Pulumi:将 Azure Web App Service web hook 添加到 Azure Container Registry 以实现持续部署

Pulumi: Add Azure Web App Service web hook to Azure Container Registry for continuous deployment

我想通过 pulumi 启用 docker CD 来部署 Azure Web 应用程序。 AFAIK 我必须在我的容器注册表中为它创建一个 webhook。但我不知道如何从网络应用程序中获取网络挂接 URL。

这是我设置基础架构的方式

const config = new pulumi.Config();
const location = config.require("location");
const resourceGroup = new resources.ResourceGroup("rootResourceGroup", { ... });
const registry = new container.Registry("containerRegistry", { ... });
const appServicePlan = new web.AppServicePlan("appserviceplan", { ... });
const suffix = new random.RandomString("suffix", { ... });

const credentials = pulumi.all([resourceGroup.name, registry.name])
.apply(([resourceGroupName, registryName]) => container.listRegistryCredentials({
    resourceGroupName: resourceGroupName,
    registryName: registryName,
}));
const adminUsername = credentials.apply(credentials => credentials.username!);
const adminPassword = credentials.apply(credentials => credentials.passwords![0].value!);

const app = { name: "foo-demo", container: "foo/demo" };

const webApp = new web.WebApp(app.name, {
    name: pulumi.interpolate`${app.name}-${suffix.result}`,
    resourceGroupName: resourceGroup.name,
    location,
    serverFarmId: appServicePlan.id,
    siteConfig: {
        appSettings: [{
            name: "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
            value: "false"
        }, {
            name: "DOCKER_ENABLE_CI",
            value: "true"
        }, {
            name: "DOCKER_REGISTRY_SERVER_URL",
            value: pulumi.interpolate`https://${registry.loginServer}`,
        }, {
            name: "DOCKER_REGISTRY_SERVER_USERNAME",
            value: adminUsername,
        }, {
            name: "DOCKER_REGISTRY_SERVER_PASSWORD",
            value: adminPassword,
        }],
        alwaysOn: true,
        linuxFxVersion: registry.loginServer.apply(url => `DOCKER|${url}/${app.container}:latest`)
    }});

const webHookName = `${app.name}-webhook`;
const hook = new container.Webhook(webHookName, {
    resourceGroupName: resourceGroup.name,
    location,
    registryName: registry.name,
    actions: ["push"],
    scope: `${app.container}:latest`,
    status: "enabled",
    serviceUri: "TODO", // <----- HOW!?!?
    webhookName: webHookName
});

读取 webhook URL 的 azure CLI 命令是:

az webapp deployment container config -n sname -g rgname -e true

如果 webhook 不是正确的方式:如何实现从 Azure 容器注册表到 Azure Web 应用程序的持续部署?

尝试使用 listWebAppPublishingCredentials。我 reverse-engineered Azure CLI 的功能:

const webhook = pulumi.all([resourceGroup.name, webApp.name])
    .apply(([resourceGroupName, name]) => 
        web.listWebAppPublishingCredentials({ resourceGroupName, name }))
    .apply(creds => creds.scmUri + "/docker/hook");