github.com/circular-dark/docker@v1.7.0/docs/docker-hub/builds.md (about) 1 <!--[metadata]> 2 +++ 3 title = "Automated Builds on Docker Hub" 4 description = "Docker Hub Automated Builds" 5 keywords = ["Docker, docker, registry, accounts, plans, Dockerfile, Docker Hub, docs, documentation, trusted, builds, trusted builds, automated builds"] 6 [menu.main] 7 parent = "smn_pubhub" 8 weight = 3 9 +++ 10 <![end-metadata]--> 11 12 # Automated Builds on Docker Hub 13 14 ## About Automated Builds 15 16 *Automated Builds* are a special feature of Docker Hub which allow you to 17 use [Docker Hub's](https://hub.docker.com) build clusters to automatically 18 create images from a GitHub or Bitbucket repository containing a `Dockerfile` 19 The system will clone your repository and build the image described by the 20 `Dockerfile` using the directory the `Dockerfile` is in (and subdirectories) 21 as the build context. The resulting automated image will then be uploaded 22 to the Docker Hub registry and marked as an *Automated Build*. 23 24 Automated Builds have several advantages: 25 26 * Users of *your* Automated Build can trust that the resulting 27 image was built exactly as specified. 28 * The `Dockerfile` will be available to anyone with access to 29 your repository on the Docker Hub registry. 30 * Because the process is automated, Automated Builds help to 31 make sure that your repository is always up to date. 32 33 Automated Builds are supported for both public and private repositories 34 on both [GitHub](http://github.com) and [Bitbucket](https://bitbucket.org/). 35 36 To use Automated Builds, you must have an [account on Docker Hub]( 37 https://docs.docker.com/userguide/dockerhub/#creating-a-docker-hub-account) 38 and on GitHub and/or Bitbucket. In either case, the account needs 39 to be properly validated and activated before you can link to it. 40 41 The first time you to set up an Automated Build, your 42 [Docker Hub](https://hub.docker.com) account will need to be linked to 43 a GitHub or Bitbucket account. 44 This will allow the registry to see your repositories. 45 46 If you have previously linked your Docker Hub account, and want to view or modify 47 that link, click on the "Manage - Settings" link in the sidebar, and then 48 "Linked Accounts" in your Settings sidebar. 49 50 ## Automated Builds from GitHub 51 52 If you've previously linked your Docker Hub account to your GitHub account, 53 you'll be able to skip to the [Creating an Automated Build](#creating-an-automated-build). 54 55 ### Linking your Docker Hub account to a GitHub account 56 57 > *Note:* 58 > Automated Builds currently require *read* and *write* access since 59 > [Docker Hub](https://hub.docker.com) needs to setup a GitHub service 60 > hook. We have no choice here, this is how GitHub manages permissions, sorry! 61 > We do guarantee nothing else will be touched in your account. 62 63 To get started, log into your Docker Hub account and click the 64 "+ Add Repository" button at the upper right of the screen. Then select 65 [Automated Build](https://registry.hub.docker.com/builds/add/). 66 67 Select the [GitHub service](https://registry.hub.docker.com/associate/github/). 68 69 When linking to GitHub, you'll need to select either "Public and Private", 70 or "Limited" linking. 71 72 The "Public and Private" option is the easiest to use, 73 as it grants the Docker Hub full access to all of your repositories. GitHub 74 also allows you to grant access to repositories belonging to your GitHub 75 organizations. 76 77 By choosing the "Limited" linking, your Docker Hub account only gets permission 78 to access your public data and public repositories. 79 80 Follow the onscreen instructions to authorize and link your 81 GitHub account to Docker Hub. Once it is linked, you'll be able to 82 choose a source repository from which to create the Automatic Build. 83 84 You will be able to review and revoke Docker Hub's access by visiting the 85 [GitHub User's Applications settings](https://github.com/settings/applications). 86 87 > **Note**: If you delete the GitHub account linkage that is used for one of your 88 > automated build repositories, the previously built images will still be available. 