JFrog


    Cloud customer?
    Start for Free>
    Upgrade in MyJFrog >
    What's New in Cloud >





    Working with an older version?JFrog Artifactory 6.x|JFrog Xray 2.x|JFrog Mission Control 3.x|JFrog Distribution 1.x|


    Skip to end of metadata
    Go to start of metadata

    Overview

    TheDockerPushnative step pushes a Docker Image to a Docker registry.


    • Currently, only Docker registries in Artifactory are supported.
    • DockerBuildand DockerPush steps must be assigned to the sameaffinityGroupto share state. If they are not, the output of DockerBuild will not be available to DockerPush. For more information onaffinityGroupseePipelines Steps.

    Docker Build and Push Quickstart

    ThisDocker Build and Pushquickstartdemonstrates the definition of a pipeline that uses theDockerBuildand DockerPush native steps to build a single Docker Image, push it to Artifactory, and then publish the BuildInfo.

    Page Contents

    YAML Schema

    The YAML schema for DockerPush native step is as follows:

    DockerPush 
    管道:名称:<字符串>步骤:-名称:<字符串> type: DockerPush configuration: #inherits all the tags from bash; //www.si-fil.com/confluence/display/JFROG/Bash affinityGroup:  targetRepository:  # may be required. Must be a local repository. Virtual repositories are not supported. forceXrayScan:  # default false failOnScan:  # default true autoPublishBuildInfo:  # default false integrations: - name:  # required inputSteps: - name:  # required outputResources: - name:  # optional - name:  # required if autoPublishBuildInfo is true execution: onStart: - echo "Preparing for work..." onSuccess: - echo "Job well done!" onFailure: - echo "uh oh, something went wrong" onComplete: - echo "Cleaning up some stuff"

    Tags

    name

    Analphanumericstring (underscores are permitted) that identifies the step.

    type

    Must beDockerPushfor this step type.

    configuration

    Specifies all configuration selections for the step's execution environment.This step inherits theBash/PowerShellstep configuration tags, including these pertinenttags:

    Tag

    Description of usage

    		 Required/Optional
    affinityGroup Must specify an affinity group string that is the same as specifiedin a priorDockerBuildstep. Optional
    integrations Must specify anArtifactory Integration. Required
    inputSteps Typically theDockerBuildstep that built the image. The DockerBuild step must always be in the same affinity group, but other steps, such as Bash or PowerShell, are also permitted in the same affinity group, between DockerBuild and DockerPush. May be Required
    outputResources

    May specify anImageresource. If one is specified, theimageTagproperty of that resource will be updated with thedockerImageTagof the precedingDockerBuildstep.

    Must specify aBuildInforesource ifautoPublishBuildInfois set totrue. IfJFROG_CLI_BUILD_NAMEorJFROG_CLI_BUILD_NUMBERis set as an environment variable for the pipeline or the inputDockerBuildstep, that name and/or number is used for the output BuildInfo. Otherwise, thedefaultbuildNameandbuildNumberare$pipeline_nameand$run_numberrespectively.

    Optional

    May be required


    In addition, these tags can be defined to support the step's native operation:

    Tags derived from Bash

    来自本地所有步骤Bashstep. This means that all steps share the same base set of tags from Bash, while native steps have their own additional tags as well as that support the step's particular function. So it's important to be familiar with theBashstep definition, since it's the core of the definition of all other steps.

    Tag

    Description of usage

    		 Required/Optional
    targetRepository

    The name of the Docker repository in Artifactory. Required when using JFrog CLI v1 and not used when the pipeline is configured to use JFrog CLI v2.

    Must be a local repository. Virtual repositories are not supported.

    		 May be required
    forceXrayScan

    Whentrue, forces a scan of the pushed image byJFrog Xray.

    Default isfalse.

    		 Optional
    failOnScan

    When set totrue, andwhen the XrayPolicy RuleFail Buildcheckbox is checked, a failed Xray scan will result in a failure of the step.

    Default istrue.

    		 Optional
    autoPublishBuildInfo

    When set totrue, publishes build info with the Docker image.

    Default isfalse.

    		 Optional


    execution

    Declares collections of shell command sequences to perform for pre- and post-execution phases:

    Tag Description of usage Required/Optional
    onStart Commands to execute in advance of the native operation Optional
    onSuccess Commands to execute on successful completion Optional
    onFailure Commands to execute on failed completion Optional
    onComplete Commands to execute on any completion Optional


    The actions performed for theonExecutephase are inherent to this step type and may not be overridden.

