Validate docker image before uploading to registry (#21916)

yutongzhang-microsoft · web-flow · commit e959d77be97e · 2025-03-14T11:30:16.000+08:00
Why I did it Before pushing the newly built docker image to the registry, we add a verification step to ensure the image is valid. Work item tracking Microsoft ADO (number only): How I did it Before pushing the newly built Docker image to the registry, we add a verification step to ensure the image is valid. How to verify it For ref https://dev.azure.com/mssonic/build/_build/results?buildId=794495&view=results If the validate step fails, it won't push the image to registry.
diff --git a/.azure-pipelines/docker-sonic-mgmt.yml b/.azure-pipelines/docker-sonic-mgmt.yml
@@ -20,6 +20,13 @@ pr:
     include:
     - dockers/docker-sonic-mgmt
 
+resources:
+  repositories:
+  - repository: sonic-mgmt
+    type: github
+    name: sonic-net/sonic-mgmt
+    endpoint: sonic-net
+
 parameters:
 - name: registry_url
   type: string
@@ -46,7 +53,6 @@ stages:
     - bash: |
         set -xe
         git submodule update --init --recursive -- src/sonic-platform-daemons src/sonic-genl-packet src/sonic-sairedis src/ptf src/sonic-device-data src/sonic-dash-api
-
         make SONIC_BUILD_JOBS=$(nproc) DEFAULT_CONTAINER_REGISTRY=publicmirror.azurecr.io ENABLE_DOCKER_BASE_PULL=y configure PLATFORM=generic
         make -f Makefile.work BLDENV=bullseye SONIC_BUILD_JOBS=$(nproc) DEFAULT_CONTAINER_REGISTRY=publicmirror.azurecr.io ENABLE_DOCKER_BASE_PULL=y LEGACY_SONIC_MGMT_DOCKER=y target/docker-sonic-mgmt.gz
         cp target -r $(Build.ArtifactStagingDirectory)/target
@@ -55,14 +61,44 @@ stages:
       env:
         REGISTRY_SERVER: ${{ parameters.registry_url }}
       displayName: Build docker-sonic-mgmt.gz
+
+    - publish:  $(Build.ArtifactStagingDirectory)
+      artifact: 'docker-sonic-mgmt'
+      displayName: "Archive docker image sonic-mgmt"
+
+  - job: validate_docker_image_and_upload
+    pool: sonicbld-1es
+    timeoutInMinutes: 360
+    dependsOn: Build
+    steps:
+    - checkout: sonic-mgmt
+      clean: true
+      displayName: 'Checkout sonic-mgmt'
+
+    - download: current
+      artifact: 'docker-sonic-mgmt'
+      displayName: "Download docker image sonic-mgmt"
+
+    - script: |
+        set -ex
+
+        docker load -i $(Pipeline.Workspace)/docker-sonic-mgmt/target/docker-sonic-mgmt.gz
+
+        cd ansible
+        sudo ./setup-management-network.sh -d
+        cd ../
+        docker rm -f sonic-mgmt
+
+        ./setup-container.sh -n sonic-mgmt -d /data -i docker-sonic-mgmt -v
+
+        docker exec sonic-mgmt bash -c "echo 'Container is running' && ps aux"
+      displayName: 'Setup sonic-mgmt docker container and verify'
+
     - task: Docker@2
       displayName: Upload image
+      condition: succeeded()
       inputs:
         containerRegistry: ${{ parameters.registry_conn }}
         repository: docker-sonic-mgmt
         command: push
         tags: latest
-    - publish:  $(Build.ArtifactStagingDirectory)
-      artifact: 'docker-sonic-mgmt'
-      displayName: "Archive docker image sonic-mgmt"
-
