TeamCity On-Premises 2024.12 Help

Docker Support

The Docker Support build feature allows automatically signing in to a DockerHub or other container registry before the build start.

Add this feature to:

  • Allow TeamCity monitor and detect Docker/Podman operations (for instance, docker pull and podman run);

  • Automatically log in to an authenticated registry before the build and log out of it after the build.

  • Clean up local (for both Docker and Podman) and pushed to a registry (only for Docker) images;

  • Add the Container Info tab to the Build Results page. The tab provides information on operations related to the container manager used.

    Container Info tab

Logging in and out of repositories and cleaning up images require a configured connection to a Docker registry:

Docker Support build feature

Docker Images Clean-up

Clean-up of the Pushed Images

If you have a build configuration which publishes images, you need to remove them at some point. You can select the corresponding option and instruct TeamCity to remove the images published by a certain build when the build itself is cleaned up.

It works as follows: when an image is published, TeamCity stores the information about the registry of the images published by the build. When the server clean-up is run and it deletes the build, all the configured connections are searched for the address of this registry, and the images published by the build are cleaned up using the credentials specified in the found connection.

Cleaning-up images pushed via Podman is currently enabled only if images were pushed from Linux agents, and only if the --digestfile=<fileName> option was set. Note that the fileName should be a path relative to the checkout directory and should point to the final digest file location (this path should not be modified by further navigation commands).

Clean-up of Images on Build Agent

As part of Free disk space build feature, Docker Support cleans up images which were created by TeamCity builds on this build agent. The Docker Support assumes, that docker images are stored under

  • /var/lib/docker on Linux

  • %ProgramData% directory on Windows

  • $HOME directory on other systems

The location is important, as the Free disk space feature analyzes which disk volumes should be cleaned for the build. If your docker daemon uses a non-standard location for the images/containers, the location can be specified using teamcity.docker.data.path configuration parameter, preferably in buildAgent.properties file.

Docker Registry Automatic Login/Logout

If you need to log in to a registry requiring authentication before a build, select the corresponding option and a connection to Docker configured in the Project Settings. Automatic logout will be performed after the build finishes.

Amazon ECR

A connection to Amazon Elastic Container Registry (ECR) allows storing Docker/LXC images in private AWS registries. For this, such a connection needs to be selected when adding a Docker Support feature to a build configuration.

Connection settings:

Setting

Description

AWS region

Select an AWS region where the target resources are located.

Credentials type

  • Access key: select to use preconfigured AWS account access keys. You can find them in the Identity and Access Management section of your AWS console.

  • Temporary credentials: get temporary access keys via AWS STS. Such credentials are short-term and do not belong to a specific user.

IAM role ARN

(only for Temporary credentials)

Specify a role to be used for generating temporary credentials. You need to create this role in advance in your AWS console and assign it to all the necessary permissions.

External ID

(only for Temporary credentials)

Specify an external ID. We strongly recommend that you always define it when using temporary credentials. This ensures that only TeamCity will be able to use the specified IAM role.

Default credential provider chain

Enable this option to automatically find access keys according to the default chain.

Access key ID

Specify the access key ID.

See how to get it here.

Secret access key

Specify the secret access key.

See how to get it here.

Registry ID

Enter an ID of your registry or AWS account.

Kotlin DSL

The following Kotlin DSL snippet illustrates how to add a Docker Support build feature to your build configuration.

import jetbrains.buildServer.configs.kotlin.* import jetbrains.buildServer.configs.kotlin.buildFeatures.dockerSupport object MyBuildConfig : BuildType({ name = "Deploy Web (Windows)" features { dockerSupport { cleanupPushedImages = true loginToRegistry = on { dockerRegistryId = "PROJECT_EXT_5" } } } })
Last modified: 18 September 2024