Questo contenuto non è disponibile nella lingua selezionata.
Chapter 9. Building container images
Building container images involves creating a blueprint for a containerized application. Blueprints rely on base images from other public repositories that define how the application should be installed and configured.
Because blueprints rely on images from other public repositories, they might be subject to rate limiting. Consequently, your build could fail.
Quay.io supports the ability to build Docker and Podman container images. This functionality is valuable for developers and organizations who rely on container and container orchestration.
On Quay.io, this feature works the same across both free, and paid, tier plans.
Quay.io limits the number of simultaneous builds that a single user can submit at one time.
9.1. Build contexts
When building an image with Docker or Podman, a directory is specified to become the build context. This is true for both manual Builds and Build triggers, because the Build that is created by Quay.io is not different than running docker build
or podman build
on your local machine.
Quay.io Build contexts are always specified in the subdirectory from the Build setup, and fallback to the root of the Build source if a directory is not specified.
When a build is triggered, Quay.io Build workers clone the Git repository to the worker machine, and then enter the Build context before conducting a Build.
For Builds based on .tar
archives, Build workers extract the archive and enter the Build context. For example:
Extracted Build archive
example ├── .git ├── Dockerfile ├── file └── subdir └── Dockerfile
Imagine that the Extracted Build archive is the directory structure got a Github repository called example. If no subdirectory is specified in the Build trigger setup, or when manually starting the Build, the Build operates in the example directory.
If a subdirectory is specified in the Build trigger setup, for example, subdir
, only the Dockerfile within it is visible to the Build. This means that you cannot use the ADD
command in the Dockerfile to add file
, because it is outside of the Build context.
Unlike Docker Hub, the Dockerfile is part of the Build context on Quay.io. As a result, it must not appear in the .dockerignore
file.
9.2. Tag naming for build triggers
Custom tags are available for use in Quay.io.
One option is to include any string of characters assigned as a tag for each built image. Alternatively, you can use the following tag templates on the Configure Tagging section of the build trigger to tag images with information from each commit:
- ${commit}: Full SHA of the issued commit
- ${parsed_ref.branch}: Branch information (if available)
- ${parsed_ref.tag}: Tag information (if available)
- ${parsed_ref.remote}: The remote name
- ${commit_info.date}: Date when the commit was issued
- ${commit_info.author.username}: Username of the author of the commit
- ${commit_info.short_sha}: First 7 characters of the commit SHA
- ${committer.properties.username}: Username of the committer
This list is not complete, but does contain the most useful options for tagging purposes. You can find the complete tag template schema on this page.
For more information, see Set up custom tag templates in build triggers for Red Hat Quay and Quay.io.
9.3. Skipping a source control-triggered build
To specify that a commit should be ignored by the Quay.io build system, add the text [skip build]
or [build skip]
anywhere in your commit message.
9.4. Starting a new build
By default, Quay.io users can start new builds out-of-the-box.
Use the following procedure to start a new build by uploading a Dockerfile. For information about creating a build trigger, see "Build triggers".
Prerequisites
- You have navigated to the Builds page of your repository.
Procedure
- On the Builds page, click Start New Build.
- When prompted, click Upload Dockerfile to upload a Dockerfile or an archive that contains a Dockerfile at the root directory.
Click Start Build.
Note- Currently, users cannot specify the Docker build context when manually starting a build.
- Currently, BitBucket is unsupported on the Red Hat Quay v2 UI.
- You are redirected to the build, which can be viewed in real-time. Wait for the Dockerfile build to be completed and pushed.
- Optional. you can click Download Logs to download the logs, or Copy Logs to copy the logs.
Click the back button to return to the Repository Builds page, where you can view the build history.
9.5. Build triggers
Build triggers are automated mechanisms that start a container image build when specific conditions are met, such as changes to source code, updates to dependencies, or creating a webhook call. These triggers help automate the image-building process and ensure that the container images are always up-to-date without manual intervention.
The following sections cover content related to creating a build trigger, tag naming conventions, how to skip a source control-triggered build, starting a build, or manually triggering a build.
9.5.1. Creating a build trigger
The following procedure sets up a custom Git trigger. A custom Git trigger is a generic way for any Git server to act as a build trigger. It relies solely on SSH keys and webhook endpoints. Creating a custom Git trigger is similar to the creation of any other trigger, with the exception of the following:
- Quay.io cannot automatically detect the proper Robot Account to use with the trigger. This must be done manually during the creation process.
These steps can be replicated to create a build trigger using Github, Gitlab, or Bitbucket, however, you must configure the credentials for these services in your config.yaml
file.
- If you want to use Github to create a build trigger, you must configure Github to be used with Red Hat Quay by creating an OAuth application. For more information, see "Creating an OAuth application Github".
