Use this task to build and push Docker images to any container registry using Docker registry service connection.
Following are the key benefits of using Docker task as compared to directly using docker client binary in script -
Integration with Docker registry service connection - The task makes it easy to use a Docker registry service connection for connecting to any container registry. Once logged in, the user can author follow up tasks to execute any tasks/scripts by leveraging the login already done by the Docker task. For example, you can use the Docker task to sign in to any Azure Container Registry and then use a subsequent task/script to build and push an image to this registry.
Metadata added as labels - The task adds traceability-related metadata to the image in the form of the following labels -
|(Required) Acceptable values: buildAndPush/build/push/login/logout
Default value: buildAndPush
|(Optional) Name of the Docker registry service connection|
|(Optional) Name of repository within the container registry corresponding to the Docker registry service connection specified as input for containerRegistry|
|(Optional) Multiline input where each line contains a tag to be used in build, push or buildAndPush commands
Default value: $(Build.BuildId)
|(Optional) Path to the Dockerfile
Default value: **/Dockerfile
|(Optional) Path to the build context
Default value: **
|(Optional) Additional arguments to be passed onto the docker client
Be aware that if you use value 'buildandPush' for the command parameter, then the arguments property will be ignored.
Following YAML snippet showcases container registry login using a Docker registry service connection -
- task: Docker@2 displayName: Login to ACR inputs: command: login containerRegistry: dockerRegistryServiceConnection1
Build and Push
A convenience command called buildAndPush allows for build and push of images to container registry in a single command. The following YAML snippet is an example of building and pushing multiple tags of an image to multiple registries -
steps: - task: Docker@2 displayName: Login to ACR inputs: command: login containerRegistry: dockerRegistryServiceConnection1 - task: Docker@2 displayName: Login to Docker Hub inputs: command: login containerRegistry: dockerRegistryServiceConnection2 - task: Docker@2 displayName: Build and Push inputs: command: buildAndPush repository: someUser/contoso tags: | tag1 tag2
In the above snippet, the images
contosoRepository:tag2 are built and pushed to the container registries corresponding to
If one wants to build and push to a specific authenticated container registry instead of building and pushing to all authenticated container registries at once, the
containerRegistry input can be explicitly specified along with
command: buildAndPush as shown below -
steps: - task: Docker@2 displayName: Build and Push inputs: command: buildAndPush containerRegistry: dockerRegistryServiceConnection1 repository: contosoRepository tags: | tag1 tag2
Following YAML snippet showcases container registry logout using a Docker registry service connection -
- task: Docker@2 displayName: Logout of ACR inputs: command: logout containerRegistry: dockerRegistryServiceConnection1
Other commands and arguments
The command and argument inputs can be used to pass additional arguments for build or push commands using docker client binary as shown below -
steps: - task: Docker@2 displayName: Login to ACR inputs: command: login containerRegistry: dockerRegistryServiceConnection1 - task: Docker@2 displayName: Build inputs: command: build repository: contosoRepository tags: tag1 arguments: --secret id=mysecret,src=mysecret.txt
The arguments input is evaluated for all commands except buildAndPush. As buildAndPush is a convenience command (build followed by push), arguments input is ignored for this command.
Why does Docker task ignore arguments passed to buildAndPush command?
Docker task configured with buildAndPush command ignores the arguments passed since they become ambiguous to the build and push commands that are run internally. You can split your command into separate build and push steps and pass the suitable arguments. See this stackoverflow post for example.
DockerV2 only supports Docker registry service connection and not support ARM service connection. How can I use an existing Azure service principal (SPN) for authentication in Docker task?
You can create a Docker registry service connection using your Azure SPN credentials. Choose the Others from Registry type and provide the details as follows:
Docker Registry: Your container registry URL (eg. https://myacr.azurecr.io) Docker ID: Service principal client ID Password: Service principal key
This task is open source on GitHub. Feedback and contributions are welcome.