github.com/circular-dark/docker@v1.7.0/docs/docker-hub/builds.md (about)

     1  <!--[metadata]>
     2  +++
     3  title = "Automated Builds on Docker Hub"
     4  description = "Docker Hub Automated Builds"
     5  keywords = ["Docker, docker, registry, accounts, plans, Dockerfile, Docker Hub, docs, documentation, trusted, builds, trusted builds,  automated builds"]
     6  [menu.main]
     7  parent = "smn_pubhub"
     8  weight = 3
     9  +++
    10  <![end-metadata]-->
    11  
    12  # Automated Builds on Docker Hub
    13  
    14  ## About Automated Builds
    15  
    16  *Automated Builds* are a special feature of Docker Hub which allow you to
    17  use [Docker Hub's](https://hub.docker.com) build clusters to automatically
    18  create images from a GitHub or Bitbucket repository containing a `Dockerfile`
    19  The system will clone your repository and build the image described by the
    20  `Dockerfile` using the directory the `Dockerfile` is in (and subdirectories)
    21  as the build context. The resulting automated image will then be uploaded
    22  to the Docker Hub registry and marked as an *Automated Build*.
    23  
    24  Automated Builds have several advantages:
    25  
    26  * Users of *your* Automated Build can trust that the resulting
    27  image was built exactly as specified.
    28  * The `Dockerfile` will be available to anyone with access to
    29  your repository on the Docker Hub registry.
    30  * Because the process is automated, Automated Builds help to
    31  make sure that your repository is always up to date.
    32  
    33  Automated Builds are supported for both public and private repositories
    34  on both [GitHub](http://github.com) and [Bitbucket](https://bitbucket.org/).
    35  
    36  To use Automated Builds, you must have an [account on Docker Hub](
    37  https://docs.docker.com/userguide/dockerhub/#creating-a-docker-hub-account)
    38  and on GitHub and/or Bitbucket. In either case, the account needs
    39  to be properly validated and activated before you can link to it.
    40  
    41  The first time you to set up an Automated Build, your
    42  [Docker Hub](https://hub.docker.com) account will need to be linked to
    43  a GitHub or Bitbucket account.
    44  This will allow the registry to see your repositories.
    45  
    46  If you have previously linked your Docker Hub account, and want to view or modify
    47  that link, click on the "Manage - Settings" link in the sidebar, and then
    48  "Linked Accounts" in your Settings sidebar.
    49  
    50  ## Automated Builds from GitHub
    51  
    52  If you've previously linked your Docker Hub account to your GitHub account,
    53  you'll be able to skip to the [Creating an Automated Build](#creating-an-automated-build).
    54  
    55  ### Linking your Docker Hub account to a GitHub account
    56  
    57  > *Note:*
    58  > Automated Builds currently require *read* and *write* access since
    59  > [Docker Hub](https://hub.docker.com) needs to setup a GitHub service
    60  > hook. We have no choice here, this is how GitHub manages permissions, sorry!
    61  > We do guarantee nothing else will be touched in your account.
    62  
    63  To get started, log into your Docker Hub account and click the
    64  "+ Add Repository" button at the upper right of the screen. Then select
    65  [Automated Build](https://registry.hub.docker.com/builds/add/).
    66  
    67  Select the [GitHub service](https://registry.hub.docker.com/associate/github/).
    68  
    69  When linking to GitHub, you'll need to select either "Public and Private",
    70  or "Limited" linking.
    71  
    72  The "Public and Private" option is the easiest to use,
    73  as it grants the Docker Hub full access to all of your repositories. GitHub
    74  also allows you to grant access to repositories belonging to your GitHub
    75  organizations.
    76  
    77  By choosing the "Limited" linking, your Docker Hub account only gets permission
    78  to access your public data and public repositories.
    79  
    80  Follow the onscreen instructions to authorize and link your
    81  GitHub account to Docker Hub. Once it is linked, you'll be able to
    82  choose a source repository from which to create the Automatic Build.
    83  
    84  You will be able to review and revoke Docker Hub's access by visiting the
    85  [GitHub User's Applications settings](https://github.com/settings/applications).
    86  
    87  > **Note**: If you delete the GitHub account linkage that is used for one of your
    88  > automated build repositories, the previously built images will still be available.