Procedure
- Log in to your Red Hat Quay registry.
- In the navigation pane, click Repositories.
- Click Create Repository.
- Click the Builds tab.
- On the Builds page, click Create Build Trigger.
- Select the desired platform, for example, Github, Bitbucket, Gitlab, or use a custom Git repository. For this example, click Custom Git Repository Push.
-
Enter a custom Git repository name, for example,
git@github.com:<username>/<repo>.git
. Then, click Next. When prompted, configure the tagging options by selecting one of, or both of, the following options:
- Tag manifest with the branch or tag name. When selecting this option, the built manifest the name of the branch or tag for the git commit are tagged.
Add
latest
tag if on default branch. When selecting this option, the built manifest with latest if the build occurred on the default branch for the repository are tagged.Optionally, you can add a custom tagging template. There are multiple tag templates that you can enter here, including using short SHA IDs, timestamps, author names, committer, and branch names from the commit as tags. For more information, see "Tag naming for build triggers".
After you have configured tagging, click Next.
- When prompted, select the location of the Dockerfile to be built when the trigger is invoked. If the Dockerfile is located at the root of the git repository and named Dockerfile, enter /Dockerfile as the Dockerfile path. Then, click Next.
-
When prompted, select the context for the Docker build. If the Dockerfile is located at the root of the Git repository, enter
/
as the build context directory. Then, click Next. - Optional. Choose an optional robot account. This allows you to pull a private base image during the build process. If you know that a private base image is not used, you can skip this step.
- Click Next. Check for any verification warnings. If necessary, fix the issues before clicking Finish.
You are alerted that the trigger has been successfully activated. Note that using this trigger requires the following actions:
- You must give the following public key read access to the git repository.
You must set your repository to
POST
to the following URL to trigger a build.Save the SSH Public Key, then click Return to <organization_name>/<repository_name>. You are redirected to the Builds page of your repository.
On the Builds page, you now have a build trigger. For example:
After you have created a custom Git trigger, additional steps are required. Continue on to "Setting up a custom Git trigger".
If you are setting up a build trigger for Github, Gitlab, or Bitbucket, continue on to "Manually triggering a build".
9.5.2. Manually triggering a build
Builds can be triggered manually by using the following procedure.
Procedure
- On the Builds page, Start new build.
- When prompted, select Invoke Build Trigger.
- Click Run Trigger Now to manually start the process.
Enter a commit ID from which to initiate the build, for example,
1c002dd
.After the build starts, you can see the build ID on the Repository Builds page.
9.6. Setting up a custom Git trigger
After you have created a custom Git trigger, two additional steps are required:
- You must provide read access to the SSH public key that is generated when creating the trigger.
- You must setup a webhook that POSTs to the Quay.io endpoint to trigger the build.
These steps are only required if you are using a custom Git trigger.
9.6.1. Obtaining build trigger credentials
The SSH public key and Webhook Endpoint URL are available on the Red Hat Quay UI.
Prerequisites
- You have created a custom Git trigger.
Procedure
- On the Builds page of your repository, click the menu kebab for your custom Git trigger.
- Click View Credentials.
- Save the SSH Public Key and Webhook Endpoint URL.
The key and the URL are available by selecting View Credentials from the Settings, or gear icon.
View and modify tags from your repository
9.6.1.1. SSH public key access
Depending on the Git server configuration, there are multiple ways to install the SSH public key that Quay.io generates for a custom Git trigger.
For example, documentation for Getting Git on a Server describes a describes how to set up a Git server on a Linux-based machine with a focus on managing repositories and access control through SSH. In this procedure, a small server is set up to add the keys to the $HOME/.ssh/authorize_keys
folder, which provides access for builders to clone the repository.
For any Git repository management software that is not officially supported, there is usually a location to input the key that is often labeled as Deploy Keys.
9.6.1.2. Webhook
To automatically trigger a build, you must POST
a .json
payload to the webhook URL using the following format:
This request requires a Content-Type
header containing application/json
in order to be valid.
Example webhook
{ "commit": "1c002dd", // required "ref": "refs/heads/master", // required "default_branch": "master", // required "commit_info": { // optional "url": "gitsoftware.com/repository/commits/1234567", // required "message": "initial commit", // required "date": "timestamp", // required "author": { // optional "username": "user", // required "avatar_url": "gravatar.com/user.png", // required "url": "gitsoftware.com/users/user" // required }, "committer": { // optional "username": "user", // required "avatar_url": "gravatar.com/user.png", // required "url": "gitsoftware.com/users/user" // required } } }
This can typically be accomplished with a post-receive
Git hook, however it does depend on your server setup.