Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FlexDeploy can be configured to automatically build a and scan Docker image images as a part of the building processyour build workflow. In cases where you are running your container directly on a docker runtime you can automatically configure that here as well


Image ModifiedThis

configuration is to be done for each stream providing a groovy script for Docker Image name and specifying if the image should be automatically built and pushed at the end of the build request. If it is not specified to build the image automatically, the image can still be built by a workflow step invoking Optionally, a path to Dockerfile can be provided. If it is empty, a default Dockerfile in a project source checkout folder is expected. If the checkout folder is empty, then a Dockerfile is expected in the root of the FD_TEMP_DIR. A Dockerfile must be present to build an image. This behavior changed slightly in 5.0.3 beta. Previously, the location was expected to be in FD_TEMP_DIR/FD_PROJECT_NAME.

Image Settings/Build

Everything under the Image Settings section will be used during the build workflow of your Project. If Build Image is checked then FlexDeploy will automatically add the dockerBuildProjectImage operation of the FlexDeployDockerPlugin. Either way, the build  at the end of your workflow.

Info

If you wish to change the location of the dockerBuildProjectImage step in your workflow, you can manually add the step anywhere you wish and FlexDeploy will no longer automatically add it at the end.

At the end of the build, the workflow execution will store a reference to the built Docker Image which is available on the Artifacts tab of the workflow execution screen.

Image Modified

The build instance must be a Docker host to use this feature, and the dockerBuildProjectImage operation of the FlexDeployDockerPlugin must be associated to the build instance. See Creating and Editing Instances for more information on how to add a plugin operation to an Instance.

...

SettingInput TypeDescriptionExample
Image NameGroovy

A Groovy Script that evaluates to the local image tag that should be built. This should include the full registry prefix, user repository, image name and tag.

docker.io can be omitted as a registry prefix as that is the default.

"joelwenzel/natours:"+ProjectVersion

"comp.azureio.registry/ourcompany/app:"+ProjectVersion

Registry AccountSelection

Specify a Registry Account (created in Topology->Integrations→Containers) you would like to push your image to. 

Note that this is optional and can be set in Topology Overview Properties as well.

DockerIO
Build ImageBooleanShould FlexDeploy automatically add the buildProjectImage workflow step?true
Push ImageBooleanAfter building the image should it be pushed to the specified Registry?true
Tag LatestBooleanShould the image also be tagged with 'latest'?true

Image Scanning

FlexDeploy supports local image scanning out of the box with Anchore. The only requirement is docker being installed on your build server. The configuration here will always scan the locally built Docker image. If you want to analyze a remote image or publish results to an Anchore Engine application, you will need to modify your workflow with the appropriate Anchore Operations.

SettingInput TypeDescriptionExample
Scan ImageSelection
  • No Scan - No scan will take place
  • Before Push - The built image will be scanned prior to pushing it to a registry
  • After Push - The built image will be scanned after pushing it to a registry. Note that if Push Image is false, then it will be scanned regardless.
BEFORE_PUSH
Fail WhenGroovy

An optional Groovy script to determine if the scan should fail. See the Anchore Plugin for a list of variables and sample scripts.

If the script should evaluate to true (I.E. a failure) then the image building process will halt and the workflow execution will fail. 

STATUS == "fail"
Custom Policy BundlePlain Text

Anchore uses "policy bundles" to define analysis/scanning criteria. You can provide a custom bundle here defining your own scanning requirements. 

You can reference an absolute path on your docker build server or a relative location in your source control for the image.

anchore/customPolicy.json



Container Settings/Deploy