Skip to content

Add container registry mirror support for image builds#14128

Open
bbartels wants to merge 6 commits intodotnet:mainfrom
bbartels:main
Open

Add container registry mirror support for image builds#14128
bbartels wants to merge 6 commits intodotnet:mainfrom
bbartels:main

Conversation

@bbartels
Copy link

@bbartels bbartels commented Jan 26, 2026
edited
Loading

Description

Adds opt-in container registry mirror support for Aspire container image builds, helpful for airgapped deployments. When configured, Aspire injects a temporary MSBuild .targets file into dotnet publish (via CustomAfterMicrosoftCommonTargets) that rewrites the computed ContainerBaseImage registry from a source registry (e.g., mcr.microsoft.com) to a mirror registry (e.g., an internal Artifactory/ACR pull-through cache). This enables enterprise/proxied base-image pulls without changing project files or Dockerfiles.

Also adds an MSBuild-level test that creates a temporary project, runs dotnet msbuild, and asserts the injected targets file rewrites the ContainerBaseImage property as expected (no Docker required).

Fixes # (issue)

Dependencies: none.

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
    • No. Follow-up changes expected.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes
    • No
  • Did you add public API?
    • Yes
      • If yes, did you have an API Review for it?
        • Yes
        • No
      • Did you add <remarks /> and <code /> elements on your triple slash comments?
        • Yes
        • No
    • No
  • Does the change make any security assumptions or guarantees?
    • Yes
      • If yes, have you done a threat model and had a security review?
        • Yes
        • No
    • No
  • Does the change require an update in our Aspire docs?

@bbartels bbartels requested a review from mitchdenny as a code owner January 26, 2026 14:31
Copilot AI review requested due to automatic review settings January 26, 2026 14:31
@github-actions
Copy link
Contributor

github-actions bot commented Jan 26, 2026
edited
Loading

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 14128

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 14128"

@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Jan 26, 2026
Copilot AI reviewed Jan 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds opt-in container registry mirror support for Aspire container image builds. When configured via WithContainerRegistryMirror, Aspire generates a temporary MSBuild .targets file that rewrites the ContainerBaseImage property during dotnet publish to replace source registries (e.g., mcr.microsoft.com) with mirror registries (e.g., internal Artifactory or ACR pull-through caches). This enables enterprise environments to use internal registry mirrors without modifying project files.

Changes:

  • Added public API (ContainerRegistryMirrorOptions, WithContainerRegistryMirror, WithContainerRegistryMirrors) for configuring registry mirrors
  • Modified ResourceContainerImageManager to inject MSBuild targets file via CustomAfterMicrosoftCommonTargets property
  • Added MSBuild-based test that validates registry rewriting without requiring Docker

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.

File Description
src/Aspire.Hosting/Publishing/ContainerRegistryMirror.cs Defines the public API for configuring container registry mirrors with options class and extension methods
src/Aspire.Hosting/Publishing/ResourceContainerImageManager.cs Implements the registry mirror injection logic by generating and injecting temporary MSBuild targets files during container builds
tests/Aspire.Hosting.Tests/Publishing/ContainerRegistryMirrorMsBuildTests.cs Adds integration test that validates the MSBuild targets file correctly rewrites ContainerBaseImage property

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions bot mentioned this pull request Jan 26, 2026
Open
@bbartels
Copy link
Author

bbartels commented Jan 27, 2026

@copilot review the new changes please

@bbartels bbartels requested a review from Copilot January 27, 2026 00:58
Copilot AI reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 10 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@bbartels bbartels requested a review from Copilot January 27, 2026 01:39
Copilot AI reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@davidfowl
Copy link
Member

davidfowl commented Jan 27, 2026

Is this a .NET specific feature?

@bbartels
Copy link
Author

bbartels commented Jan 27, 2026

Is this a .NET specific feature?

Yes, this is to make dotnet publish work with different container registries

@bbartels
Copy link
Author

bbartels commented Jan 27, 2026

Though, the concept could be expanded for other languages. Not entirely sure how/what images they are pulling. I can have a look

davidfowl
davidfowl reviewed Jan 27, 2026
View reviewed changes
tests/Aspire.Hosting.Tests/Publishing/ContainerRegistryMirrorMsBuildTests.cs Outdated
serviceProvider,
Options.Create(mirrorOptions)))
{
var method = typeof(ResourceContainerImageManager).GetMethod(
Copy link
Member

@davidfowl davidfowl Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why no internals visible to?

Copy link
Author

@bbartels bbartels Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question! Fixed :)

@davidfowl davidfowl mentioned this pull request Feb 1, 2026
Open
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidfowl davidfowl davidfowl left review comments

Copilot code review Copilot Copilot left review comments

@mitchdenny mitchdenny Awaiting requested review from mitchdenny mitchdenny is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bbartels @davidfowl