89 > If you re-link to that GitHub account later, the automated build can be started 90 > using the "Start Build" button on the Hub, or if the webhook on the GitHub repository 91 > still exists, will be triggered by any subsequent commits. 92 93 ### Auto builds and limited linked GitHub accounts. 94 95 If you selected to link your GitHub account with only a "Limited" link, then 96 after creating your automated build, you will need to either manually trigger a 97 Docker Hub build using the "Start a Build" button, or add the GitHub webhook 98 manually, as described in [GitHub Service Hooks](#github-service-hooks). 99 100 ### Changing the GitHub user link 101 102 If you want to remove, or change the level of linking between your GitHub account 103 and the Docker Hub, you need to do this in two places. 104 105 First, remove the "Linked Account" from your Docker Hub "Settings". 106 Then go to your GitHub account's Personal settings, and in the "Applications" 107 section, "Revoke access". 108 109 You can now re-link your account at any time. 110 111 ### GitHub organizations 112 113 GitHub organizations and private repositories forked from organizations will be 114 made available to auto build using the "Docker Hub Registry" application, which 115 needs to be added to the organization - and then will apply to all users. 116 117 To check, or request access, go to your GitHub user's "Setting" page, select the 118 "Applications" section from the left side bar, then click the "View" button for 119 "Docker Hub Registry". 120 121 ![Check User access to GitHub](/docker-hub/hub-images/gh-check-user-org-dh-app-access.png) 122 123 The organization's administrators may need to go to the Organization's "Third 124 party access" screen in "Settings" to Grant or Deny access to the Docker Hub 125 Registry application. This change will apply to all organization members. 126 127 ![Check Docker Hub application access to Organization](/docker-hub/hub-images/gh-check-admin-org-dh-app-access.png) 128 129 More detailed access controls to specific users and GitHub repositories would be 130 managed using the GitHub People and Teams interfaces. 131 132 ### Creating an Automated Build 133 134 You can [create an Automated Build]( 135 https://registry.hub.docker.com/builds/github/select/) from any of your 136 public or private GitHub repositories that have a `Dockerfile`. 137 138 Once you've selected the source repository, you can then configure: 139 140 - The Hub user/org the repository is built to - either your Hub account name, 141 or the name of any Hub organizations your account is in 142 - The Docker repository name the image is built to 143 - If the Docker repository should be "Public" or "Private" 144 You can change the accessibility options after the repository has been created. 145 If you add a Private repository to a Hub user, then you can only add other users 146 as collaborators, and those users will be able to view and pull all images in that 147 repository. To configure more granular access permissions, such as using groups of 148 users or allow different users access to different image tags, then you need 149 to add the Private repository to a Hub organization that your user has Administrator 150 privilege on. 151 - If you want the GitHub to notify the Docker Hub when a commit is made, and thus trigger 152 a rebuild of all the images in this automated build. 153 154 You can also select one or more 155 - The git branch/tag, which repository sub-directory to use as the context 156 - The Docker image tag name 157 158 You can set a description for the repository by clicking "Description" link in the righthand side bar after the automated build - note that the "Full Description" will be over-written next build from the README.md file. 159 has been created. 160 161 ### GitHub private submodules 162 163 If your GitHub repository contains links to private submodules, you'll get an 164 error message in your build. 165 166 Normally, the Docker Hub sets up a deploy key in your GitHub repository. 