在 CI 中使用 Docker Build Cloud
目錄
在 CI 中使用 Docker Build Cloud 可以加快構建管道的速度,這意味著減少等待和上下文切換的時間。您可以像往常一樣控制 CI 工作流,並將構建執行委派給 Docker Build Cloud。
在 CI 中使用 Docker Build Cloud 構建涉及以下步驟:
- 登入 Docker 帳戶。
- 設定 Buildx 並連線到構建器。
- 執行構建。
在 CI 中使用 Docker Build Cloud 時,建議直接將結果推送到登錄檔,而不是載入映象然後再推送。直接推送可以加快構建速度,並避免不必要的檔案傳輸。
如果您只想構建並丟棄輸出,請將結果匯出到構建快取中,或者不給映象打標籤就進行構建。當您使用 Docker Build Cloud 時,如果您構建帶有標籤的映象,Buildx 會自動載入構建結果。詳情請參閱載入構建結果。
注意Docker Build Cloud 上的構建超時限制為 90 分鐘。執行超過 90 分鐘的構建將自動取消。
為 CI/CD 設定憑據
要使您的 CI/CD 系統能夠使用 Docker Build Cloud 構建和推送映象,請同時提供訪問令牌和使用者名稱。您使用的令牌型別和使用者名稱取決於您的帳戶型別和許可權。
- 如果您是組織管理員或有權建立組織訪問令牌 (OAT),請使用 OAT 並將 `DOCKER_ACCOUNT` 設定為您的 Docker Hub 組織名稱。
- 如果您無權建立 OAT 或正在使用個人帳戶,請使用個人訪問令牌 (PAT) 並將 `DOCKER_ACCOUNT` 設定為您的 Docker Hub 使用者名稱。
建立訪問令牌
對於組織帳戶
如果您是組織管理員
- 建立組織訪問令牌 (OAT)。該令牌必須具有以下許可權:
- cloud-connect 範圍
- 讀取公共倉庫許可權
- 目標倉庫的倉庫訪問和映象推送許可權
- 展開倉庫下拉選單。
- 選擇新增倉庫並選擇您的目標倉庫。
- 為倉庫設定映象推送許可權。
如果您不是組織管理員
- 向您的組織管理員索取具有上述許可權的訪問令牌,或者使用個人訪問令牌。
對於個人帳戶
- 建立具有以下許可權的個人訪問令牌 (PAT):
- 讀寫訪問。
- 注意:使用 Docker Build Cloud 構建只需要讀取許可權,但您需要寫入許可權才能將映象推送到 Docker Hub 倉庫。
- 讀寫訪問。
CI 平臺示例
注意在 CI/CD 配置中,設定以下變數/金鑰:
- `DOCKER_ACCESS_TOKEN` — 您的訪問令牌(PAT 或 OAT)。使用金鑰儲存令牌。
- `DOCKER_ACCOUNT` — 您的 Docker Hub 組織名稱(用於 OAT)或使用者名稱(用於 PAT)
- `CLOUD_BUILDER_NAME` — 您在Docker Build Cloud 控制檯中建立的雲構建器的名稱
這確保您的構建與 Docker Build Cloud 正確進行身份驗證。
GitHub Actions
name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKER_ACCOUNT }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: cloud
endpoint: "${{ vars.DOCKER_ACCOUNT }}/${{ vars.CLOUD_BUILDER_NAME }}" # for example, "acme/default"
install: true
- name: Build and push
uses: docker/build-push-action@v6
with:
tags: "<IMAGE>" # for example, "acme/my-image:latest"
# For pull requests, export results to the build cache.
# Otherwise, push to a registry.
outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry' }}GitLab
default:
image: docker:24-dind
services:
- docker:24-dind
before_script:
- docker info
- echo "$DOCKER_ACCESS_TOKEN" | docker login --username "$DOCKER_ACCOUNT" --password-stdin
- |
apk add curl jq
ARCH=${CI_RUNNER_EXECUTABLE_ARCH#*/}
BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$ARCH\"))")
mkdir -vp ~/.docker/cli-plugins/
curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL
chmod a+x ~/.docker/cli-plugins/docker-buildx
- docker buildx create --use --driver cloud ${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}
variables:
IMAGE_NAME: <IMAGE>
DOCKER_ACCOUNT: <DOCKER_ACCOUNT> # your Docker Hub organization name (or username when using a personal account)
CLOUD_BUILDER_NAME: <CLOUD_BUILDER_NAME> # the name of the cloud builder you created in the [Docker Build Cloud Dashboard](https://app.docker.com/build/)
# Build multi-platform image and push to a registry
build_push:
stage: build
script:
- |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--tag "${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}" \
--push .
