Build Container Image using dind This article shows how to build Container Image using dind in CI/CD (Gitlab Pipelines).
📚 Container Registry
\uD83D\uDCD8 Docker >= 19.0
\uD83D\uDCD8 Docker < 19.0
⬆️ Upgrade build from <19.0 to >=19.0
Container Security Scan
Multiarch Container Image?
Code snippets used in article are examples. This mean, that if you want to use it, you may need to modify it for your use case.
(blue star) Container Registry BlueMedia has own Container Registry for dind Images. If you want to know what versions are available - click here .
Docker >= 19.0 To create Container Image in CI/CD using Docker in or above version 19 just apply configuration below:
variables:
DOCKER_IMAGE: git.blue.pl:5005/docker-hub/ci-cd-tools/docker:24.0.5-dind
APP_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
stages:
- build
Build Container Image:
stage: build
image: $DOCKER_IMAGE
services:
- $DOCKER_IMAGE
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://localhost:2376
DOCKER_TLS_CERTDIR: /certs
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: $DOCKER_TLS_CERTDIR/client
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- docker build -t $APP_IMAGE --push .
Docker < 19.0 To create Container Image in CI/CD using Docker below version 19 just apply configuration below:
variables:
DOCKER_IMAGE: git.blue.pl:5005/docker-hub/ci-cd-tools/docker:18.09-dind
APP_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
stages:
- build
Build Container Image:
stage: build
image: $DOCKER_IMAGE
services:
- $DOCKER_IMAGE
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://localhost:2375
DOCKER_TLS_CERTDIR: ""
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- docker build -t $APP_IMAGE .
- docker push $APP_IMAGE
(blue star) Upgrade build from <19.0 to >=19.0 To upgrade job to newest version check Diff below:
variables:
- DOCKER_IMAGE: git.blue.pl:5005/docker-hub/ci-cd-tools/docker:18.09-dind
+ DOCKER_IMAGE: git.blue.pl:5005/docker-hub/ci-cd-tools/docker:24.0.5-dind
APP_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
stages:
- build
Build Container Image:
stage: build
image: $DOCKER_IMAGE
services:
- $DOCKER_IMAGE
variables:
DOCKER_DRIVER: overlay2
- DOCKER_HOST: tcp://localhost:2375
+ DOCKER_HOST: tcp://localhost:2376
- DOCKER_TLS_CERTDIR: ""
+ DOCKER_TLS_CERTDIR: /certs
+ DOCKER_TLS_VERIFY: 1
+ DOCKER_CERT_PATH: $DOCKER_TLS_CERTDIR/client
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- - docker build -t $APP_IMAGE .
+ - docker build -t $APP_IMAGE --push .
- - docker push $APP_IMAGE
Container Security Scan If you want to add Container Security Scan into your CI/CD look at code below:
variables:
DOCKER_IMAGE: git.blue.pl:5005/docker-hub/ci-cd-tools/docker:latest
APP_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
CS_IMAGE: $APP_IMAGE
stages:
- build
- test
include:
- template: Security/Container-Scanning.gitlab-ci.yml
Build Container Image:
stage: build
image: $DOCKER_IMAGE
services:
- $DOCKER_IMAGE
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://localhost:2376
DOCKER_TLS_CERTDIR: /certs
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: $DOCKER_TLS_CERTDIR/client
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- docker build -t $APP_IMAGE --push .
container_scanning:
stage: test
dependencies:
- Build Container Image
Don’t change job container_scanning name! It use Pipeline Template built-in into Gitlab Instance. You can customize it by adding extra config into job definition.
Variable CS_IMAGE is used by Pipeline Template for container_scanning job. You need to set image you want to scan as its value to make it work.
This example configuration runs two job:
Builds container image and push it to registry.
Scans builded container image if it was successful.
Scan report is printed on Job logs and saved as job artifact.
(question) Multiarch Container Image? With version >=19 of Docker it is possible to create Images multiarch without any dependency (or building on few machines with different architecture). Code below is an example of building one Container Image for linux/arm64 and linux/amd64 platforms in one job using docker buildx feature.
variables:
DOCKER_IMAGE: git.blue.pl:5005/docker-hub/ci-cd-tools/docker:24.0.5-dind
APP_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
BUILD_PLATFORMS: linux/arm64,linux/amd64
stages:
- build
Build Container Image:
stage: build
image: $DOCKER_IMAGE
services:
- $DOCKER_IMAGE
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://localhost:2376
DOCKER_TLS_CERTDIR: /certs
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: $DOCKER_TLS_CERTDIR/client
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- docker context create builder
- docker buildx create builder --use
- docker buildx build --platform $BUILD_PLATFORMS -t $APP_IMAGE --provenance false --push .
Last modified: 30 May 2024