Docker


Prerequisites A `Dockerfile` that defines the Docker image is stored in the project sources. Eligible images Not required. A `docker` step runs in a special custom image.

Prerequisites

A Dockerfile that defines the Docker image is stored in the project sources.

Eligible images

Not required. A docker step runs in a special custom image.

We suppose three main CI/CD scenarios for Docker:

Automated Docker builds: All image dependencies already exist and all you need is to build and publish a Docker image.
Creating dependencies before the build: An Automation job must create image dependencies before building and publishing the image.
Publishing an image to an external repository, for example, Docker Hub.

Space Automation DSL provides a special docker keyword that simplifies working with Docker builds.

Build and publish a Docker image

For example, the job below first builds and then publishes the image defined in the Dockerfile located in the project's docker directory.

            job("Build and push Docker") {
                docker {
                    build {
                        context = "docker"
                        file = "./docker/Dockerfile"
                        args["HTTP_PROXY"] = "http://10.20.30.2:1234"
                        labels["vendor"] = "mycompany"
                    }

                    push("mycompany.registry.jetbrains.space/p/projectkey/mydocker/myimage") {
                        // use current job run number as a tag - '0.0.run_number'
                        tags("0.0.\$JB_SPACE_EXECUTION_NUMBER")
                        // see [[[example|https://www.jetbrains.com/help/space/automation-environment-variables.html#example]]] on how to use branch name in a tag
                    }
                }
            }
        

docker: is a special step used to build and publish Docker images. In fact, it's a special type of container with Docker on board.
build: runs the docker build command with the following arguments
- context: a path to Docker context (by default, it's a working directory). The build process can refer to any of the files in the context.
- file: a path to Dockerfile.
- args: sets build-time variables.
- labels: sets labels for the image.
push: runs the docker push command with the following arguments
- "mycompany.registry.jetbrains.space/mydocker/myimage": image name including the repository URL. Note that to be able to push to a Space Packages Container registry, your script doesn't require authentication.
- tags: specifies the image tags.

Create an image dependency, build, and publish a Docker image

Quite often, you may need to first generate some artifact (say, a .jar file) and then put it into an image. Such cases require running two steps: The first generates the artifact and the second one runs docker build and docker push.

            job("Build and push Docker") {
                container(displayName = "Run gradle build", image = "openjdk") {
                    shellScript {
                        content = """
                                ./gradlew build
                                cp -r build $mountDir/share
                            """
                    }
                }

                docker {
                    resources {
                        cpu = 1.cpu
                        memory = 2000.mb
                    }
                    beforeBuildScript {
                        content = "cp -r  $mountDir/share docker"
                    }
                    build {
                        context = "docker"
                    }
                    push("mycompany.registry.jetbrains.space/mydocker/myimage") {
                        tags("0.\$JB_SPACE_EXECUTION_NUMBER", "lts")
                    }
                }
            }
        

The container step uses gradlew build to generate some artifacts and put them to the file share.
In the docker step:
- resources specifies system resources as in a regular container.
- beforeBuildScript is a sub-step that runs before build. Here we use beforeBuildScript to copy the Gradle output from the file share to the context directory.
- build and push build and push the image correspondingly.

Publish a Docker image to Docker Hub

To publish an image to an external repository that requires authentication (e.g., Docker Hub), you should first save authentication credentials to the Docker configuration file. You can do this in the beforeBuildScript block.

In Docker Hub, create an access token with the Write permission. Save the created token to a safe location.
In Space, create two secrets:
- dockerhub_user: your Docker Hub username.
- dockerhub_token: the Docker Hub token you've created in step 1.
Edit the project's .space.kts:
job("Publish to Docker Hub") { docker("Docker build and push") { // get auth data from secrets and put it to env vars env["DOCKERHUB_USER"] = Secrets("dockerhub_user") env["DOCKERHUB_TOKEN"] = Secrets("dockerhub_token") // put auth data to Docker config beforeBuildScript { content = """ B64_AUTH=${'$'}(echo -n ${'$'}DOCKERHUB_USER:${'$'}DOCKERHUB_TOKEN | base64) echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"${'$'}B64_AUTH\"}}}" > ${'$'}DOCKER_CONFIG/config.json """ } build { labels["vendor"] = "mycompany" } //in push, specify repo_name/image_name push("myrepo/hello-from-space") { tags("1.0.\$JB_SPACE_EXECUTION_NUMBER") } } }

Last modified: 10 September 2021