Search code examples
azure-devopsazure-pipelinespodman

Using podman instead of docker for the Docker@2 task in Azure DevOps

Our build agent is running Podman 3.4.2 and there is a global alias in place for each terminal session that simply replaces docker with podman, so the command docker --version yields podman version 3.4.2 as a result.

The goal is to use podman for the Docker@2 task in a Azure DevOps pipeline:

steps:
- task: Docker@2
  displayName: Build and push an image to container registry
  inputs:
    command: buildAndPush
    repository: aspnet-web-mhi
    dockerfile: $(dockerfilePath)
    containerRegistry: $(dockerRegistryServiceConnection)
    tags: |
      $(tag)

Turns out I was a bit naive in my assumptions, that this would work as the ado_agent is having none of it:

##[error]Unhandled: Unable to locate executable file: 'docker'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.

Is there a way to make that replacement work without too much fuss? I'd avoid scripting everything by myself to use podman instead of docker and push it to a registry, if I can avoid it.

Solution

  • Since I needed to make progress on this, I've decided to go the down the bash-route and built, pushed, pulled and run the images manually. This is the gist of it:

    steps:
  - task: Bash@3
    displayName: Build Docker Image for DemoWeb
    inputs:
      targetType: inline
      script: |
        podman build -f $(dockerfilePath) -t demoweb:$(tag) .
  - task: Bash@3
    displayName: Login and Push to ACR
    inputs:
      targetType: inline
      script: |
        podman login -u $(acrServicePrincipal) -p $(acrPassword) $(acrName)
        podman push demoweb-mhi:$(tag) $(acrName)/demoweb:$(tag)
  - task: Bash@3
    displayName: Pull image from ACR
    inputs:
      targetType: inline
      script: |
        podman pull $(acrName)/demoweb:$(tag) --creds=$(acrServicePrincipal):$(acrPassword)
  - task: Bash@3
    displayName: Run container
    inputs:
      targetType: inline
      script: |
        podman run -p 8080:80 --restart unless-stopped $(acrName)/demoweb:$(tag)

    If you decide to go down that route, please make sure to not expose your service principal and password as variables in your yml file, but create them as secrets.

    I'll keep this question open - maybe someone with more expertise in handling GNU/Linux finds a more elegant way.