Quickstart: Publish an image with your workflow

4 minute read

In this quickstart, use a CloudBees workflow to publish a container image to the Docker Hub registry. Docker Hub is an Open Container Initiative (OCI) service provided by Docker where you can share container images.

Prerequisites

Store Docker credentials

To publish the container image from the workflow, CloudBees must reference your Docker credentials. Store and reference credentials securely as properties in the CloudBees platform.

To store your Docker username:

  1. Select Configurations  Properties.

  2. Select CREATE PROPERTY.

  3. Enter QUICKSTART_DOCKER_USERNAME as the Property name.

  4. Select String from the Data type options.

  5. Enter your Docker username as the Value.

  6. Select SAVE.

Your Docker username is stored unencrypted and is available for use in the platform.

To store your Docker password:

  1. Select Configurations  Properties.

  2. Select CREATE PROPERTY.

  3. Enter QUICKSTART_DOCKER_PASSWORD as the Property name.

  4. Select String from the Data type options.

  5. Enter your Docker password as the Value.

  6. Select Secret.

  7. Select SAVE.

Your Docker password is stored encrypted for security, and is available for use in the platform.

Configure Docker Hub container registry

To access the Docker repository you have created, as specified in the Prerequisites, you must add a step to the CI job that signs into Docker. This step uses the CloudBees Configure OCI credentials action to create an authorization variable from your Docker username and password, and store it in a file within the $HOME directory.

To add a Docker configuration step to your workflow job:

  1. Select a component in an organization in one of two ways:

    1. Select the Up/down arrows next to the organization under Home, and then select a component.

    2. Select Components, and then select a component from the list.

  2. Select EDIT YAML on your workflow.

  3. Enter the following in the code editor, starting just after your SonarQube scan step:

    - name: Set up Docker Hub registry uses: cloudbees-io/configure-oci-credentials@v1 with: registry: index.docker.io # or docker.io username: ${{ vars.QUICKSTART_DOCKER_USERNAME }} password: ${{ secrets.QUICKSTART_DOCKER_PASSWORD }}
    Docker sign-in step
    Figure 1. Docker setup step with Commit highlighted.
  4. Select COMMIT.

  5. Enter a Commit message.

  6. Select Commit to current branch.

  7. Select FINISH.

  8. Select your component, and then select Runs from the left pane.

  9. Select Display run to the right of your run.

    Successful run
    Figure 2. Successful run with sign-in step highlighted.

You have added a configuration step for signing in to Docker.

Push image to registry

For the final step of the workflow, the Go app image is published using Kaniko, a tool to build container images from a Dockerfile. The CloudBees Kaniko action enables you to perform this in a single step. The action requires a destination that is your Docker repository.

To add a publish step to your workflow job:

  1. Select the Up/down arrows, and then select a component in an organization.

  2. Select Workflows from the left pane.

  3. Select EDIT YAML on your workflow.

  4. Enter the following in the code editor, starting just after your Set up Docker Hub registry step:

    - name: Push image to registry uses: cloudbees-io/kaniko@v1 with: destination: ${{ vars.QUICKSTART_DOCKER_USERNAME }}/my-sample-go-app:1.0.0
    The destination key has the value of <Docker username>/<Docker repository name>:<Tag label>, containing your Docker username and repository name, and the tag label of 1.0.0.

    Check to confirm that your YAML script is similar to the following:

    Display the complete YAML file for building, scanning, and publishing the sample Go app.
    apiVersion: automation.cloudbees.io/v1alpha1 kind: workflow name: My automation on: push: branches: - '**' jobs: ci-job: steps: - uses: docker://alpine/git:latest run: | git config --global --add safe.directory /cloudbees/workspace - name: checkout uses: cloudbees-io/checkout@v1 - name: Build Go app uses: docker://golang:1.20 run: | go build -v ./... - name: Run tests uses: docker://golang:1.20 run: | go test -v ./... - name: Scan with SonarQube bundled action uses: cloudbees-io/sonarqube-bundled-sast-scan-code@v1 kind: scan - name: Set up Docker Hub registry uses: cloudbees-io/configure-oci-credentials@v1 with: registry: index.docker.io # or docker.io username: ${{ vars.QUICKSTART_DOCKER_USERNAME }} password: ${{ secrets.QUICKSTART_DOCKER_PASSWORD }} - name: Push image to OCI registry uses: cloudbees-io/kaniko@v1 with: destination: index.docker.io/${{ vars.QUICKSTART_DOCKER_USERNAME }}/my-sample-go-app:1.0.0
  5. Select COMMIT.

  6. Enter a Commit message.

  7. Select Commit to current branch.

  8. Select FINISH.

  9. Select your component, and then select Runs from the left pane.

  10. Select Display run to the right of your workflow.

    Successful run
    Figure 3. Successful run with Display run highlighted.
  11. Verify at the URL for your Docker repository that you have successfully pushed the Go app image.

    New tagged image
    Figure 4. Tagged image highlighted in Docker Hub.

You have added a workflow step to publish your sample Go app as an image in a Docker registry and have run the updated workflow.