    89  > If you re-link to that GitHub account later, the automated build can be started
    90  > using the "Start Build" button on the Hub, or if the webhook on the GitHub repository
    91  > still exists, will be triggered by any subsequent commits.
    92  
    93  ### Auto builds and limited linked GitHub accounts.
    94  
    95  If you selected to link your GitHub account with only a "Limited" link, then
    96  after creating your automated build, you will need to either manually trigger a
    97  Docker Hub build using the "Start a Build" button, or add the GitHub webhook
    98  manually, as described in [GitHub Service Hooks](#github-service-hooks).
    99  
   100  ### Changing the GitHub user link
   101  
   102  If you want to remove, or change the level of linking between your GitHub account
   103  and the Docker Hub, you need to do this in two places.
   104  
   105  First, remove the "Linked Account" from your Docker Hub "Settings".
   106  Then go to your GitHub account's Personal settings, and in the "Applications"
   107  section, "Revoke access".
   108  
   109  You can now re-link your account at any time.
   110  
   111  ### GitHub organizations
   112  
   113  GitHub organizations and private repositories forked from organizations will be
   114  made available to auto build using the "Docker Hub Registry" application, which
   115  needs to be added to the organization - and then will apply to all users.
   116  
   117  To check, or request access, go to your GitHub user's "Setting" page, select the
   118  "Applications" section from the left side bar, then click the "View" button for
   119  "Docker Hub Registry".
   120  
   121  ![Check User access to GitHub](/docker-hub/hub-images/gh-check-user-org-dh-app-access.png)
   122  
   123  The organization's administrators may need to go to the Organization's "Third
   124  party access" screen in "Settings" to Grant or Deny access to the Docker Hub
   125  Registry application. This change will apply to all organization members.
   126  
   127  ![Check Docker Hub application access to Organization](/docker-hub/hub-images/gh-check-admin-org-dh-app-access.png)
   128  
   129  More detailed access controls to specific users and GitHub repositories would be
   130  managed using the GitHub People and Teams interfaces.
   131  
   132  ### Creating an Automated Build
   133  
   134  You can [create an Automated Build](
   135  https://registry.hub.docker.com/builds/github/select/) from any of your
   136  public or private GitHub repositories that have a `Dockerfile`.
   137  
   138  Once you've selected the source repository, you can then configure:
   139  
   140  - The Hub user/org the repository is built to - either your Hub account name,
   141  or the name of any Hub organizations your account is in
   142  - The Docker repository name the image is built to
   143  - If the Docker repository should be "Public" or "Private"
   144    You can change the accessibility options after the repository has been created.
   145    If you add a Private repository to a Hub user, then you can only add other users
   146    as collaborators, and those users will be able to view and pull all images in that 
   147    repository. To configure more granular access permissions, such as using groups of 
   148    users or allow different users access to different image tags, then you need
   149    to add the Private repository to a Hub organization that your user has Administrator
   150    privilege on.
   151  - If you want the GitHub to notify the Docker Hub when a commit is made, and thus trigger
   152    a rebuild of all the images in this automated build.
   153  
   154  You can also select one or more
   155  - The git branch/tag, which repository sub-directory to use as the context
   156  - The Docker image tag name
   157  
   158  You can set a description for the repository by clicking "Description" link in the righthand side bar after the automated build - note that the "Full Description" will be over-written next build from the README.md file.
   159  has been created.
   160  
   161  ### GitHub private submodules
   162  
   163  If your GitHub repository contains links to private submodules, you'll get an
   164  error message in your build.
   165  
   166  Normally, the Docker Hub sets up a deploy key in your GitHub repository.
   167  Unfortunately, GitHub only allows a repository deploy key to access a single repository.
   168  
   169  To work around this, you need to create a dedicated user account in GitHub and attach
   170  the automated build's deploy key that account. This dedicated build account
   171  can be limited to read-only access to just the repositories required to build.
