eosho/docker-image-build

[[TOC]]

WBA - Docker Base Image Automation

This repository showcases scenarios for Azure Container Registry Tasks for automating the lifecycle of Docker base images. ACR Tasks is a suite of features within Azure Container Registry for performing Docker container builds on Azure, as well as automated OS and framework patching for Docker containers.

This project includes the following Dockerfiles:

The WBA defined base images are located in the base folder of the repository root.

• Dockerfile-alpine - Non-parameterized Dockerfile for building the initial base images. References a base image in Docker Hub.
• Dockerfile-alpine-glibc - Dockerfile for building glibc, References a base image in ACR & it is based off the Dockerfile-alpine image.
• Dockerfile-alpine-jdk11 - Dockerfile for building jdk11. References a base image in ACR & it is based off the Dockerfile-alpine-gilbc image.
• Dockerfile-alpine-jdk14 - Dockerfile for building jdk14 References a base image in ACR & it is based off the Dockerfile-alpine-gilbc image.
• Dockerfile-alpine-node12 - Dockerfile for building node12 References a base image in ACR & it is based off the Dockerfile-alpine image.
• Dockerfile-alpine-node14 - Dockerfile for building node14 References a base image in ACR & it is based off the Dockerfile-alpine image.

Design Approach

The following details the design approach for orchestrating the image build, test, and deploy process.

Building images - Multi-step

Multi-step tasks is being used to extend the single image build-and-push capability of ACR Tasks with multi-step, multi-container-based workflows. Use multi-step tasks to build, test and push several images, in series or in parallel. Then run those images as commands within a single task run. Each step defines a container image build or push operation, and can also define the execution of a container. Each step in a multi-step task uses a container as its execution environment.

Multi-step task scenario

Multi-step tasks enable scenarios like the following logic:

• Build, tag, and push one or more container images, in series or in parallel.
• Run and capture unit test and code coverage results.
• Run and capture functional tests. ACR Tasks supports running more than one container, executing a series of requests between them.
• Perform task-based execution, including pre/post steps of a container image build.
• Deploy one or more containers with your favorite deployment engine to your target environment.

A multi-step task in ACR Tasks is defined as a series of steps within a YAML file. Each step can specify dependencies on the successful completion of one or more previous steps. The following task step types are available:

Example (simple - build and push):

version: v1.1.0
steps:
  - build: -t $Registry/baseimages/alpine/current:$ID -f Dockerfile-alpine .
  - push: ["$Registry/baseimages/alpine/current:$ID"]

Example (complex - build, test, push)

version: v1.1.0
steps:
  - id: build
    build: -t $Registry/baseimages/eotechtest:$ID -f Dockerfile .
  - cmd: -t $Registry/baseimages/eotechtest:$ID
    id: test
    detach: true
    ports:
    - 80
  - cmd: docker stop test
  - id: push
    push:
    - "$Registry/baseimages/eotechtest:$ID
    when:
    - build
    - test

Example (more complex)

A more complex example can be found here - Current Method

Run locally

In order to deploy this locally, run the following command:

az acr run --registry <acrName> -f build-push.wba.yaml .

Resources

• Azure Container Registry
• Azure Container Registry documentation
• Automate image builds
• Base image updates

Next Steps

Learn more about the orchestration process developed for automating the base image build, test and patching process:

• Orchestration via PowerShell
• Multi-stage YAML Pipeline
• Image Testing
• Security Scanning via ASC