Docker Image

kind: dockerimage

sourceconditiontarget

Description

condition

The Docker Image "condition" tests if a docker image tag exist on a Docker Registry

Parameters

NameTypeDescriptionRequired
architecturestring[S][C] Architecture specifies the container image architecture such as `amd64`
architecturesarray[C] Architectures specifies a list of architectures to check container images for (conditions only)
imagestring[S][C] Image specifies the container image such as `updatecli/updatecli`
passwordstring[S][C][T] Password specifies the container registry password to use for authentication. Not compatible with token
tagstring[C] Tag specifies the container image tag such as `latest`
tagfilterstring[S] TagFiter allows to restrict tags retrieved from a remote registry by using a regular expression.
tokenstring[S][C][T] Token specifies the container registry token to use for authentication. Not compatible with username/password
usernamestring[S][C][T] Username specifies the container registry username to use for authentication. Not compatible with token
versionfilterobject[S] VersionFilter provides parameters to specify version pattern and its type like regex, semver, or just latest.
    kindstringSpecifies the version kind such as semver, regex, or latest
    patternstringSpecifies the version pattern according the version kind
    strictbooleanStrict enforce strict versioning rule. Only used for semantic versioning at this time

Remark:

It’s considered a very bad practice to store credentials in an unencrypted file. Consider using an environment variable to store the token.

Authentication

Depending on the Docker Registry, authentication may be required. The way to retrieve the token depends on the registry.

GHCR

Github uses personal access token. How to retrieve one, is explained here

DockerHub

To retrieve the token, it’s easier to run docker login and then retrieve the token stored in '~/.docker/config.json'

~/.docker/config.json
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "token"
                }
        },

Example

Please note that in this example we are using a go template updatecli.tpl with values from values.yaml The main motivation is to use {{ requiredEnv ENV_VARIABLE }} to read the github token from a environment variable.

updatecli.tpl
---
sources:
  lastGithubRelease:
    kind: githubRelease
    spec:
      owner: "jenkins-infra"
      repository: "plugin-site-api"
      token: "{{ requiredEnv .github.token }}"
      username: "olblak"
      versionFilter:
        kind: latest
conditions:
  docker:
    name: "Docker Image Published on Registry"
    kind: dockerimage
    spec:
      image: "jenkinsciinfra/plugin-site-api"
targets:
  imageTag:
    name: "jenkinsciinfra/plugin-site-api docker image"
    kind: yaml
    spec:
      file: "charts/plugin-site/values.yaml"
      key: "backend.image.tag"
    scm:
      github:
        user: "{{ .github.user }}"
        email: "{{ .github.email }}"
        owner: "jenkins-infra"
        repository: "charts"
        token: "{{ requiredEnv .github.token }}"
        username: "olblak"
        branch: "master"
values.yaml
github:
  user: "updatebot"
  email: "updatebot@olblak.com"
  username: "jenkins-infra-bot"
  token: "UPDATECLI_GITHUB_TOKEN"
  branch: "master"
  owner: "olblak"
  repository: "charts"

What it says:

Source Retrieve the latest version from the Github release of the project jenkis-infra/plugins-site-api ⇒ v1.11.1

Condition Test that the tag v1.11.1 exist for the image jenkinsciinfra/plugin-site-api on DockerHub ⇒ No, then abort

target If the condition was passsing then it would have update the key backend.image.tag in the yaml file charts/plugin-site/values.yaml located on the Github repository olblak/charts on the branch master using the Github Pull request workflow

Top