   172  
   173  <table class="table table-bordered">
   174    <thead>
   175      <tr>
   176        <th>Step</th>
   177        <th>Screenshot</th>
   178        <th>Description</th>
   179      </tr>
   180    </thead>
   181    <tbody>
   182      <tr>
   183        <td>1.</td>
   184        <td><img src="/docker-hub/hub-images/gh_org_members.png"></td>
   185        <td>First, create the new account in GitHub. It should be given read-only
   186        access to the main repository and all submodules that are needed.</td>
   187      </tr>
   188      <tr>
   189        <td>2.</td>
   190        <td><img src="/docker-hub/hub-images/gh_team_members.png"></td>
   191        <td>This can be accomplished by adding the account to a read-only team in
   192        the organization(s) where the main GitHub repository and all submodule
   193        repositories are kept.</td>
   194      </tr>
   195      <tr>
   196        <td>3.</td>
   197        <td><img src="/docker-hub/hub-images/gh_repo_deploy_key.png"></td>
   198        <td>Next, remove the deploy key from the main GitHub repository. This can be done in the GitHub repository's "Deploy keys" Settings section.</td>
   199      </tr>
   200      <tr>
   201        <td>4.</td>
   202        <td><img src="/docker-hub/hub-images/deploy_key.png"></td>
   203        <td>Your automated build's deploy key is in the "Build Details" menu
   204        under "Deploy keys".</td>
   205      </tr>
   206      <tr>
   207        <td>5.</td>
   208        <td><img src="/docker-hub/hub-images/gh_add_ssh_user_key.png"></td>
   209        <td>In your dedicated GitHub User account, add the deploy key from your
   210        Docker Hub Automated Build.</td>
   211      </tr>
   212    </tbody>
   213  </table>
   214  
   215  ### GitHub service hooks
   216  
   217  The GitHub Service hook allows GitHub to notify the Docker Hub when something has
   218  been committed to that git repository. You will need to add the Service Hook manually
   219  if your GitHub account is "Limited" linked to the Docker Hub.
   220  
   221  Follow the steps below to configure the GitHub Service hooks for your Automated Build:
   222  
   223  <table class="table table-bordered">
   224    <thead>
   225      <tr>
   226        <th>Step</th>
   227        <th>Screenshot</th>
   228        <th>Description</th>
   229      </tr>
   230    </thead>
   231    <tbody>
   232      <tr>
   233        <td>1.</td>
   234        <td><img src="/docker-hub/hub-images/gh_settings.png"></td>
   235        <td>Log in to Github.com, and go to your Repository page. Click on "Settings" on
   236        the right side of the page. You must have admin privileges to the repository in order to do this.</td>
   237      </tr>
   238      <tr>
   239        <td>2.</td>
   240        <td><img src="/docker-hub/hub-images/gh_menu.png" alt="Webhooks & Services"></td>
   241        <td>Click on "Webhooks & Services" on the left side of the page.</td></tr>
   242        <tr><td>3.</td>
   243        <td><img src="/docker-hub/hub-images/gh_service_hook.png" alt="Find the service labeled Docker"></td>
   244        <td>Find the service labeled "Docker" (or click on "Add service") and click on it.</td></tr>
   245        <tr><td>4.</td>
   246        <td><img src="/docker-hub/hub-images/gh_docker-service.png" alt="Activate Service Hooks"></td>
   247        <td>Make sure the "Active" checkbox is selected and click the "Update service" button to save your changes.</td>
   248      </tr>
   249    </tbody>
   250  </table>
   251  
   252  ## Automated Builds with Bitbucket
   253  
   254  In order to setup an Automated Build, you need to first link your
   255  [Docker Hub](https://hub.docker.com) account with a Bitbucket account.
   256  This will allow the registry to see your repositories.
   257  
   258  To get started, log into your Docker Hub account and click the
   259  "+ Add Repository" button at the upper right of the screen. Then
   260  select [Automated Build](https://registry.hub.docker.com/builds/add/).
   261  
   262  Select the [Bitbucket source](
   263  https://registry.hub.docker.com/associate/bitbucket/).
   264  
   265  Then follow the onscreen instructions to authorize and link your
   266  Bitbucket account to Docker Hub. Once it is linked, you'll be able
   267  to choose a repository from which to create the Automatic Build.
   268  
   269  ### Creating an Automated Build
   270  
   271  You can [create an Automated Build](
   272  https://registry.hub.docker.com/builds/bitbucket/select/) from any of your
   273  public or private Bitbucket repositories with a `Dockerfile`.
