README.md 3.71 KB
Newer Older
1
## How to use this project
Otheus Shelling's avatar
Otheus Shelling committed
2

3
4
A functional example of using GIT @ UIBK with our local registry, 
the CI/CD process, and some advanced CI/CD techniques.
Otheus Shelling's avatar
Otheus Shelling committed
5

6
7
If you are experienced with docker and gitlab/ci, 
simply tailor the .gitlab-ci.yml file to your needs.
Otheus Shelling's avatar
Otheus Shelling committed
8

9
10
If you are new to docker and/or gitlab-ci, you can Fork this project and 
simply execute the pipeline of your Fork.
Otheus Shelling's avatar
Otheus Shelling committed
11

12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
1. Fork this project
2. Create and modify the Secret Variable named HELLO_WHO. 
   Go to Project's Settings -> CI/CD -> Variables. 
   Only fill in a value; do not set the options.
3. Run the pipeline  (or make a commit, which will trigger this). 
   Go to Project -> CI/CD -> Pipelines, 
   click on the green button in the upper-right corner "Run Pipeline"

Done! Examine the job output of the "testdind" (test docker-in-docker) stage to see all the gory details. 
The `docker info` step is a debug step, and you will eventually want to remove that from your project.
The Variables are used to contain keys and passwords to things like other repositories. 
There are predefined variables which you can use as well. 
They are all [https://docs.gitlab.com/ee/ci/variables/](documented at Gitlab).

-----

## How to create a simple "hello-world" container from scratch and push it to your repository's registry

You can also create your own images from your own docker service, push them
to the registry and make use of them that way. Once there, you can use them 
as part of your build or testing process.
This is a quick tutorial on how to do that.

On a host running docker, follow the steps below. These steps are more or less 
the same from what you find in the `.gitlab-ci.yaml` file in this repository.
Otheus Shelling's avatar
Otheus Shelling committed
37
38
39

### Step 1: login to our registry

40
41
42
> **Prerequisite**: Your user account should be a member of the `docker` group.


Otheus Shelling's avatar
Otheus Shelling committed
43
44
45
46
47
48
49
50
51
52
53
```
$ docker login docker.uibk.ac.at:443
Username: <YOUR_C_USER_ID>
Password: <CAMPUS_LDAP_PASSWORD>
WARNING! Your password will be stored unencrypted in /home/c102/c10267/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
```

54
55
56
57
58
59
> **Warning** This step saves your credentials to a file in your directory on the localhost.
> **It is stored unencrypted, base-64 unencoded. It is not secure**
> Anyone with root access on the host will be able to sniff this file. 
> Logout afterwards to minimize chance of your credentials being stolen.
> To be more secure, use GPG to keep your credentials secured. See [https://www.antoniojgutierrez.com/2018/08/11/docker_login_password_store.html](this tutorial)

Otheus Shelling's avatar
Otheus Shelling committed
60
61
62
63
64
65
66
67
68
69
70
71
72
### Step 2: Create a Dockerfile

```sh
$ cat > Dockerfile <<EOF
FROM alpine:3.7
ENTRYPOINT ["echo","Hello world"]
EOF
```

### Step 3: Create the image with docker:

Modify/Set  $PROJECT_NAMESPACE and $PROJECT_NAME  to that of your clone.

73
```
Otheus Shelling's avatar
Otheus Shelling committed
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
$ docker build -t docker.uibk.ac.at:443/$PROJECT_NAMESPACE/$PROJECT_NAME .
Sending build context to Docker daemon  13.31kB
Step 1/2 : FROM alpine:3.7
 ---> 6d1ef012b567
Step 2/2 : ENTRYPOINT ["echo","Hello world"]
 ---> Running in e70bd295c9c9
Removing intermediate container e70bd295c9c9
 ---> c35fc1654db0
Successfully built c35fc1654db0
Successfully tagged docker.uibk.ac.at:443/XXXXX/YYYYYYYYYY:latest
```

The image names will differ of course.

### Step 4: Push the project to the docker-registry @ uibk

90
```
Matthias Weiler's avatar
Matthias Weiler committed
91
$ docker push docker.uibk.ac.at:443/$PROJECT_NAMESPACE/$PROJECT_NAME || echo "Push failed"
Otheus Shelling's avatar
Otheus Shelling committed
92
93
94
95
96
```

You will see some output. You might see "Layer already exists", and that's usually safe to ignore.

Now you can run the pipeline, and it should simply work.
97
98
99
100
101
102
103
104

### Step 5: Logoff 

This step is important for security on a shared host. Logoff to remove the stored credentials.

```
$ docker logout docker.uibk.ac.at:443
```