Quickstart: Publish an image with your workflow

In this quickstart, use a CloudBees workflow to publish a container image to the Docker Hub registry. Docker Hub is an Open Container Initiative (OCI) service provided by Docker where you can share container images.

Prerequisites

Complete the Quickstart: Connect to source code management that connects a sample Go app repository to the platform.
Complete the Quickstart: Create a build workflow that creates a build workflow.
Complete the Quickstart: Check your code repository with a security scanner that scans your repository for security vulnerabilities.
Verify that your workflow YAML file is basically identical to the complete YAML file from the scan workflow quickstart, as these steps add to this workflow.
An existing Docker account. If you do not yet have one, sign up for free.
Create a new empty repository in Docker Hub, named my-sample-go-app. To learn more, refer to the Docker Hub documentation.

Store Docker credentials

To publish the container image from the workflow, CloudBees must reference your Docker credentials. Store and reference credentials securely as properties in the CloudBees platform.

To store your Docker username:

Select Configurations from the left pane.
Select CREATE PROPERTY.
Enter QUICKSTART_DOCKER_USERNAME as the Property name.
Select String from the Data type options.
Enter your Docker username as the Value.
Select SAVE.

Your Docker username is stored unencrypted and is available for use in the platform.

To store your Docker password:

Select Configurations from the left pane.
Select CREATE PROPERTY.
Enter QUICKSTART_DOCKER_PASSWORD as the Property name.
Select String from the Data type options.
Enter your Docker password as the Value.
Select Secret.
Select SAVE.

Your Docker password is stored encrypted for security, and is available for use in the platform.

Configure Docker Hub container registry

To access the Docker repository you have created, as specified in the Prerequisites, you must add a step to the CI job that signs into Docker. This step uses the CloudBees Configure OCI credentials action to create an authorization variable from your Docker username and password, and store it in a file within the $HOME directory.

To add a Docker configuration step to your workflow job:

Select Components from the left pane, and then select your component name from the list.
Select EDIT YAML on your workflow.

Enter the following in the code editor, starting just after your SonarQube scan step:

    - name: Set up Docker Hub registry
      uses: cloudbees-io/configure-oci-credentials@v1
      with:
        registry: index.docker.io # or docker.io
        username: ${{ vars.QUICKSTART_DOCKER_USERNAME }}
        password: ${{ secrets.QUICKSTART_DOCKER_PASSWORD }}▼

Figure 1. Docker setup step with Commit highlighted.

Select COMMIT.
Enter a Commit message.
Select Commit to current branch.
Select FINISH.
Select Components from the left pane, select your component, and then select Runs.
Select Display run to the right of your run.

Figure 2. Successful run with sign-in step highlighted.

You have added a configuration step for signing in to Docker.

Push image to registry

For the final step of the workflow, the Go app image is published using Kaniko, a tool to build container images from a Dockerfile. The CloudBees Kaniko action enables you to perform this in a single step. The action requires a destination that is your Docker repository.

To add a publish step to your workflow job:

Select Components from the left pane, and then select your component name from the list.
Select EDIT YAML on your workflow.

Enter the following in the code editor, starting just after your Set up Docker Hub registry step:

    - name: Push image to registry
      uses: cloudbees-io/kaniko@v1
      with:
          destination: ${{ vars.QUICKSTART_DOCKER_USERNAME }}/my-sample-go-app:1.0.0▼

The destination key has the value of <Docker username>/<Docker repository name>:<Tag label>, containing your Docker username and repository name, and the tag label of 1.0.0.

Check to confirm that your YAML script is similar to the following:

Display the complete YAML file for building, scanning, and publishing the sample Go app.

apiVersion: automation.cloudbees.io/v1alpha1
kind: workflow
name: My automation

on:
  push:
    branches:
      - '**'

jobs:
  ci-job:
    steps:
      - uses: docker://alpine/git:latest
        run: |
          git config --global --add safe.directory /cloudbees/workspace
      - name: checkout
        uses: cloudbees-io/checkout@v1
      - name: Build Go app
        uses: docker://golang:1.20
        run: |
          go build -v ./...
      - name: Run tests
        uses: docker://golang:1.20
        run: |
          go test -v ./...
      - name: Scan with SonarQube bundled action
        uses: cloudbees-io/sonarqube-bundled-sast-scan-code@v1
        kind: scan
      - name: Set up Docker Hub registry
        uses: cloudbees-io/configure-oci-credentials@v1
        with:
          registry: index.docker.io # or docker.io
          username: ${{ vars.QUICKSTART_DOCKER_USERNAME }}
          password: ${{ secrets.QUICKSTART_DOCKER_PASSWORD }}
      - name: Push image to OCI registry
        uses: cloudbees-io/kaniko@v1
        with:
            destination: index.docker.io/${{ vars.QUICKSTART_DOCKER_USERNAME }}/my-sample-go-app:1.0.0▼

Select COMMIT.
Enter a Commit message.
Select Commit to current branch.
Select FINISH.
Select Components from the left pane, select your component, and then select Runs.
Select Display run to the right of your workflow.

Figure 3. Successful run with Display run highlighted.
Verify at the URL for your Docker repository that you have successfully pushed the Go app image.

Figure 4. Tagged image highlighted in Docker Hub.

You have added a workflow step to publish your sample Go app as an image in a Docker registry and have run the updated workflow.