1: History and Motivation
Examine the evolution of virtualization technologies from bare metal, virtual machines, and containers and the tradeoffs between them.
2: Technology Overview
Explores the three core Linux features that enable containers to function (cgroups, namespaces, and union filesystems), as well as the architecture of the Docker components.
3: Installation and Set Up
Install and configure Docker Desktop
4: Using 3rd Party Container Images
Use publicly available container images in your developer workflows and learn how about container data persistence.
5: Example Web Application
Building out a realistic microservice application to containerize.
6: Building Container Images
Write and optimize Dockerfiles and build container images for the components of the example web app.
7: Container Registries
Use container registries such as Dockerhub to share and distribute container images.
8: Running Containers
Use Docker and Docker Compose to run the containerized application from Module 5.
9: Container Security
Learn best practices for container image and container runtime security.
10: Interacting with Docker Objects
Explore how to use Docker to interact with containers, container images, volumes, and networks.
11: Development Workflow
Add tooling and configuration to enable improved developer experience when working with containers.
•Developer Experience Wishlist
12: Deploying Containers
Deploy containerized applications to production using a variety of approaches.
Continuous Integration
Continuous integration is the idea of executing some actions (for example build, test, etc...) automatically as you push code to your version control system.
For containers, there are a number of things we may want to do:
- Build the container images
- Execute tests
- Scan container images for vulnerabilities
- Tag images with useful metadata
- Push to a container registry
GitHub Actions
GitHub Actions is a continuous integration pipeline system built into GitHub.
You add configuration files to .github/workflows within the repo and GitHub will automatically execute them based on the conditions you set!
GitHub actions has a public marketplace where people can publish open source actions that help make the process of writing your pipelines easier and faster. We will use a number of these actions as we build out a workflow for our repo.
Note: The workflow file shown in the course can be found at https://github.com/sidpalas/devops-directive-docker-course/blob/main/11-development-workflow/docker-compose-dev.yml
Execution conditions
Common events used to trigger workflows include:
- Push events to one or more branches (e.g. with each update to the
mainbranch) - Creation of tags (e.g. tag that matches
v*pattern indicating a release) - Pull request creation/modification (usually to execute tests)
In this case we want to run our workflow on push events to the github-action branch and on any v* tags. To specify this we use the following yaml:
on:
push:
branches:
- "github-action"
tags:
- "v*"
Build, Tag, and Push
We can then specify one or more jobs. To keep things simple for the course I included a single job that will build one of our container images, tag it, push it to Dockerhub, and scan it for vulnerabilities.
The job is given a name and a specific machine type to run on.
jobs:
build-tag-push:
runs-on: ubuntu-latest
steps:
- ...
We then proceed through the following steps:
- Check out the code:
A standard action which checks out the code from the repo at the relevant commit.
- name: Checkout
uses: actions/checkout@v3
- Generate image tags:
Uses an action from Docker to generate useful tags based on information about the triggering event, the commit sha, and the current timestamp.
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
sidpalas/devops-directive-docker-course-api-node
tags: |
type=raw,value=latest
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value={{date 'YYYYMMDD'}}-{{sha}}
- Login to DockerHub
Uses an action from Docker + secrets stored in the repo to authenticate to Dockerhub.
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- Build and push image
Use an action from Docker along with the output of the tag generation step to build and push the container image.
- name: Build and push
uses: docker/build-push-action@v4
with:
file: ./06-building-container-images/api-node/Dockerfile.8
context: ./05-example-web-application/api-node/
push: true
tags: ${{ steps.meta.outputs.tags }}
- Scan image for vulnerabilities
Use an action from Trivy to run their security scanner against the built image and fail if any CRITICAL level vulnerabilities are found.
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "sidpalas/devops-directive-docker-course-api-node:latest"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL"
Additional Resources
For more examples and advanced use cases of GitHub Actions and Docker CI/CD, check out Brett Fisher's Docker CI/CD Automation repository.
You can also watch his talk on the subject for a full walkthrough: https://www.youtube.com/watch?v=aZzV6X7XhyI.