimerTrigger"),
Schedule: pulumi.String("30 9 * * 1-5"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var task = new AzureNative.ContainerRegistry.Task("task", new()
{
AgentConfiguration = new AzureNative.ContainerRegistry.Inputs.AgentPropertiesArgs
{
Cpu = 2,
},
Identity = new AzureNative.ContainerRegistry.Inputs.IdentityPropertiesArgs
{
Type = AzureNative.ContainerRegistry.ResourceIdentityType.SystemAssigned_UserAssigned,
UserAssignedIdentities =
{
{ "/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2", null },
},
},
IsSystemTask = false,
Location = "eastus",
Platform = new AzureNative.ContainerRegistry.Inputs.PlatformPropertiesArgs
{
Architecture = AzureNative.ContainerRegistry.Architecture.Amd64,
Os = AzureNative.ContainerRegistry.OS.Linux,
},
RegistryName = "myRegistry",
ResourceGroupName = "myResourceGroup",
Status = AzureNative.ContainerRegistry.TaskStatus.Enabled,
Step = new AzureNative.ContainerRegistry.Inputs.DockerBuildStepArgs
{
Arguments = new[]
{
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = false,
Name = "mytestargument",
Value = "mytestvalue",
},
new AzureNative.ContainerRegistry.Inputs.ArgumentArgs
{
IsSecret = true,
Name = "mysecrettestargument",
Value = "mysecrettestvalue",
},
},
ContextPath = "src",
DockerFilePath = "src/DockerFile",
ImageNames = new[]
{
"azurerest:testtag",
},
IsPushEnabled = true,
NoCache = false,
Type = "Docker",
},
Tags =
{
{ "testkey", "value" },
},
TaskName = "mytTask",
Trigger = new AzureNative.ContainerRegistry.Inputs.TriggerPropertiesArgs
{
BaseImageTrigger = new AzureNative.ContainerRegistry.Inputs.BaseImageTriggerArgs
{
BaseImageTriggerType = AzureNative.ContainerRegistry.BaseImageTriggerType.Runtime,
Name = "myBaseImageTrigger",
UpdateTriggerEndpoint = "https://user:pass@mycicd.webhook.com?token=foo",
UpdateTriggerPayloadType = AzureNative.ContainerRegistry.UpdateTriggerPayloadType.Default,
},
SourceTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.SourceTriggerArgs
{
Name = "mySourceTrigger",
SourceRepository = new AzureNative.ContainerRegistry.Inputs.SourcePropertiesArgs
{
Branch = "master",
RepositoryUrl = "https://github.com/Azure/azure-rest-api-specs",
SourceControlAuthProperties = new AzureNative.ContainerRegistry.Inputs.AuthInfoArgs
{
Token = "xxxxx",
TokenType = AzureNative.ContainerRegistry.TokenType.PAT,
},
SourceControlType = AzureNative.ContainerRegistry.SourceControlType.Github,
},
SourceTriggerEvents = new[]
{
AzureNative.ContainerRegistry.SourceTriggerEvent.Commit,
},
},
},
TimerTriggers = new[]
{
new AzureNative.ContainerRegistry.Inputs.TimerTriggerArgs
{
Name = "myTimerTrigger",
Schedule = "30 9 * * 1-5",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.containerregistry.Task;
import com.pulumi.azurenative.containerregistry.TaskArgs;
import com.pulumi.azurenative.containerregistry.inputs.AgentPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.IdentityPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.PlatformPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.TriggerPropertiesArgs;
import com.pulumi.azurenative.containerregistry.inputs.BaseImageTriggerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var task = new Task("task", TaskArgs.builder()
.agentConfiguration(AgentPropertiesArgs.builder()
.cpu(2)
.build())
.identity(IdentityPropertiesArgs.builder()
.type("SystemAssigned, UserAssigned")
.userAssignedIdentities(Map.of("/subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2", UserIdentityPropertiesArgs.builder()
.build()))
.build())
.isSystemTask(false)
.location("eastus")
.platform(PlatformPropertiesArgs.builder()
.architecture("amd64")
.os("Linux")
.build())
.registryName("myRegistry")
.resourceGroupName("myResourceGroup")
.status("Enabled")
.step(DockerBuildStepArgs.builder()
.arguments(
ArgumentArgs.builder()
.isSecret(false)
.name("mytestargument")
.value("mytestvalue")
.build(),
ArgumentArgs.builder()
.isSecret(true)
.name("mysecrettestargument")
.value("mysecrettestvalue")
.build())
.contextPath("src")
.dockerFilePath("src/DockerFile")
.imageNames("azurerest:testtag")
.isPushEnabled(true)
.noCache(false)
.type("Docker")
.build())
.tags(Map.of("testkey", "value"))
.taskName("mytTask")
.trigger(TriggerPropertiesArgs.builder()
.baseImageTrigger(BaseImageTriggerArgs.builder()
.baseImageTriggerType("Runtime")
.name("myBaseImageTrigger")
.updateTriggerEndpoint("https://user:pass@mycicd.webhook.com?token=foo")
.updateTriggerPayloadType("Default")
.build())
.sourceTriggers(SourceTriggerArgs.builder()
.name("mySourceTrigger")
.sourceRepository(SourcePropertiesArgs.builder()
.branch("master")
.repositoryUrl("https://github.com/Azure/azure-rest-api-specs")
.sourceControlAuthProperties(AuthInfoArgs.builder()
.token("xxxxx")
.tokenType("PAT")
.build())
.sourceControlType("Github")
.build())
.sourceTriggerEvents("commit")
.build())
.timerTriggers(TimerTriggerArgs.builder()
.name("myTimerTrigger")
.schedule("30 9 * * 1-5")
.build())
.build())
.build());
}
}
resources:
task:
type: azure-native:containerregistry:Task
