Docker Digest

kind: dockerDigest

sourceconditiontargetscm

Description

source

The Docker Digest "source" retrieves the Docker image digest for a specific Docker image tag.

Parameters

NameRequiredDefaultDescription

hostname

hub.docker.com

Docker Registry URL. Accept "hub.docker.com", "ghcr.io", "quay.io", or any valid api compliant OCI registry

image

-

Define Docker image name

tag

source result

Define Docker image tag.

token

-

Define the token needed to authenticate with the Docker registry

Remark:

It’s considered a very bad practice to store credentials in an unencrypted file. Consider using an environment variable to store the token.

Authentication

Depending on the Docker Registry, authentication may be required. The way to retrieve the token depends on the registry.

GHCR

Github uses personal access token. How to retrieve one, is explained here

DockerHub

To retrieve a token, it’s easier to run docker login and then retrieve the token stored in '~/.docker/config.json'

~/.docker/config.json
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "token"
                }
        },

Example

Please note that in this example we are using a go template updatecli.tpl with values from values.yaml The main motivation is to use {{ requiredEnv ENV_VARIABLE }} to read the github token from a environment variable.

updatecli.tpl

source:
  kind: dockerDigest
  spec:
    image: "jenkins/jenkins"
    tag: "lts-jdk11"
targets:
  imageTag:
    name: "jenkins/jenkins:lts-jdk11 docker digest"
    kind: yaml
    spec:
      file: "config/default/jenkins-release.yaml"
      key: "jenkins.master.imageTag"
    scm:
      github:
        user: "{{ .github.user }}"
        email: "{{ .github.email }}"
        owner: "jenkins-infra"
        repository: "charts"
        token: "{{ requiredEnv .github.token }}"
        username: "{{ .github.username }}"
        branch: "master"
values.yaml
github:
  user: "updatebot"
  email: "updatebot@olblak.com"
  username: "jenkins-infra-bot"
  token: "UPDATECLI_GITHUB_TOKEN"
  branch: "master"
  owner: "olblak"
  repository: "charts"

What it says:

Source Retrieve the Docker image digest for the image jenkins/jenkins with the tag lts-jdk11 from DockerHub

Conditions No condition specified

Targets Update the yaml key jenkins.master.imageTag in the file config/default/jenkins-release.yaml located on the Github repository olblak/charts

Edit this page on GitHub