Architectural Question: C# Application building outside or inside image?

I have a question. I am building C# .NET applications into Docker images / containers within an Azure DevOps pipeline. Should I:

  1. Build the C# application in the pipeline, and copy the DLLs / app into the Docker image, or
  2. Build and publish the C# application all within the Docker image?

My intuition, and the entire point of Docker (I thought), was to be able to build, run, and deploy all within an isolated environment (a Docker container), and therefore the actual building of the C# application should occur within the Dockerfile (probably in a multi-stage Dockerfile).

I’m trying to explain this but am receiving pushback, with some saying “building in the Dockerfile makes it harder to run and publish unit tests and other analytics in the pipeline”, arguing that it’s easier to build outside the image, run code analysis + security scans + etc on those binaries, and then push those binaries into the image.

Are there cases for both solutions, or is one the winner?

I’m not a C# developer, but both arguments seem valid. I prefer describing the build process in a Dockerfile and just because something is harder, it doesn’t mean it is not the right thing to do. You can also start one way, learn and do another way.

If you build the application outside containers, you go back to the problem of different environments when you want it to work in the container. What if you run the tests outside the container, it works, but it wouldn’t work in the container for some reason? Even if you think you use the same version of everything.

As a former PHP developer I still do some PHP programming and I also solved running unit tests for about 8 different PHP versions using Docker and made a script as fake PHP interpreter that alllows me to click on a button in the IDE and run all the tests and see the result in the IDE.

That could be automated in a pipeline, but I didn’t do that yet.

On the other hand, before containers, when someone built a C# app, it wasn’t possible to test it in every possible environment, only in similar environments (Same OS, same CPU architecture like amd64 or arm64) and hope that it works on somewhere else too. If all you do is use an image to publish the software and use the isolation feature of containers, that is still better than nothing.

Isn’t the dotnet test command for running unit tests from command line? If you find the right command to run unit tests, you could do everything in containers and the docker build process would fail if the unit test fails.

This can help too

even Microsoft employees recommended this

1 Like