Azure PR Agent Automation

Automatically runs a Docker container in Azure Container Instances (ACI) when triggered by Azure DevOps pull request webhooks.

Features

• 🚀 Automatic container execution on PR creation
• 🔒 Managed Identity authentication
• 🧹 Automated cleanup of completed containers
• 🔄 Full integration with Azure DevOps

Prerequisites

• Azure account with contributor permissions
• Azure Resource Group with contributor permission
• Azure Container Registry (ACR) with pullRole permission
• Azure Function App
• Docker image pushed to ACR
• Azure DevOps project with admin access

Setup Guide

1. Create a resource group

Using Azure Portal

• Azure Portal > Resource Groups > Create

Using CLI

• azure login

• az group create --name <RESOURCE_GROUP_NAME> --location <REGION>

---

2. Prepare Azure Resources

Create Azure Container Registry (ACR) (Use lowercase characters when naming the container registry)

Using Azure Portal

• Azure Portal > Container Registries > Create

Using CLI

az acr create --resource-group <RESOURCE_GROUP_NAME> --name <ACR_NAME> --sku Basic

Push Docker Image to ACR

1. Clone this repository

git clone https://github.com/99x-incubator/azure_pr_review_agent

2. Navigate to the folder

cd azure_pr_review_agent

3. Open a command prompt and build the Docker Image

docker build -t azure-pr-agent .

4. Login to azure

az login

5. Login to the container registry

az acr login --name <ACR_NAME>

6. Tag the built image

docker tag azure-pr-agent <ACR_NAME>.azurecr.io/azure-pr-agent:latest

7. Push the image to the container registry

docker push <ACR_NAME>.azurecr.io/azure-pr-agent:latest

---

3. Configure Function App

Create Function App

Using Azure Portal

• Use .NET runtime stack

• Enable Azure OpenAI when creating the function app

• 

Using CLI

az functionapp create --resource-group <RESOURCE_GROUP_NAME> --consumption-plan-location <REGION> --runtime dotnet-isolated --functions-version 4 --name <APP_NAME> --storage-account <STORAGE_NAME>

4. Configure Permissions(Either you must be an owner of the Azure account you are using, or you must contact an owner of that account and follow these steps)

Enable Managed Identity

Using Azure Portal

• Go to the function app

Using CLI

# Get Function App's Managed Identity principal ID
az functionapp identity show --name <your-function-app-name> --resource-group <your-resource-group> --query principalId -o tsv

# Assign Contributor role to Managed Identity (replace with your actual subscription and RG)
az role assignment create --assignee <PRINCIPAL_ID(FROM_ABOVE_COMMAND)> --role "Contributor" --scope "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>"

Assign ACR Pull Role

Using Azure Portal

Using CLI

az role assignment create --assignee <PRINCIPAL_ID(FROM_PREVIOUS_COMMAND> --role AcrPull --scope /subscriptions/<SUB_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.ContainerRegistry/registries/<ACR_NAME>

---

5. Create Azure OpenAI and Deploy a Model

5. Environment Variables (Inside the function app)

Change AZURE_OPENAI_KEY to AZURE_OPENAI_API_KEY in environmental variables

• 

• You can find the ACR_NAME, ACR_PASSWORD, ACR_USERNAME as follows

• 

• (Make sure that you have enabled admin user for the container registry)

---

6. Deploy Function Code

• Clone the Repository

  • Start by cloning the repository to your local machine:

git clone https://github.com/99x-incubator/azure_pr_review_agent_azure_func_net.git
cd azure_pr_review_agent_azure_func_net

• Deploy via Visual Studio Code

  • Open the Project: Open the cloned repository in VS Code.
  • Sign in to Azure: Make sure you are signed in to your Azure account using the Azure: Sign In command.
  • Deploy the Function App: Press Ctrl+Shift+P to open the Command Palette.
  • Type and select Azure Functions: Deploy to Function App.
  • Choose your target Function App from the list.
  • Confirm the deployment when prompted and wait for the process to complete.

• Deploy via Terminal

  • Alternatively, you can deploy the function using the Azure Functions Core Tools:
  • Ensure prerequisites are met: Make sure you have Azure Functions Core Tools installed and you are logged in via the Azure CLI.
  • Deploy using the CLI:

  # Log in to Azure if you haven't already
  az login

  # Publish your function to the specified Function App
  func azure functionapp publish <FUNCTION_APP_NAME>

• After deployment, the functions should appear in the function app as follows in the portal
• 

Note that the container cleanup function runs every 6 hours to remove container instances that are on the terminated, failed or successful state

7. Configure Azure DevOps Webhook

1. Go to Project Settings > Service Hooks
2. Create new webhook with:
   • Trigger: Pull request created
   • URL:
     • Using VSCode: ctrl+shift+P -> Azure Functions: Copy Function URL
     • Using CLI: Replace "==" in the end of the URL with "%3D%3D" after copying it before pasting in the webhook (This is happening because URL encoding)

       FOR /F "delims=" %a IN ('az functionapp function show --resource-group <RESOURCE_GROUP> --name <FUNCTION_APP> --function-name PRReviewTrigger --query invokeUrlTemplate -o tsv') DO SET "URL=%a"
        FOR /F "delims=" %b IN ('az functionapp function keys list --resource-group <RESOURCE_GROUP> --name <FUNCTION_APP> --function-name PRReviewTrigger --query default -o tsv') DO SET "KEY=%b"
        ECHO %URL%?code=%KEY%

Cleanup Automation

The container cleanup function will also be deployed to the function app at the deployement of the function mentioned before. This container cleanup function is a time trigger function and it'll delete the container instances that are being teminated, succeeded or failed.