    Examples

    The following examples show how to configure a DockerPush step to push a Docker image.

    Push Image to Artifactory

    Pushes the image created by the DockerBuild input step to Artifactory. Does not trigger a scan.

    DockerPush 
    # This config file is templatized so that it can be easily customized. Values can be provided with a values.yml file. template: true # required for local templates valuesFilePath: ./values.yml resources: - name: app_repo1 type: GitRepo configuration: gitProvider: {{ .Values.gitIntegration }} path: {{ .Values.gitRepositoryPath }} branches: include: master - name: app_buildinfo1 type: BuildInfo configuration: sourceArtifactory: {{ .Values.artifactoryIntegration }} - name: app_promoted_buildinfo1 type: BuildInfo configuration: sourceArtifactory: {{ .Values.artifactoryIntegration }} pipelines: - name: app_dev_pipeline steps: - name: app_build type: DockerBuild configuration: affinityGroup: docker_group dockerFileLocation: . dockerFileName: Dockerfile dockerImageName: {{ .Values.artifactoryUrl }}/{{ .Values.sourceRepository }}/{{ .Values.imageName }} dockerImageTag: ${run_number} inputResources: - name: app_repo integrations: - name: {{ .Values.artifactoryIntegration }} - name: app_push type: DockerPush configuration: affinityGroup: docker_group targetRepository: {{ .Values.sourceRepository }} integrations: - name: {{ .Values.artifactoryIntegration }} inputSteps: - name: app_build - name: publish_app_build type: PublishBuildInfo configuration: affinityGroup: docker_group inputSteps: - name: app_push outputResources: - name: app_buildinfo

    Affinity Group

    This extends one of theDockerBuild examples, pushing that image to Artifactory. Note that an affinity group has been specified in both steps.

    DockerPush 
    pipelines: - name: demo_pipeline steps: - name: bld_image type: DockerBuild configuration: affinityGroup: dockerGroup dockerFileLocation: . dockerFileName: Dockerfile dockerImageName: docker.artprod.mycompany.com/gosvc # replace with your fully qualified Docker registry/image name dockerImageTag: ${run_number} dockerOptions: --build-arg build_number_env_variable=${run_number} inputResources: - name: gosvc_app integrations: - name: MyArtifactory - name: dockerPushStep type: DockerPush configuration: affinityGroup: dockerGroup targetRepository: dockerRepo inputSteps: - name: bld_image outputResources: - name: outputBuildInfo integrations: - name: MyArtifactory

    Publish Build Info, Trigger Xray Scan, Update Output Image Resource

    In this, publishing build info, triggering an Xray scan, and updating an output Image resource has been added to the previous example.

    DockerPush 
    pipelines: - name: demo_pipeline steps: - name: bld_image type: DockerBuild configuration: affinityGroup: dockerGroup dockerFileLocation: . dockerFileName: Dockerfile dockerImageName: docker.artprod.mycompany.com/gosvc # replace with your fully qualified Docker registry/image name dockerImageTag: ${run_number} dockerOptions: --build-arg build_number_env_variable=${run_number} inputResources: - name: gosvc_app integrations: - name: MyArtifactory - name: dockerPushStep type: DockerPush configuration: affinityGroup: dockerGroup targetRepository: dockerRepo autoPublishBuildInfo: true forceXrayScan: true inputSteps: - name: bld_image outputResources: - name: outputBuildInfo - name: outputImage integrations: - name: MyArtifactory

    How it Works

    When you use theDockerPushnative step in a pipeline, it performs the following functions in the background:

    • jfrog rt use (to set the current default Artifactory configuration to the one set up for the integration inintegrations)
    • restore_run_files (copy the build information saved from the DockerBuild step)
    • jfrog rt docker-push (push the image to Artifactory)
    • jfrog rt build-publish (ifautoPublishBuildInfois true, publish the build info)
    • write_output (ifautoPublishBuildInfois true, update the BuildInfo buildName and buildNumber)
    • write_output (if there is an output Image resource, update the Image imageTag)
    • jfrog rt build-scan (ifforceXrayScanis true, trigger a scan)
    • add_run_files (save/update the build information in the run state for later publish steps)
    • No labels
    Copyright © 2022 JFrog Ltd.