Question 80949 in Docker Question posted in
The official documentation can be found here.

how to check Azure Pipeline using Docker credentials while building Image

Requirement: I have to build the docker Image using Docker Hub credentials and push it to Harbor repository

Below snippet is working in Azure pipeline, but not sure Docker credentials are being used while building image

Is there a way to check in Azure Pipeline (Devops) whether it is using Docker Hub credentials while building image?

        - task: Docker@2
          displayName: docker login
          inputs:
            containerRegistry: 'docker-connection'
            command: 'login'
        - task: Docker@2
          displayName: build image on docker hub and tag it with harbor
          inputs:
            containerRegistry: 'harbor-connection'
            command: 'build'
            repository: 'repository'
            Dockerfile: '**/Dockerfile'
            tags: '12345'
        - task: Docker@2
          displayName: docker push
          inputs:
            containerRegistry: 'harbor-connection'
            command: 'push'
            repository: 'repository'
            tags: '12345'
        - task: Docker@2
          displayName: docker logout
          inputs:
            containerRegistry: 'docker-connection'
            command: 'logout'
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Based on the example mentioned in the below link https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/docker-v2?view=azure-pipelines&tabs=yaml#build-and-push Internally Azure pipeline will use the credentials while Building and pushing the image. I tested below snippet and it is working as expected. Total 3 tasks

    1. Login docker hub

    2. Build the image using the docker credentials which are used in 1st Task (login), tag it with harbor repository details, push to the harbor.

    3. Logout docker hub Only tricky part is, Docker service connection in Azure pipeline is working when I created using userId and access token.

      - task: Docker@2
  displayName: docker login (Logging into Docker)
  inputs:
    containerRegistry: 'docker-connection'
    command: 'login'
- task: Docker@2
  displayName: build image on docker hub, tag it with harbor, push to the harbor
  inputs:
    containerRegistry: 'harbor-connection'
    command: 'buildAndPush'
    repository: 'repository'
    Dockerfile: '**/Dockerfile'
    tags: '12345'
- task: Docker@2
  displayName: docker logout
  inputs:
    containerRegistry: 'docker-connection'
    command: 'logout'

  2. 0

    I think you should add a harbor login befor the push task

    - task: Bash@3
  displayName: 'harbor login'
  inputs:
    targetType: 'inline'
    script: |
      # Write your commands here
      ls $(Build.SourcesDirectory)/<project-name> 
      sudo mkdir /etc/docker/certs.d
      cd /etc/docker/certs.d
      pwd
      sudo mkdir /etc/docker/certs.d/<your-cluster-url> 
      cd /etc/docker/certs.d/<your-cluster-url>      
      pwd
      sudo cp $(Build.SourcesDirectory)/<project-name>/ca.crt /etc/docker/certs.d/<your-cluster-url>
      ls /etc/docker/certs.d/<your-cluster-url>
      # Docker login to your harbor using particular user
      /usr/bin/docker login <your-cluster-url> -u <username> -p <password>

- task: Docker@2
  displayName: 'push image to harbor'
  inputs:
    containerRegistry: 'harbor'
    command: 'push'
    repository: 'bot/<project-name>'
    tags: '$(Build.BuildNumber)'

    This was extracted from Chapatazars GitHub Repo

    To have more knowledge about pipeline scripts:

    Azure pipeline scripts

    Crossplatform yml scripting

    Other proper way (and simplest I think), is to publish docker images is using Azure Release Pipelines (no yml files needed). There you can push the image to the registry you need, using the result artifact of the build process (this builds comes from your yml pipeline). You can take a look into the official documentation:

    Publish docker image from Azure pipelines

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search