   274  
   275  ### Adding a Hook
   276  
   277  When you link your Docker Hub account, a `POST` hook should get automatically
   278  added to your Bitbucket repository. Follow the steps below to confirm or modify the
   279  Bitbucket hooks for your Automated Build:
   280  
   281  <table class="table table-bordered">
   282    <thead>
   283      <tr>
   284        <th>Step</th>
   285        <th>Screenshot</th>
   286        <th>Description</th>
   287      </tr>
   288    </thead>
   289    <tbody>
   290      <tr>
   291        <td>1.</td>
   292        <td><img src="/docker-hub/hub-images/bb_menu.png" alt="Settings" width="180"></td>
   293        <td>Log in to Bitbucket.org and go to your Repository page. Click on "Settings" on
   294        the far left side of the page, under "Navigation". You must have admin privileges
   295        to the repository in order to do this.</td>
   296      </tr>
   297      <tr>
   298        <td>2.</td>
   299        <td><img src="/docker-hub/hub-images/bb_hooks.png" alt="Hooks" width="180"></td>
   300        <td>Click on "Hooks" on the near left side of the page, under "Settings".</td></tr>
   301      <tr>
   302        <td>3.</td>
   303        <td><img src="/docker-hub/hub-images/bb_post-hook.png" alt="Docker Post Hook"></td><td>You should now see a list of hooks associated with the repo, including a <code>POST</code> hook that points at
   304        registry.hub.docker.com/hooks/bitbucket.</td>
   305      </tr>
   306    </tbody>
   307  </table>
   308  
   309  
   310  ## The Dockerfile and Automated Builds
   311  
   312  During the build process, Docker will copy the contents of your `Dockerfile`.
   313  It will also add it to the [Docker Hub](https://hub.docker.com) for the Docker
   314  community (for public repositories) or approved team members/orgs (for private
   315  repositories) to see on the repository page.
   316  
   317  ### README.md
   318  
   319  If you have a `README.md` file in your repository, it will be used as the
   320  repository's full description.The build process will look for a
   321  `README.md` in the same directory as your `Dockerfile`.
   322  
   323  > **Warning:**
   324  > If you change the full description after a build, it will be
   325  > rewritten the next time the Automated Build has been built. To make changes,
   326  > modify the `README.md` from the Git repository.
   327  
   328  ## Remote Build triggers
   329  
   330  If you need a way to trigger Automated Builds outside of GitHub or Bitbucket,
   331  you can set up a build trigger. When you turn on the build trigger for an
   332  Automated Build, it will give you a URL to which you can send POST requests.
   333  This will trigger the Automated Build, much as with a GitHub webhook.
   334  
   335  Build triggers are available under the Settings menu of each Automated Build
   336  repository on the Docker Hub.
   337  
   338  ![Build trigger screen](/docker-hub/hub-images/build-trigger.png)
   339  
   340  You can use `curl` to trigger a build:
   341  
   342  ```
   343  $ curl --data "build=true" -X POST https://registry.hub.docker.com/u/svendowideit/testhook/trigger/be579c
   344  82-7c0e-11e4-81c4-0242ac110020/
   345  OK
   346  ```
   347  
   348  > **Note:**
   349  > You can only trigger one build at a time and no more than one
   350  > every five minutes. If you already have a build pending, or if you
   351  > recently submitted a build request, those requests *will be ignored*.
   352  > To verify everything is working correctly, check the logs of last
   353  > ten triggers on the settings page .
   354  
   355  ## Webhooks
   356  
   357  Automated Builds also include a Webhooks feature. Webhooks can be called
   358  after a successful repository push is made. This includes when a new tag is added
   359  to an existing image.
   360  
   361  The webhook call will generate a HTTP POST with the following JSON
   362  payload:
   363  
   364  ```
   365  {
   366    "callback_url": "https://registry.hub.docker.com/u/svendowideit/testhook/hook/2141b5bi5i5b02bec211i4eeih0242eg11000a/",
   367    "push_data": {
   368      "images": [
   369          "27d47432a69bca5f2700e4dff7de0388ed65f9d3fb1ec645e2bc24c223dc1cc3",
   370          "51a9c7c1f8bb2fa19bcd09789a34e63f35abb80044bc10196e304f6634cc582c",
   371          ...