167 Unfortunately, GitHub only allows a repository deploy key to access a single repository. 168 169 To work around this, you need to create a dedicated user account in GitHub and attach 170 the automated build's deploy key that account. This dedicated build account 171 can be limited to read-only access to just the repositories required to build. 172 173 <table class="table table-bordered"> 174 <thead> 175 <tr> 176 <th>Step</th> 177 <th>Screenshot</th> 178 <th>Description</th> 179 </tr> 180 </thead> 181 <tbody> 182 <tr> 183 <td>1.</td> 184 <td><img src="/docker-hub/hub-images/gh_org_members.png"></td> 185 <td>First, create the new account in GitHub. It should be given read-only 186 access to the main repository and all submodules that are needed.</td> 187 </tr> 188 <tr> 189 <td>2.</td> 190 <td><img src="/docker-hub/hub-images/gh_team_members.png"></td> 191 <td>This can be accomplished by adding the account to a read-only team in 192 the organization(s) where the main GitHub repository and all submodule 193 repositories are kept.</td> 194 </tr> 195 <tr> 196 <td>3.</td> 197 <td><img src="/docker-hub/hub-images/gh_repo_deploy_key.png"></td> 198 <td>Next, remove the deploy key from the main GitHub repository. This can be done in the GitHub repository's "Deploy keys" Settings section.</td> 199 </tr> 200 <tr> 201 <td>4.</td> 202 <td><img src="/docker-hub/hub-images/deploy_key.png"></td> 203 <td>Your automated build's deploy key is in the "Build Details" menu 204 under "Deploy keys".</td> 205 </tr> 206 <tr> 207 <td>5.</td> 208 <td><img src="/docker-hub/hub-images/gh_add_ssh_user_key.png"></td> 209 <td>In your dedicated GitHub User account, add the deploy key from your 210 Docker Hub Automated Build.</td> 211 </tr> 212 </tbody> 213 </table> 214 215 ### GitHub service hooks 216 217 The GitHub Service hook allows GitHub to notify the Docker Hub when something has 218 been committed to that git repository. You will need to add the Service Hook manually 219 if your GitHub account is "Limited" linked to the Docker Hub. 220 221 Follow the steps below to configure the GitHub Service hooks for your Automated Build: 222 223 <table class="table table-bordered"> 224 <thead> 225 <tr> 226 <th>Step</th> 227 <th>Screenshot</th> 228 <th>Description</th> 229 </tr> 230 </thead> 231 <tbody> 232 <tr> 233 <td>1.</td> 234 <td><img src="/docker-hub/hub-images/gh_settings.png"></td> 235 <td>Log in to Github.com, and go to your Repository page. Click on "Settings" on 236 the right side of the page. You must have admin privileges to the repository in order to do this.</td> 237 </tr> 238 <tr> 239 <td>2.</td> 240 <td><img src="/docker-hub/hub-images/gh_menu.png" alt="Webhooks & Services"></td> 241 <td>Click on "Webhooks & Services" on the left side of the page.</td></tr> 242 <tr><td>3.</td> 243 <td><img src="/docker-hub/hub-images/gh_service_hook.png" alt="Find the service labeled Docker"></td> 244 <td>Find the service labeled "Docker" (or click on "Add service") and click on it.</td></tr> 245 <tr><td>4.</td> 246 <td><img src="/docker-hub/hub-images/gh_docker-service.png" alt="Activate Service Hooks"></td> 247 <td>Make sure the "Active" checkbox is selected and click the "Update service" button to save your changes.</td> 248 </tr> 249 </tbody> 250 </table> 251 252 ## Automated Builds with Bitbucket 253 254 In order to setup an Automated Build, you need to first link your 255 [Docker Hub](https://hub.docker.com) account with a Bitbucket account. 256 This will allow the registry to see your repositories. 257 258 To get started, log into your Docker Hub account and click the 259 "+ Add Repository" button at the upper right of the screen. Then 260 select [Automated Build](https://registry.hub.docker.com/builds/add/). 261 262 Select the [Bitbucket source]( 263 https://registry.hub.docker.com/associate/bitbucket/). 264 265 Then follow the onscreen instructions to authorize and link your 266 Bitbucket account to Docker Hub. Once it is linked, you'll be able 267 to choose a repository from which to create the Automatic Build. 