Build & Push Docker Containers within a Pipeline: Azure

Build and push Docker containers to a Azure Container Registry using Kaniko

To build and push containers with Sail CI you can use Kaniko as a task within your pipeline.

What is Kaniko?

Kaniko is a tool to build and push container images from a Dockerfile. It does not depend on the Docker daemon and executes each command within a Dockerfile entirely in userspace.

Find more information at:

Azure Container Registry

      - --context
      - $(GIT_CLONE_DIR)
      - --destination
      - /root/.docker/config.json: DOCKER_AUTH

We can mount the Docker auth credentials json saved as an environment variable (using DOCKER_AUTH as the key) via It is mounted to the filesystem at the default credentials /root/.docker/config.json. As this is the default location for Docker credentials when using Kaniko no further steps are required.

Note: Update the repository url to the one created in the Azure Container Registry console.

See for more information on mounts.

A typical Azure auth config.json (DOCKER_AUTH) with the Azure Container Registry created:

  "auths": {
    "": {
      "auth": "dGhhbmtzOmZvci1yZWFkaW5n",
      "email": ""

Note: The auth property is a base64 encoded value in the format:


You can typically base64 encode a string using:

echo -n "username:password" | base64

The -n  is important to ensure no trailing newline exists within the encoded value.

The "build-push" task uses the official Kaniko image from Google to then specify a context to build the Docker image (in this example the Dockerfile is at the root of the project). A --destination argument provides Kaniko with the registry to push the image once built.

Your user credentials can be found within the Azure console enabling the admin user feature.