Fabric | dbt – Docker dbt and Azure Container Apps (CI/CD)

For the cloud-based Warehouse built on top of MS Fabric, we already have a prepared Lakehouse and DWH environment and, among other things, a configured dbt project. Now comes an important DataOps phase: we need to think about

1. From which environment (ideally serverless) we will batch-run the dbt project in the future.
2. How to implement a Continuous Integration and Continuous Delivery (CI/CD) process that ensures automatic and secure deployment of verified transformation code from the repository before each dbt execution.

Azure Container Apps Jobs (ACA Jobs) ¹ provides an ideal serverless platform for running one-time or scheduled batch tasks, which form the foundation of ETL/ELT processes. This technical guide explains in detail how to properly containerize and run these critical DWH components.

Introduction to Azure Container Apps

Azure Container Apps (ACA) is a service for running containerized applications without the need to manage infrastructure (Kubernetes, VMs, etc.). It supports both long-running services (APIs, web apps) and short-lived jobs. The key features include scalability, integration with Azure Monitoring, networking, and secure connectivity to other Azure services (e.g., Key Vault, Storage, Database, Event Grid).

Containerizing the dbt Project and Storing It in Azure Container Registry

Now that we know where our container will run, the next step is to create it. To build the Docker image:

1. Create a new file in the dbt project called Dockerfile (-> open to see script) – this defines what the container environment includes: Python, dbt adapters, ODBC Driver 18, and the definition of the run script.
2. Create another file in the dbt project named Dockerfilerun (-> ope to see script). This file defines what should be executed inside the Docker container.
3. Next, build the image by running the following command in the terminal. Secrets (GIT PAT and client secret for Fabric connection) will be passed later in Azure — embedding them in Docker is a security risk.

docker buildx build –platform linux/amd64 \
–secret id=github_pat,src=/Users/janzednicek/pat_git.txt \
–no-cache \
-t dbt:latest .

6) After pushing the image, you can verify it in your Azure Portal resource. The final step is to execute it via Azure Container App Jobs.

Running dbt through Azure Container App Jobs

1. Create a new Container App Job resource.
2. Configure the container as shown in the image — Container Apps will automatically detect the Docker image stored in ACR. Do not specify any command or arguments; everything is controlled by the run script inside the Docker image.

3. Since we externalized secrets into variables, configure the Environment variables — we need two of them: DBT_SECRET for Fabric authentication and GITHUB_PAT for repository access before dbt runs. Each variable refers to a secret stored either in Container Secrets (Settings → Secrets) or Azure Key Vault. If using Key Vault, make sure proper access rights are configured.

4. Now we can test the functionality:

• Create a new file hello_world.sql in the dbt project.

• Push it to the repository,
• Run the Container App Job.

• Finally, verify that the table appears in Fabric.