268 269 ### Creating an Automated Build 270 271 You can [create an Automated Build]( 272 https://registry.hub.docker.com/builds/bitbucket/select/) from any of your 273 public or private Bitbucket repositories with a `Dockerfile`. 274 275 ### Adding a Hook 276 277 When you link your Docker Hub account, a `POST` hook should get automatically 278 added to your Bitbucket repository. Follow the steps below to confirm or modify the 279 Bitbucket hooks for your Automated Build: 280 281 <table class="table table-bordered"> 282 <thead> 283 <tr> 284 <th>Step</th> 285 <th>Screenshot</th> 286 <th>Description</th> 287 </tr> 288 </thead> 289 <tbody> 290 <tr> 291 <td>1.</td> 292 <td><img src="/docker-hub/hub-images/bb_menu.png" alt="Settings" width="180"></td> 293 <td>Log in to Bitbucket.org and go to your Repository page. Click on "Settings" on 294 the far left side of the page, under "Navigation". You must have admin privileges 295 to the repository in order to do this.</td> 296 </tr> 297 <tr> 298 <td>2.</td> 299 <td><img src="/docker-hub/hub-images/bb_hooks.png" alt="Hooks" width="180"></td> 300 <td>Click on "Hooks" on the near left side of the page, under "Settings".</td></tr> 301 <tr> 302 <td>3.</td> 303 <td><img src="/docker-hub/hub-images/bb_post-hook.png" alt="Docker Post Hook"></td><td>You should now see a list of hooks associated with the repo, including a <code>POST</code> hook that points at 304 registry.hub.docker.com/hooks/bitbucket.</td> 305 </tr> 306 </tbody> 307 </table> 308 309 310 ## The Dockerfile and Automated Builds 311 312 During the build process, Docker will copy the contents of your `Dockerfile`. 313 It will also add it to the [Docker Hub](https://hub.docker.com) for the Docker 314 community (for public repositories) or approved team members/orgs (for private 315 repositories) to see on the repository page. 316 317 ### README.md 318 319 If you have a `README.md` file in your repository, it will be used as the 320 repository's full description.The build process will look for a 321 `README.md` in the same directory as your `Dockerfile`. 322 323 > **Warning:** 324 > If you change the full description after a build, it will be 325 > rewritten the next time the Automated Build has been built. To make changes, 326 > modify the `README.md` from the Git repository. 327 328 ## Remote Build triggers 329 330 If you need a way to trigger Automated Builds outside of GitHub or Bitbucket, 331 you can set up a build trigger. When you turn on the build trigger for an 332 Automated Build, it will give you a URL to which you can send POST requests. 333 This will trigger the Automated Build, much as with a GitHub webhook. 334 335 Build triggers are available under the Settings menu of each Automated Build 336 repository on the Docker Hub. 337 338 ![Build trigger screen](/docker-hub/hub-images/build-trigger.png) 339 340 You can use `curl` to trigger a build: 341 342 ``` 343 $ curl --data "build=true" -X POST https://registry.hub.docker.com/u/svendowideit/testhook/trigger/be579c 344 82-7c0e-11e4-81c4-0242ac110020/ 345 OK 346 ``` 347 348 > **Note:** 349 > You can only trigger one build at a time and no more than one 350 > every five minutes. If you already have a build pending, or if you 351 > recently submitted a build request, those requests *will be ignored*. 352 > To verify everything is working correctly, check the logs of last 353 > ten triggers on the settings page . 354 355 ## Webhooks 356 357 Automated Builds also include a Webhooks feature. Webhooks can be called 358 after a successful repository push is made. This includes when a new tag is added 359 to an existing image. 360 361 The webhook call will generate a HTTP POST with the following JSON 362 payload: 363 364 ``` 365 { 366 "callback_url": "https://registry.hub.docker.com/u/svendowideit/testhook/hook/2141b5bi5i5b02bec211i4eeih0242eg11000a/", 367 "push_data": { 368 "images": [ 369 "27d47432a69bca5f2700e4dff7de0388ed65f9d3fb1ec645e2bc24c223dc1cc3", 370 "51a9c7c1f8bb2fa19bcd09789a34e63f35abb80044bc10196e304f6634cc582c", 371 ... 372 ], 373 "pushed_at": 1.417566161e+09, 374 "pusher": "trustedbuilder" 375 }, 376 "repository": { 377 "comment_count": 0, 378 "date_created": 1.417494799e+09, 379 "description": "", 380 "dockerfile": "#\n# BUILD\u0009\u0009docker build -t svendowideit/apt-cacher .