properties:
agentConfiguration:
cpu: 2
identity:
type: SystemAssigned, UserAssigned
userAssignedIdentities:
? /subscriptions/f9d7ebed-adbd-4cb4-b973-aaf82c136138/resourcegroups/myResourceGroup1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity2
: {}
isSystemTask: false
location: eastus
platform:
architecture: amd64
os: Linux
registryName: myRegistry
resourceGroupName: myResourceGroup
status: Enabled
step:
arguments:
- isSecret: false
name: mytestargument
value: mytestvalue
- isSecret: true
name: mysecrettestargument
value: mysecrettestvalue
contextPath: src
dockerFilePath: src/DockerFile
imageNames:
- azurerest:testtag
isPushEnabled: true
noCache: false
type: Docker
tags:
testkey: value
taskName: mytTask
trigger:
baseImageTrigger:
baseImageTriggerType: Runtime
name: myBaseImageTrigger
updateTriggerEndpoint: https://user:pass@mycicd.webhook.com?token=foo
updateTriggerPayloadType: Default
sourceTriggers:
- name: mySourceTrigger
sourceRepository:
branch: master
repositoryUrl: https://github.com/Azure/azure-rest-api-specs
sourceControlAuthProperties:
token: xxxxx
tokenType: PAT
sourceControlType: Github
sourceTriggerEvents:
- commit
timerTriggers:
- name: myTimerTrigger
schedule: 30 9 * * 1-5
The identity property configures authentication for the task. Setting type to SystemAssigned_UserAssigned enables both a system-managed identity (created automatically) and user-assigned identities (referenced by ARM resource ID). The task can use these identities to authenticate to Azure Container Registry, Key Vault, or other Azure services during builds.
Beyond these examples
These snippets focus on specific task-level features: Docker build steps with arguments and secrets, automated triggers (source, base image, timer), and managed identity authentication. They’re intentionally minimal rather than full CI/CD pipelines.
The examples may reference pre-existing infrastructure such as Azure Container Registry, GitHub repositories with PAT tokens, user-assigned managed identities, and external webhook endpoints. They focus on configuring the task rather than provisioning everything around it.
To keep things focused, common task patterns are omitted, including:
- Custom agent pools (agentPoolName)
- Credential sets for private registries (credentials)
- Multi-step tasks with FileTaskStep or EncodedTaskStep
- Task run history and logging configuration
These omissions are intentional: the goal is to illustrate how each task feature is wired, not provide drop-in CI/CD modules. See the ACR Task resource reference for all available configuration options.
Let's configure Azure Container Registry Tasks
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Task Configuration & Lifecycle
What properties can't be changed after creating a task?
Four properties are immutable:
location, registryName, resourceGroupName, and taskName. You’ll need to recreate the task to change any of these.What's the default timeout for task runs?
Tasks default to a 3600-second (1-hour) timeout. You can customize this using the
timeout property.What's the difference between a system task and a regular task?
Set
isSystemTask to true for system tasks (like quick tasks), or false (default) for regular scheduled tasks. System tasks typically don’t require platform or step configuration.Triggers & Scheduling
What trigger types are available for ACR Tasks?
You can configure three trigger types:
- baseImageTrigger - Runs when base images are updated
- sourceTriggers - Runs on source code commits
- timerTriggers - Runs on a cron schedule
How do I schedule a task to run on a cron schedule?
Use
timerTriggers with a schedule field containing a cron expression. For example, "30 9 * * 1-5" runs weekdays at 9:30 AM.How do I trigger a task when base images are updated?
Configure
baseImageTrigger with baseImageTriggerType set to Runtime (runtime dependencies only) or All (all base images). Optionally specify updateTriggerEndpoint for webhook notifications.How do I trigger a task on source code commits?
Configure
sourceTriggers with sourceRepository (repository URL, branch, and auth), and sourceTriggerEvents set to commit. You can specify multiple source triggers.Identity & Authentication
What identity types can I assign to a task?
You can use
SystemAssigned, UserAssigned, or both (SystemAssigned, UserAssigned). For user-assigned identities, provide the identity resource IDs in userAssignedIdentities.How do I authenticate with GitHub for source triggers?
Set
sourceControlAuthProperties with a token (your PAT) and tokenType set to PAT. Also specify sourceControlType as Github.Build Steps & Arguments
How do I pass secrets to my build step?
In the
arguments array for your step, set isSecret to true for sensitive values. For example, set isSecret: true for password or token arguments.What platforms are supported for task execution?
Configure
platform with os (Linux or Windows) and architecture (amd64 or arm). For example, os: Linux with architecture: amd64.