All geek questions in one place

Creating docker images using Drone.io

I am running my own Drone instance in AWS and I want it to create a docker image and push it to my repo. Drone runs its build environment in the docker container, so I basically want to create docker images from inside the docker container. I found this one and saw that you can snap the dock mount. How to do it with Drone?

docker run -it -v /var/run/docker.sock:/var/run/docker.sock mycompany/buildimage

Therefore, I can run docker build from my container. Or you know another CI tool so that I can run my custom scripts and build docker images.

+6
source share
3 answers

The answer is out of date, please check @Brad's solution below, use it only as a link

In mycompany/buildimage

Install docker client

 curl https://get.docker.io/builds/Linux/x86_64/docker-latest -o /usr/local/bin/docker chmod +x /usr/local/bin/docker

Then you can run the docker build command use docker host environment

 $ docker -H unix:///var/run/docker.sock build .

To make it simple and transparent, you can usually set the DOCKER_HOST environment.

 $ export DOCKER_HOST="unix:///var/run/docker.sock" $ docker build .

Not familiar with drone installation, but this is the way docker provides

+1
source

Please note that this answer applies to drone version 0.5

You can use the Docker plugin to create and publish a Docker image as a step in your build pipeline. In the example .drone.yml file .drone.yml I added a publishing step that uses the docker plugin. Please note that you will need to replace foo/bar with the name of the DockerHub repository you are going to publish to.

 pipeline: build: image: golang commands: - go build - go test publish: image: plugins/docker repo: foo/bar

In many cases, you need to limit the execution of this step to specific branches. This can be done by adding execution conditions:

  publish: image: plugins/docker repo: foo/bar when: branch: master

You will need to provide drone with credentials to the Docker registry in order to publish drone. These credentials can be declared directly in the yaml file, although storing these values ​​in plain text in yaml is usually not recommended:

  publish: image: plugins/docker repo: foo/bar username: johnsmith password: pa55word when: branch: master

You can also provide your credentials using the built-in secret store. Secrets can be added to the secret repository based on each repository using the Drone command-line utility:

  export DRONE_SERVER=http://drone.server.address.com export DRONE_TOKEN=... drone secret add --image plugins/docker \ octocat/hello-world DOCKER_USERNAME johnsmith drone secret add --image plugins/docker \ octocat/hello-world DOCKER_PASSWORD pa55word

In the above example, the --image flag --image used to limit the secrets to which we expose the Docker credentials that we set in the docker plugin. The octocat/hello-world parameter represents your GitHub repository name and should be replaced with the correct value.

Mouting Voumes (alternative approach)

You also asked if the Docker socket could be connected to your build environment. It is possible, but some additional permissions will be required (mark your assembly as trusted in the user interface)

 pipeline: build: image: docker commands: - docker build ... - docker run ... volumes: - /var/run/docker.sock:/var/run/docker.sock

The only problem with this approach is that if the build fails, you cannot clear the images or containers created during the build.

In addition, you should not use this approach if your repository is public and accepts pull requests. Providing your Docker socket host machine for your build environment may be triggered by malicious request requests that allow access to your host machine.

+10
source

I wrote an article with steps to get Drone to output the Docker container , and I also address some common issues.

Keep in mind that the Drone build environment itself is a Docker container, which means that you are in a Docker-in-Docker situation: out of the box, Docker does not work correctly inside the Docker container. The accepted solution is to use a wrapdocker script to launch an internal instance of Docker. My final setup looks like this:

Docker in drone

For Drone, you add something like the following to your Dockerfile build environment:

 # install docker RUN apt-get install -y apparmor RUN curl -s https://get.docker.io/ubuntu/ | sudo sh ADD wrapdocker /usr/local/bin/wrapdocker RUN chmod +x /usr/local/bin/wrapdocker

This assumes that the script wrapper is available locally. Alternatively, you can directly grab the wrapper from github. Then, given the .drone.yml file, for example:

 image: http://my-docker-registry/my-docker-image:version script: - ./.drone/build.sh

your build.sh file will look like this:

 #!/bin/bash set -e cd /var/cache/drone/src/path/to/app # [pass tests here] wrapdocker & sleep 5 docker build -t docker-registry/image-name . docker push docker-registry/image-name

This is the only way to do this. The only limitation is that wrapdocker is used to run the Docker daemon in the build container.

+7
source

Source: https://habr.com/ru/post/972803/

More articles:


All Articles