\n# RUN\u0009\u0009docker run -d -p 3142:3142 -name apt-cacher-run apt-cacher\n#\n# and then you can run containers with:\n# \u0009\u0009docker run -t -i -rm -e http_proxy http://192.168.1.2:3142/ debian bash\n#\nFROM\u0009\u0009ubuntu\nMAINTAINER\u0009SvenDowideit@home.org.au\n\n\nVOLUME\u0009\u0009[\"/var/cache/apt-cacher-ng\"]\nRUN\u0009\u0009apt-get update ; apt-get install -yq apt-cacher-ng\n\nEXPOSE \u0009\u00093142\nCMD\u0009\u0009chmod 777 /var/cache/apt-cacher-ng ; /etc/init.d/apt-cacher-ng start ; tail -f /var/log/apt-cacher-ng/*\n", 381 "full_description": "Docker Hub based automated build from a GitHub repo", 382 "is_official": false, 383 "is_private": true, 384 "is_trusted": true, 385 "name": "testhook", 386 "namespace": "svendowideit", 387 "owner": "svendowideit", 388 "repo_name": "svendowideit/testhook", 389 "repo_url": "https://registry.hub.docker.com/u/svendowideit/testhook/", 390 "star_count": 0, 391 "status": "Active" 392 } 393 } 394 ``` 395 396 Webhooks are available under the Settings menu of each Repository. 397 398 > **Note:** If you want to test your webhook out we recommend using 399 > a tool like [requestb.in](http://requestb.in/). 400 401 > **Note**: The Docker Hub servers are currently in the IP range 402 > `162.242.195.64 - 162.242.195.127`, so you can restrict your webhooks to 403 > accept webhook requests from that set of IP addresses. 404 405 ### Webhook chains 406 407 Webhook chains allow you to chain calls to multiple services. For example, 408 you can use this to trigger a deployment of your container only after 409 it has been successfully tested, then update a separate Changelog once the 410 deployment is complete. 411 After clicking the "Add webhook" button, simply add as many URLs as necessary 412 in your chain. 413 414 The first webhook in a chain will be called after a successful push. Subsequent 415 URLs will be contacted after the callback has been validated. 416 417 ### Validating a callback 418 419 In order to validate a callback in a webhook chain, you need to 420 421 1. Retrieve the `callback_url` value in the request's JSON payload. 422 1. Send a POST request to this URL containing a valid JSON body. 423 424 > **Note**: A chain request will only be considered complete once the last 425 > callback has been validated. 426 427 To help you debug or simply view the results of your webhook(s), 428 view the "History" of the webhook available on its settings page. 429 430 ### Callback JSON data 431 432 The following parameters are recognized in callback data: 433 434 * `state` (required): Accepted values are `success`, `failure` and `error`. 435 If the state isn't `success`, the webhook chain will be interrupted. 436 * `description`: A string containing miscellaneous information that will be 437 available on the Docker Hub. Maximum 255 characters. 438 * `context`: A string containing the context of the operation. Can be retrieved 439 from the Docker Hub. Maximum 100 characters. 440 * `target_url`: The URL where the results of the operation can be found. Can be 441 retrieved on the Docker Hub. 442 443 *Example callback payload:* 444 445 { 446 "state": "success", 447 "description": "387 tests PASSED", 448 "context": "Continuous integration by Acme CI", 449 "target_url": "http://ci.acme.com/results/afd339c1c3d27" 450 } 451 452 ## Repository links 453 454 Repository links are a way to associate one Automated Build with 455 another. If one gets updated,the linking system triggers a rebuild 456 for the other Automated Build. This makes it easy to keep all your 457 Automated Builds up to date. 458 459 To add a link, go to the repository for the Automated Build you want to 460 link to and click on *Repository Links* under the Settings menu at 461 right. Then, enter the name of the repository that you want have linked. 462 463 > **Warning:** 464 > You can add more than one repository link, however, you should 465 > do so very carefully. Creating a two way relationship between Automated Builds will 466 > cause an endless build loop.