   372      ],
   373      "pushed_at": 1.417566161e+09,
   374      "pusher": "trustedbuilder"
   375    },
   376    "repository": {
   377      "comment_count": 0,
   378      "date_created": 1.417494799e+09,
   379      "description": "",
   380      "dockerfile": "#\n# BUILD\u0009\u0009docker build -t svendowideit/apt-cacher .\n# RUN\u0009\u0009docker run -d -p 3142:3142 -name apt-cacher-run apt-cacher\n#\n# and then you can run containers with:\n# \u0009\u0009docker run -t -i -rm -e http_proxy http://192.168.1.2:3142/ debian bash\n#\nFROM\u0009\u0009ubuntu\nMAINTAINER\u0009SvenDowideit@home.org.au\n\n\nVOLUME\u0009\u0009[\"/var/cache/apt-cacher-ng\"]\nRUN\u0009\u0009apt-get update ; apt-get install -yq apt-cacher-ng\n\nEXPOSE \u0009\u00093142\nCMD\u0009\u0009chmod 777 /var/cache/apt-cacher-ng ; /etc/init.d/apt-cacher-ng start ; tail -f /var/log/apt-cacher-ng/*\n",
   381      "full_description": "Docker Hub based automated build from a GitHub repo",
   382      "is_official": false,
   383      "is_private": true,
   384      "is_trusted": true,
   385      "name": "testhook",
   386      "namespace": "svendowideit",
   387      "owner": "svendowideit",
   388      "repo_name": "svendowideit/testhook",
   389      "repo_url": "https://registry.hub.docker.com/u/svendowideit/testhook/",
   390      "star_count": 0,
   391      "status": "Active"
   392    }
   393  }
   394  ```
   395  
   396  Webhooks are available under the Settings menu of each Repository.
   397  
   398  > **Note:** If you want to test your webhook out we recommend using
   399  > a tool like [requestb.in](http://requestb.in/).
   400  
   401  > **Note**: The Docker Hub servers are currently in the IP range
   402  > `162.242.195.64 - 162.242.195.127`, so you can restrict your webhooks to
   403  > accept webhook requests from that set of IP addresses.
   404  
   405  ### Webhook chains
   406  
   407  Webhook chains allow you to chain calls to multiple services. For example,
   408  you can use this to trigger a deployment of your container only after
   409  it has been successfully tested, then update a separate Changelog once the
   410  deployment is complete.
   411  After clicking the "Add webhook" button, simply add as many URLs as necessary
   412  in your chain.
   413  
   414  The first webhook in a chain will be called after a successful push. Subsequent
   415  URLs will be contacted after the callback has been validated.
   416  
   417  ### Validating a callback
   418  
   419  In order to validate a callback in a webhook chain, you need to
   420  
   421  1. Retrieve the `callback_url` value in the request's JSON payload.
   422  1. Send a POST request to this URL containing a valid JSON body.
   423  
   424  > **Note**: A chain request will only be considered complete once the last
   425  > callback has been validated.
   426  
   427  To help you debug or simply view the results of your webhook(s),
   428  view the "History" of the webhook available on its settings page.
   429  
   430  ### Callback JSON data
   431  
   432  The following parameters are recognized in callback data:
   433  
   434  * `state` (required): Accepted values are `success`, `failure` and `error`.
   435    If the state isn't `success`, the webhook chain will be interrupted.
   436  * `description`: A string containing miscellaneous information that will be
   437    available on the Docker Hub. Maximum 255 characters.
   438  * `context`: A string containing the context of the operation. Can be retrieved
   439    from the Docker Hub. Maximum 100 characters.
   440  * `target_url`: The URL where the results of the operation can be found. Can be
   441    retrieved on the Docker Hub.
   442  
   443  *Example callback payload:*
   444  
   445      {
   446        "state": "success",
   447        "description": "387 tests PASSED",
   448        "context": "Continuous integration by Acme CI",
   449        "target_url": "http://ci.acme.com/results/afd339c1c3d27"
   450      }
   451  
   452  ## Repository links
   453  
   454  Repository links are a way to associate one Automated Build with
   455  another. If one gets updated,the linking system triggers a rebuild
   456  for the other Automated Build. This makes it easy to keep all your
   457  Automated Builds up to date.
   458  
   459  To add a link, go to the repository for the Automated Build you want to
   460  link to and click on *Repository Links* under the Settings menu at
   461  right. Then, enter the name of the repository that you want have linked.
   462  
   463  > **Warning:**
   464  > You can add more than one repository link, however, you should
   465  > do so very carefully. Creating a two way relationship between Automated Builds will
   466  > cause an endless build loop.