Docker Image

kind: dockerimage

sourceconditiontarget

Description

source

The Docker Image "source" retrieves a docker image tag from a Docker Registry

condition

The Docker Image "condition" tests if a docker image tag exist on a Docker Registry

Parameters

NameTypeDescriptionRequired
architecturestring[S][C] architecture specifies the container image architecture such as amd64
architecturesarray[C] architectures specifies a list of architectures to check container images for (conditions only)
imagestring[S][C] image specifies the container image such as updatecli/updatecli
passwordstring

password specifies the container registry password to use for authentication. Not compatible with token

	compatible:
		* source
		* condition
		* target

	default:
		by default credentials are fetch from the local environment such as `~/.docker/config.json`.

	remark:
		Not compatible with token
tagstring[C] tag specifies the container image tag such as latest
tagfilterstring[S] tagfilter allows to restrict tags retrieved from a remote registry by using a regular expression.
tokenstring

token specifies the container registry token to use for authentication.

	compatible:
		* source
		* condition
		* target

	default:
		by default credentials are fetch from the local environment such as `~/.docker/config.json`.

	remark:
		Not compatible with username/password
usernamestring

username specifies the container registry username to use for authentication.

	compatible:
		* source
		* condition
		* target

	default:
		by default credentials are fetch from the local environment such as `~/.docker/config.json`.

	remark:
		Not compatible with token
versionfilterobject[S] versionfilter provides parameters to specify version pattern and its type like regex, semver, or just latest.
    kindstringspecifies the version kind such as semver, regex, or latest
    patternstringspecifies the version pattern according the version kind
    strictbooleanstrict enforce strict versioning rule. Only used for semantic versioning at this time

Remark:

It’s considered a very bad practice to store credentials in an unencrypted file. Consider using an environment variable to store the token.

Architectures

When the parameter architecture or architectures the registry will be checked to see if they are present.

Remarks:

  • The default operating system is linux.

  • When query variant v7 for arm the operating system must also be defined.

  • Checking architectures is not supported for v1 registries

Here are some examples:

  • amd64 - will check for linux/amd64

  • linux/amd64

  • windows/amd64

  • linux/arm/v7

Authentication

Depending on the Docker Registry, authentication may be required. The way to retrieve the token depends on the registry.

GHCR

Github uses personal access token. How to retrieve one, is explained here

DockerHub

To retrieve the token, it’s easier to run docker login and then retrieve the token stored in '~/.docker/config.json'

~/.docker/config.json
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "token"
                }
        },

Example

Please note that in this example we are using a go template updatecli.tpl with values from values.yaml The main motivation is to use {{ requiredEnv ENV_VARIABLE }} to read the github token from a environment variable.

# updatecli.yaml
name: Docker Image

sources:
  lastGithubRelease:
    kind: githubrelease
    spec:
      owner: "jenkins-infra"
      repository: "plugin-site-api"
      token: "{{ requiredEnv .github.token }}"
      username: "olblak"
      versionfilter:
        kind: latest

conditions:
  docker:
    name: "Docker Image Published on Registry"
    kind: dockerimage
    spec:
      image: "jenkinsciinfra/plugin-site-api"
      architecture: "linux/amd64"

targets:
  imageTag:
    name: "jenkinsciinfra/plugin-site-api docker image"
    kind: yaml
    spec:
      file: "charts/plugin-site/values.yaml"
      key: "$.backend.image.tag"
    scmid: default


scms:
  default:
    kind: github
    spec:
      user: "{{ .github.user }}"
      email: "{{ .github.email }}"
      owner: "{{ .github.owner }}"
      repository: "{{ .github.repository }}"
      token: "{{ requiredEnv .github.token }}"
      username: "{{ .github.username }}"
      branch: "{{ .github.branch }}"
    disabled: false
# values.yaml
github:
  user: "updatebot"
  email: "updatebot@olblak.com"
  username: "jenkins-infra-bot"
  token: "UPDATECLI_GITHUB_TOKEN"
  branch: "master"
  owner: "olblak"
  repository: "charts"

What it says:

Source Retrieve the latest version from the Github release of the project jenkis-infra/plugins-site-api ⇒ v1.11.1

Condition Test that the tag v1.11.1 exist for the image jenkinsciinfra/plugin-site-api on DockerHub and architecture linux/amd64 is present ⇒ No, then abort

target If the condition was passing then it would have update the key backend.image.tag in the yaml file charts/plugin-site/values.yaml located on the Github repository olblak/charts on the branch master using the Github Pull request workflow

Top