Azure DevOps: Add Azure Container Registry in Build Pipeline from different account

Question

I want to use a Azure Container Registry of a different account in a Build pipeline in Azure DevOps.

When I try to add a Docker Registry Service Connection and select Azure Container Registry, it only lets me choose between the subscription of the current account.

When I try to add the Azure Resource Manager of the Subscription of a different account which contains the Azure Container Registry in the Service Connections, it says it cannot find any Azure Container Registry.

So how do I accomplish this?

Answer 1

I have the same situation in which the Azure Container Registry (ACR) is in a different Azure AD from the Azure DevOps build pipelines.

I'll outline the steps I used:

• Create an app registration in the Azure AD where the ACR exists.
• Give it a name like myregistry-app
• Go to the myregistry-app Certificates and secrets page and create a new secret. Copy the value as you cannot retrieve it later.
• Also copy the myregistry-app application id. You can find it on the overview screen.
• Now go to the ACR Access Control (IAM) screen for your container registry.
• Add a role assignment and assign the myregistry-app identity the Contributor role.
• Back in your build pipeline create a Docker task and click on the New button under the Container Registry section.
• In the popup dialog Add a Docker Registry service connection choose the Others radio button.
• Put in the URL to your ACR which you can find on the container registry overview page.
• Use the application id for myregistry-app as the Docker ID.
• Use the myregistry-app secret for the password.

This is currently working for me. There may be a better way