docker / docker-credential-helpers

CI/CD Workflow

This section outlines the steps involved in setting up a Continuous Integration and Continuous Deployment (CI/CD) workflow for the docker/docker-credential-helpers project.

Step-by-Step Guide

  1. Environment Setup

    Ensure that the required tools are installed in your CI/CD environment. Commonly needed tools include Docker, Go, and Make. Ensure your pipeline can support Docker multi-platform builds since the project targets multiple operating systems.

  2. Clone the Repository

    Use the following command to clone the docker/docker-credential-helpers repository into your CI/CD environment:

    git clone https://github.com/docker/docker-credential-helpers.git
cd docker-credential-helpers

  3. Dockerfile Configuration

    A Dockerfile is provided that defines multiple stages in building the credentials helpers for different OS platforms. The build stages include testing and building for Linux, Darwin (macOS), and Windows.

    An example of a build stage for Linux is shown below:

    FROM base AS build-linux
ARG PACKAGE
RUN --mount=type=bind,target=. \
    --mount=type=cache,target=/root/.cache \
    --mount=type=cache,target=/go/pkg/mod \
    --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
    --mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
  set -ex
  xx-go --wrap
  make build-pass build-secretservice PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
  xx-verify /out/docker-credential-pass
  xx-verify /out/docker-credential-secretservice
EOT

    The above sample builds the docker-credential-pass and docker-credential-secretservice executables.

  4. Testing Stage

    The testing stage ensures that the resulting binaries behave as expected after build.

    An example test stage is as follows:

    FROM base AS test
ARG DEBIAN_FRONTEND
RUN xx-apt-get install -y dbus-x11 gnome-keyring gpg-agent gpgconf libsecret-1-dev pass
RUN --mount=type=bind,target=. \
    --mount=type=cache,target=/root/.cache \
    --mount=type=cache,target=/go/pkg/mod <<EOT
  set -e
  cp -r .github/workflows/fixtures /root/.gnupg
  gpg-connect-agent "RELOADAGENT" /bye
  gpg --import --batch --yes /root/.gnupg/7D851EB72D73BDA0.key
  gpg --update-trustdb
  ...
  make test COVERAGEDIR=/out
EOT

  5. Building and Releasing

    The release stages create final binaries to be distributed. Using the releaser stage, the built binaries can be tagged with their version.

    FROM --platform=$BUILDPLATFORM alpine AS releaser
WORKDIR /work
RUN --mount=from=binaries \
    --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version <<EOT
  set -e
  mkdir /out
  version="$(cat /tmp/.version)"
  [ "$TARGETOS" = "windows" ] && ext=".exe"
  for f in *; do
    cp "$f" "/out/${f%.*}-${version}.${TARGETOS}-${TARGETARCH}${TARGETVARIANT}${ext}"
  done
EOT

  6. Continuous Integration

    Integrate your workflow with a CI tool such as GitHub Actions, Travis CI, or Jenkins. Here is an example GitHub Actions workflow file (.github/workflows/ci.yml):

    name: CI

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  build:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        
      - name: Build and test
        run: |
          docker build --pull --rm -t docker-credential-helpers .
          docker run --rm docker-credential-helpers make test

  7. Continuous Deployment (Optional)

    If desired, automate the deployment of released binaries to a repository or package registry. Depending on the target environment, deployment steps may involve pushing Docker images to a registry, or publishing binaries to GitHub Releases.

Conclusion

These steps outline the workflow for integrating the docker/docker-credential-helpers into a CI/CD pipeline. For further enhancement, continuous deployment steps can be added to automate releases when new versions are tagged.

It is important to make sure that all builds are consistent and can handle different environments effectively through the use of multi-stage builds and careful dependency management.

No CI/CD is currently set up in the project repository. Next steps involve creating a CI/CD configuration file based on the examples provided and setting up integration with a CI/CD workflow of choice, such as GitHub Actions.

Sources:

  • Dockerfile
  • Makefile