Build & Push Docker Containers within a Pipeline: Azure

Build and push Docker containers to a Azure Container Registry using Kaniko

To build and push containers with Sail CI you can use Kaniko as a task within your pipeline.

What is Kaniko?

Kaniko is a tool to build and push container images from a Dockerfile. It does not depend on the Docker daemon and executes each command within a Dockerfile entirely in userspace.

Find more information at:
https://github.com/GoogleContainerTools/kaniko

Azure Container Registry

tasks:
  build-push:
    image: gcr.io/kaniko-project/executor
    args:
      - --context
      - $(GIT_CLONE_DIR)
      - --destination
      - sailci.azure.io/sailci/demo:$(SAIL_COMMIT_SHORT_SHA)
    mounts:
      - /root/.docker/config.json: DOCKER_AUTH

We can mount the Docker auth credentials json saved as an environment variable (using DOCKER_AUTH as the key) via https://app.sail.ci. It is mounted to the filesystem at the default credentials /root/.docker/config.json. As this is the default location for Docker credentials when using Kaniko no further steps are required.

Note: Update the repository url to the one created in the Azure Container Registry console.

See https://sail.ci/docs/mounts for more information on mounts.

A typical Azure auth config.json (DOCKER_AUTH) with the Azure Container Registry created:

{
  "auths": {
    "https://sailci.azurecr.io": {
      "auth": "dGhhbmtzOmZvci1yZWFkaW5n",
      "email": "
crew@sail.ci"
    }
  }
}

Note: The auth property is a base64 encoded value in the format:

username:password

You can typically base64 encode a string using:

echo -n "username:password" | base64

The -n  is important to ensure no trailing newline exists within the encoded value.

The "build-push" task uses the official Kaniko image from Google to then specify a context to build the Docker image (in this example the Dockerfile is at the root of the project). A --destination argument provides Kaniko with the registry to push the image once built.

Your user credentials can be found within the Azure console enabling the admin user feature.