# Build an image and discard the result
build_cache:
stage: build
script:
- |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--tag "${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}" \
--output type=cacheonly \
.Circle CI
version: 2.1
jobs:
# Build multi-platform image and push to a registry
build_push:
machine:
image: ubuntu-2204:current
steps:
- checkout
- run: |
mkdir -vp ~/.docker/cli-plugins/
ARCH=amd64
BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$ARCH\"))")
curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL
chmod a+x ~/.docker/cli-plugins/docker-buildx
- run: echo "$DOCKER_ACCESS_TOKEN" | docker login --username $DOCKER_ --password-stdin
- run: docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"
- run: |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
--tag "<IMAGE>" .
# Build an image and discard the result
build_cache:
machine:
image: ubuntu-2204:current
steps:
- checkout
- run: |
mkdir -vp ~/.docker/cli-plugins/
ARCH=amd64
BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$ARCH\"))")
curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL
chmod a+x ~/.docker/cli-plugins/docker-buildx
- run: echo "$DOCKER_ACCESS_TOKEN" | docker login --username $DOCKER_ --password-stdin
- run: docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"
- run: |
docker buildx build \
--tag temp \
--output type=cacheonly \
.
workflows:
pull_request:
jobs:
- build_cache
release:
jobs:
- build_pushBuildkite
以下示例使用 Docker Build Cloud 設定 Buildkite 管道。該示例假設管道名稱為 `build-push-docker`,並且您使用環境變數鉤子管理 Docker 訪問令牌,但請隨意根據您的需求進行調整。
在 `environment` 鉤子代理的鉤子目錄中新增以下內容:
#!/bin/bash
set -euo pipefail
if [[ "$BUILDKITE_PIPELINE_NAME" == "build-push-docker" ]]; then
export DOCKER_ACCESS_TOKEN="<DOCKER_ACCESS_TOKEN>"
fi建立一個使用 `docker-login` 外掛的 `pipeline.yml` 檔案:
env:
DOCKER_ACCOUNT: <DOCKER_ACCOUNT> # your Docker Hub organization name (or username when using a personal account)
CLOUD_BUILDER_NAME: <CLOUD_BUILDER_NAME> # the name of the cloud builder you created in the [Docker Build Cloud Dashboard](https://app.docker.com/build/)
IMAGE_NAME: <IMAGE>
steps:
- command: ./build.sh
key: build-push
plugins:
- docker-login#v2.1.0:
username: DOCKER_ACCOUNT
password-env: DOCKER_ACCESS_TOKEN # the variable name in the environment hook建立 `build.sh` 指令碼:
DOCKER_DIR=/usr/libexec/docker
# Get download link for latest buildx binary.
# Set $ARCH to the CPU architecture (e.g. amd64, arm64)
UNAME_ARCH=`uname -m`
case $UNAME_ARCH in
aarch64)
ARCH="arm64";
;;
amd64)
ARCH="amd64";
;;
*)
ARCH="amd64";
;;
esac
BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$ARCH\"))")
# Download docker buildx with Build Cloud support
curl --silent -L --output $DOCKER_DIR/cli-plugins/docker-buildx $BUILDX_URL
chmod a+x ~/.docker/cli-plugins/docker-buildx
# Connect to your builder and set it as the default builder
docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"
# Cache-only image build
docker buildx build \
--platform linux/amd64,linux/arm64 \
--tag "$IMAGE_NAME:$BUILDKITE_COMMIT" \
--output type=cacheonly \
.
# Build, tag, and push a multi-arch docker image
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
--tag "$IMAGE_NAME:$BUILDKITE_COMMIT" \
.Jenkins
pipeline {
agent any
environment {
ARCH = 'amd64'
DOCKER_ACCESS_TOKEN = credentials('docker-access-token')
DOCKER_ACCOUNT = credentials('docker-account')
CLOUD_BUILDER_NAME = '<CLOUD_BUILDER_NAME>'
IMAGE_NAME = '<IMAGE>'
}
stages {
stage('Build') {
environment {
BUILDX_URL = sh (returnStdout: true, script: 'curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\\"linux-$ARCH\\"))"').trim()
}
steps {
sh 'mkdir -vp ~/.docker/cli-plugins/'
sh 'curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL'
sh 'chmod a+x ~/.docker/cli-plugins/docker-buildx'
sh 'echo "$DOCKER_ACCESS_TOKEN" | docker login --username $DOCKER_ACCOUNT --password-stdin'
sh 'docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"'
// Cache-only build
sh 'docker buildx build --platform linux/amd64,linux/arm64 --tag "$IMAGE_NAME" --output type=cacheonly .'
