Docker Image
kind: dockerimage
| source | condition | target |
|---|---|---|
✔ | ✔ | ✗ |
Description
condition
The Docker Image "condition" tests if a docker image tag exist on a Docker Registry
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
| architecture | string | [S][C] Architecture specifies the container image architecture such as `amd64` | |
| architectures | array | [C] Architectures specifies a list of architectures to check container images for (conditions only) | |
| image | string | [S][C] Image specifies the container image such as `updatecli/updatecli` | |
| password | string | [S][C][T] Password specifies the container registry password to use for authentication. Not compatible with token | |
| tag | string | [C] Tag specifies the container image tag such as `latest` | |
| tagfilter | string | [S] TagFiter allows to restrict tags retrieved from a remote registry by using a regular expression. | |
| token | string | [S][C][T] Token specifies the container registry token to use for authentication. Not compatible with username/password | |
| username | string | [S][C][T] Username specifies the container registry username to use for authentication. Not compatible with token | |
| versionfilter | object | [S] VersionFilter provides parameters to specify version pattern and its type like regex, semver, or just latest. | |
| kind | string | Specifies the version kind such as semver, regex, or latest | |
| pattern | string | Specifies the version pattern according the version kind | |
| strict | boolean | Strict enforce strict versioning rule. Only used for semantic versioning at this time |
Remark:
It’s considered a very bad practice to store credentials in an unencrypted file. Consider using an environment variable to store the token.
Authentication
Depending on the Docker Registry, authentication may be required. The way to retrieve the token depends on the registry.
GHCR
Github uses personal access token. How to retrieve one, is explained here
DockerHub
To retrieve the token, it’s easier to run docker login and then retrieve the token stored in '~/.docker/config.json'
"auths": {
"https://index.docker.io/v1/": {
"auth": "token"
}
},Example
Please note that in this example we are using a go template updatecli.tpl with values from values.yaml
The main motivation is to use {{ requiredEnv ENV_VARIABLE }} to read the github token from a environment variable.
---
sources:
lastGithubRelease:
kind: githubRelease
spec:
owner: "jenkins-infra"
repository: "plugin-site-api"
token: "{{ requiredEnv .github.token }}"
username: "olblak"
versionFilter:
kind: latest
conditions:
docker:
name: "Docker Image Published on Registry"
kind: dockerimage
spec:
image: "jenkinsciinfra/plugin-site-api"
targets:
imageTag:
name: "jenkinsciinfra/plugin-site-api docker image"
kind: yaml
spec:
file: "charts/plugin-site/values.yaml"
key: "backend.image.tag"
scm:
github:
user: "{{ .github.user }}"
email: "{{ .github.email }}"
owner: "jenkins-infra"
repository: "charts"
token: "{{ requiredEnv .github.token }}"
username: "olblak"
branch: "master"github:
user: "updatebot"
email: "updatebot@olblak.com"
username: "jenkins-infra-bot"
token: "UPDATECLI_GITHUB_TOKEN"
branch: "master"
owner: "olblak"
repository: "charts"What it says:
Source Retrieve the latest version from the Github release of the project jenkis-infra/plugins-site-api ⇒ v1.11.1
Condition
Test that the tag v1.11.1 exist for the image jenkinsciinfra/plugin-site-api on DockerHub
⇒ No, then abort
target
If the condition was passsing then it would have update the key backend.image.tag in the yaml file charts/plugin-site/values.yaml located on the Github repository olblak/charts on the branch master using the Github Pull request workflow