Docker Image

kind: dockerImage

sourceconditiontarget

Description

condition

The Docker Image "condition" tests if a docker image tag exist on a Docker Registry

Parameters

NameTypeDescriptionRequired
architecturestringArchitecture specifies the container image architecture such as `amd64`
imagestringImage specifies the container image such as `updatecli/updatecli`
passwordstringPassword specifies the container registry password to use for authentication. Not compatible with token
tagstringTag specifies the container image tag such as `latest`
tokenstringToken specifies the container registry token to use for authentication. Not compatible with username/password
usernamestringUsername specifies the container registry username to use for authentication. Not compatible with token

Remark:

It’s considered a very bad practice to store credentials in an unencrypted file. Consider using an environment variable to store the token.

Authentication

Depending on the Docker Registry, authentication may be required. The way to retrieve the token depends on the registry.

GHCR

Github uses personal access token. How to retrieve one, is explained here

DockerHub

To retrieve the token, it’s easier to run docker login and then retrieve the token stored in '~/.docker/config.json'

~/.docker/config.json
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "token"
                }
        },

Example

Please note that in this example we are using a go template updatecli.tpl with values from values.yaml The main motivation is to use {{ requiredEnv ENV_VARIABLE }} to read the github token from a environment variable.

updatecli.tpl
---
sources:
  lastGithubRelease:
    kind: githubRelease
    spec:
      owner: "jenkins-infra"
      repository: "plugin-site-api"
      token: "{{ requiredEnv .github.token }}"
      username: "olblak"
      versionFilter:
        kind: latest
conditions:
  docker:
    name: "Docker Image Published on Registry"
    kind: dockerImage
    spec:
      image: "jenkinsciinfra/plugin-site-api"
targets:
  imageTag:
    name: "jenkinsciinfra/plugin-site-api docker image"
    kind: yaml
    spec:
      file: "charts/plugin-site/values.yaml"
      key: "backend.image.tag"
    scm:
      github:
        user: "{{ .github.user }}"
        email: "{{ .github.email }}"
        owner: "jenkins-infra"
        repository: "charts"
        token: "{{ requiredEnv .github.token }}"
        username: "olblak"
        branch: "master"
values.yaml
github:
  user: "updatebot"
  email: "updatebot@olblak.com"
  username: "jenkins-infra-bot"
  token: "UPDATECLI_GITHUB_TOKEN"
  branch: "master"
  owner: "olblak"
  repository: "charts"

What it says:

Source Retrieve the latest version from the Github release of the project jenkis-infra/plugins-site-api ⇒ v1.11.1

Condtion Test that the tag v1.11.1 exist for the image jenkinsciinfra/plugin-site-api on DockerHub ⇒ No, then abort

target If the condition was passsing then it would have update the key backend.image.tag in the yaml file charts/plugin-site/values.yaml located on the Github repository olblak/charts on the branch master using the Github Pull request workflow

Top