// Build and push a multi-platform image
sh 'docker buildx build --platform linux/amd64,linux/arm64 --push --tag "$IMAGE_NAME" .'
}
}
}
}Travis CI
language: minimal
dist: jammy
services:
- docker
env:
global:
- IMAGE_NAME=<IMAGE> # for example, "acme/my-image:latest"
before_install: |
echo "$DOCKER_ACCESS_TOKEN" | docker login --username "$DOCKER_ACCOUNT" --password-stdin
install: |
set -e
BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$TRAVIS_CPU_ARCH\"))")
mkdir -vp ~/.docker/cli-plugins/
curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL
chmod a+x ~/.docker/cli-plugins/docker-buildx
docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"
script: |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
--tag "$IMAGE_NAME" .BitBucket Pipelines
# Prerequisites: $DOCKER_ACCOUNT, $CLOUD_BUILDER_NAME, $DOCKER_ACCESS_TOKEN setup as deployment variables
# This pipeline assumes $BITBUCKET_REPO_SLUG as the image name
image: atlassian/default-image:3
pipelines:
default:
- step:
name: Build multi-platform image
script:
- mkdir -vp ~/.docker/cli-plugins/
- ARCH=amd64
- BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$ARCH\"))")
- curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL
- chmod a+x ~/.docker/cli-plugins/docker-buildx
- echo "$DOCKER_ACCESS_TOKEN" | docker login --username $DOCKER_ACCOUNT --password-stdin
- docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"
- IMAGE_NAME=$BITBUCKET_REPO_SLUG
- docker buildx build
--platform linux/amd64,linux/arm64
--push
--tag "$IMAGE_NAME" .
services:
- dockerShell 指令碼
#!/bin/bash
# Get download link for latest buildx binary. Set $ARCH to the CPU architecture (e.g. amd64, arm64)
ARCH=amd64
BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$ARCH\"))")
# Download docker buildx with Build Cloud support
mkdir -vp ~/.docker/cli-plugins/
curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL
chmod a+x ~/.docker/cli-plugins/docker-buildx
# Login to Docker Hub with an access token. See https://docs.docker.net.tw/build-cloud/ci/#creating-access-tokens
echo "$DOCKER_ACCESS_TOKEN" | docker login --username $DOCKER_ACCOUNT --password-stdin
# Connect to your builder and set it as the default builder
docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"
# Cache-only image build
docker buildx build \
--tag temp \
--output type=cacheonly \
.
# Build, tag, and push a multi-arch docker image
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
--tag "<IMAGE>" \
.Docker Compose
如果您想在 CI 中將 `docker compose build` 與 Docker Build Cloud 一起使用,請使用此實現。
#!/bin/bash
# Get download link for latest buildx binary. Set $ARCH to the CPU architecture (e.g. amd64, arm64)
ARCH=amd64
BUILDX_URL=$(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json | jq -r ".latest.assets[] | select(endswith(\"linux-$ARCH\"))")
COMPOSE_URL=$(curl -sL \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <GITHUB_TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/docker/compose-desktop/releases \
| jq "[ .[] | select(.prerelease==false and .draft==false) ] | .[0].assets.[] | select(.name | endswith(\"linux-${ARCH}\")) | .browser_download_url")
# Download docker buildx with Build Cloud support
mkdir -vp ~/.docker/cli-plugins/
curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL
curl --silent -L --output ~/.docker/cli-plugins/docker-compose $COMPOSE_URL
chmod a+x ~/.docker/cli-plugins/docker-buildx
chmod a+x ~/.docker/cli-plugins/docker-compose
# Login to Docker Hub with an access token. See https://docs.docker.net.tw/build-cloud/ci/#creating-access-tokens
echo "$DOCKER_ACCESS_TOKEN" | docker login --username $DOCKER_ACCOUNT --password-stdin
# Connect to your builder and set it as the default builder
docker buildx create --use --driver cloud "${DOCKER_ACCOUNT}/${CLOUD_BUILDER_NAME}"
# Build the image build
docker compose build