Push an image

Azure DevOps Services

Use Azure Pipelines to push your image to a container registry such as Azure Container Registry, Docker Hub, or Google Container Registry. Azure Container Registry is a managed registry service based on the open-source Docker Registry 2.0.

For a tutorial on building and pushing images to a container registry, see Build and push Docker images to Azure Container Registry.

To learn how to build a container image to deploy with Azure Pipelines, see Build container images to deploy apps.

About the Docker task

You'll use the Docker@2 task to build or push Docker images, login or logout, start or stop containers, or run a Docker command.

The task uses a Docker registry service connection to log in and push to a container registry. The process for creating a Docker registry service connection differs depending on your registry.

The Docker registry service connection stores credentials to the container registry before pushing the image. You can also directly reference service connections in Docker without an additional script task.

Create a Docker service connection

You'll need to follow a different process to create a service connection for Azure Container Registry, Docker Hub, and Google Container Registry.

Azure Container Registry

With the Azure Container Registry option, the subscription (associated with the Azure Active Directory identity of the user signed into Azure DevOps) and container registry within the subscription are used to create the service connection.

When you create a new pipeline for a repository that contains a Dockerfile, Azure Pipelines will detect Dockerfile in the repository. To start this process, create a new pipeline and select the repository with your Dockerfile.

1. From the Configure tab, select the Docker - Build and push an image to Azure Container Registry task.

   

2. Select your Azure Subscription, and then select Continue.

3. Select your Container registry from the dropdown menu, and then provide an Image Name to your container image.

4. Select Validate and configure when you are done.

   

   As Azure Pipelines creates your pipeline, it will:

   • Create a Docker registry service connection to enable your pipeline to push images to your container registry.

   • Generate an azure-pipelines.yml file, which defines your pipeline.

For a more detailed overview, see Build and Push to Azure Container Registry document.

Docker Hub

Choose the Docker Hub option under Docker registry service connection and provide your username and password to create a Docker service connection.

Google Container Registry

To create a Docker service connection associated with Google Container Registry:

1. Open your project in the GCP Console and then open Cloud Shell

2. To save time typing your project ID and Compute Engine zone options, set default configuration values by running the following commands:

   gcloud config set project [PROJECT_NAME]
   gcloud config set compute/zone [ZONE]
   

3. Replace [PROJECT_NAME] with the name of your GCP project and replace [ZONE] with the name of the zone that you're going to use for creating resources. If you're unsure about which zone to pick, use us-central1-a. For example:

   gcloud config set project azure-pipelines-test-project-12345
   gcloud config set compute/zone us-central1-a
   

4. Enable the Container Registry API for your project:

   gcloud services enable containerregistry.googleapis.com
   

5. Create a service account for Azure Pipelines to publish Docker images:

   gcloud iam service-accounts create azure-pipelines-publisher --display-name "Azure Pipelines Publisher"
   

6. Assign the Storage Admin IAM role to the service account:

   PROJECT_NUMBER=$(gcloud projects describe \
   $(gcloud config get-value core/project) \
   --format='value(projectNumber)')
   
   AZURE_PIPELINES_PUBLISHER=$(gcloud iam service-accounts list \
       --filter="displayName:Azure Pipelines Publisher" \
       --format='value(email)')
   
   gcloud projects add-iam-policy-binding \
       $(gcloud config get-value core/project) \
       --member serviceAccount:$AZURE_PIPELINES_PUBLISHER \
       --role roles/storage.admin
   

7. Generate a service account key:

   gcloud iam service-accounts keys create \
   azure-pipelines-publisher.json --iam-account $AZURE_PIPELINES_PUBLISHER
   
   tr -d '\n' < azure-pipelines-publisher.json > azure-pipelines-publisher-oneline.json
   

   Launch Code Editor by clicking the button in the upper-right corner of Cloud Shell:

   

8. Open the file named azure-pipelines-publisher-oneline.json. You'll need the content of this file in one of the following steps:

9. In your Azure DevOps organization, select Project settings and then select Pipelines -> Service connections.

10. Select New service connection and choose Docker Registry

11. In the dialog, enter values for the following fields:

    • Docker Registry: https://gcr.io/[PROJECT-ID], where [PROJECT-ID] is the name of your GCP project.
    • Docker ID: _json_key
    • Docker Password: Paste the contents of azure-pipelines-publisher-oneline.json
    • Service connection name: gcrServiceConnection

12. Select Save to create the service connection