Docker Support
The Docker Support build feature allows automatically signing in to a DockerHub or other container registry before the build start.
Add this feature to:
Allow TeamCity monitor and detect Docker/Podman operations (for instance,
docker pull
andpodman run
);Automatically log in to an authenticated registry before the build and log out of it after the build.
Clean up local (for both Docker and Podman) and pushed to a registry (only for Docker) images;
Add the Container Info tab to the Build Results page. The tab provides information on operations related to the container manager used.
Logging in and out of repositories and cleaning up images require a configured connection to a Docker registry:
Docker Images Clean-up
Clean-up of the Pushed Images
If you have a build configuration which publishes images, you need to remove them at some point. You can select the corresponding option and instruct TeamCity to remove the images published by a certain build when the build itself is cleaned up.
It works as follows: when an image is published, TeamCity stores the information about the registry of the images published by the build. When the server clean-up is run and it deletes the build, all the configured connections are searched for the address of this registry, and the images published by the build are cleaned up using the credentials specified in the found connection.
Cleaning-up images pushed via Podman is currently enabled only if images were pushed from Linux agents, and only if the --digestfile=<fileName>
option was set. Note that the fileName
should be a path relative to the checkout directory and should point to the final digest file location (this path should not be modified by further navigation commands).
Clean-up of Images on Build Agent
As part of Free disk space build feature, Docker Support cleans up images which were created by TeamCity builds on this build agent. The Docker Support assumes, that docker images are stored under
/var/lib/docker
on Linux%ProgramData%
directory on Windows$HOME
directory on other systems
The location is important, as the Free disk space feature analyzes which disk volumes should be cleaned for the build. If your docker daemon uses a non-standard location for the images/containers, the location can be specified using teamcity.docker.data.path
configuration parameter, preferably in buildAgent.properties
file.
Docker Registry Automatic Login/Logout
If you need to log in to a registry requiring authentication before a build, select the corresponding option and a connection to Docker configured in the Project Settings. Automatic logout will be performed after the build finishes.
Amazon ECR
A connection to Amazon Elastic Container Registry (ECR) allows storing Docker/LXC images in private AWS registries. For this, such a connection needs to be selected when adding a Docker Support feature to a build configuration.
Connection settings:
Setting | Description |
---|---|
AWS region | Select an AWS region where the target resources are located. |
Credentials type |
|
IAM role ARN (only for Temporary credentials) | Specify a role to be used for generating temporary credentials. You need to create this role in advance in your AWS console and assign it to all the necessary permissions. |
External ID (only for Temporary credentials) | Specify an external ID. We strongly recommend that you always define it when using temporary credentials. This ensures that only TeamCity will be able to use the specified IAM role. |
Default credential provider chain | Enable this option to automatically find access keys according to the default chain. |
Access key ID | Specify the access key ID. See how to get it here. |
Secret access key | Specify the secret access key. See how to get it here. |
Registry ID | Enter an ID of your registry or AWS account. |
Kotlin DSL
The following Kotlin DSL snippet illustrates how to add a Docker Support build feature to your build configuration.