Harden Docker container runtime health check (#10402)

Author: captainsafia

src/Aspire.Hosting/Publishing/DockerContainerRuntime.cs

@@ -131,43 +131,85 @@ public async Task BuildImageAsync(string contextPath, string dockerfilePath, str
         }
     }
 
-    public Task<bool> CheckIfRunningAsync(CancellationToken cancellationToken)
+    public async Task<bool> CheckIfRunningAsync(CancellationToken cancellationToken)
     {
-        var spec = new ProcessSpec("docker")
+        // First check if Docker daemon is running using the same check that DCP uses
+        if (!await CheckDockerDaemonAsync(cancellationToken).ConfigureAwait(false))
         {
-            Arguments = "buildx version",
+            return false;
+        }
+
+        // Then check if Docker buildx is available
+        return await CheckDockerBuildxAsync(cancellationToken).ConfigureAwait(false);
+    }
+
+    private async Task<bool> CheckDockerDaemonAsync(CancellationToken cancellationToken)
+    {
+        var dockerRunningSpec = new ProcessSpec("docker")
+        {
+            Arguments = "container ls -n 1",
             OnOutputData = output =>
             {
-                logger.LogInformation("docker buildx version (stdout): {Output}", output);
+                logger.LogInformation("docker container ls (stdout): {Output}", output);
             },
             OnErrorData = error =>
             {
-                logger.LogInformation("docker buildx version (stderr): {Error}", error);
+                logger.LogInformation("docker container ls (stderr): {Error}", error);
             },
             ThrowOnNonZeroReturnCode = false,
             InheritEnv = true
         };
 
-        logger.LogInformation("Running Docker CLI with arguments: {ArgumentList}", spec.Arguments);
-        var (pendingProcessResult, processDisposable) = ProcessUtil.Run(spec);
+        logger.LogInformation("Checking if Docker daemon is running with arguments: {ArgumentList}", dockerRunningSpec.Arguments);
+        var (pendingDockerResult, dockerDisposable) = ProcessUtil.Run(dockerRunningSpec);
+
+        await using (dockerDisposable)
+        {
+            var dockerResult = await pendingDockerResult.WaitAsync(cancellationToken).ConfigureAwait(false);
 
-        return CheckDockerBuildxAsync(pendingProcessResult, processDisposable, cancellationToken);
+            if (dockerResult.ExitCode != 0)
+            {
+                logger.LogError("Docker daemon is not running. Exit code: {ExitCode}.", dockerResult.ExitCode);
+                return false;
+            }
 
-        async Task<bool> CheckDockerBuildxAsync(Task<ProcessResult> pendingResult, IAsyncDisposable processDisposable, CancellationToken ct)
+            logger.LogInformation("Docker daemon is running.");
+            return true;
+        }
+    }
+
+    private async Task<bool> CheckDockerBuildxAsync(CancellationToken cancellationToken)
+    {
+        var buildxSpec = new ProcessSpec("docker")
         {
-            await using (processDisposable)
+            Arguments = "buildx version",
+            OnOutputData = output =>
+            {
+                logger.LogInformation("docker buildx version (stdout): {Output}", output);
+            },
+            OnErrorData = error =>
             {
-                var processResult = await pendingResult.WaitAsync(ct).ConfigureAwait(false);
+                logger.LogInformation("docker buildx version (stderr): {Error}", error);
+            },
+            ThrowOnNonZeroReturnCode = false,
+            InheritEnv = true
+        };
 
-                if (processResult.ExitCode != 0)
-                {
-                    logger.LogError("Docker buildx version failed with exit code {ExitCode}.", processResult.ExitCode);
-                    return false;
-                }
+        logger.LogInformation("Checking Docker buildx with arguments: {ArgumentList}", buildxSpec.Arguments);
+        var (pendingBuildxResult, buildxDisposable) = ProcessUtil.Run(buildxSpec);
 
-                logger.LogInformation("Docker buildx is available and running.");
-                return true;
+        await using (buildxDisposable)
+        {
+            var buildxResult = await pendingBuildxResult.WaitAsync(cancellationToken).ConfigureAwait(false);
+
+            if (buildxResult.ExitCode != 0)
+            {
+                logger.LogError("Docker buildx version failed with exit code {ExitCode}.", buildxResult.ExitCode);
+                return false;
             }
+
+            logger.LogInformation("Docker buildx is available and running.");
+            return true;
         }
     }
 

src/Aspire.Hosting/Publishing/PodmanContainerRuntime.cs

@@ -97,14 +97,14 @@ public Task<bool> CheckIfRunningAsync(CancellationToken cancellationToken)
     {
         var spec = new ProcessSpec("podman")
         {
-            Arguments = "info",
+            Arguments = "container ls -n 1",
             OnOutputData = output =>
             {
-                logger.LogInformation("podman info (stdout): {Output}", output);
+                logger.LogInformation("podman container ls (stdout): {Output}", output);
             },
             OnErrorData = error =>
             {
-                logger.LogInformation("podman info (stderr): {Error}", error);
+                logger.LogInformation("podman container ls (stderr): {Error}", error);
             },
             ThrowOnNonZeroReturnCode = false,
             InheritEnv = true
@@ -123,7 +123,7 @@ async Task<bool> CheckPodmanHealthAsync(Task<ProcessResult> pending, IAsyncDispo
 
                 if (processResult.ExitCode != 0)
                 {
-                    logger.LogError("Podman info failed with exit code {ExitCode}.", processResult.ExitCode);
+                    logger.LogError("Podman container ls failed with exit code {ExitCode}.", processResult.ExitCode);
                     return false;
                 }