dockergitlabcontainer-registry

Need help understanding gitlab docker script

I've been trying to wrap my head around some old CI/CD scripts my company has written previously, to deploy some applications. The gitlab pipeline has several stages, as is seen in the beginning of the .gitlab-ci.yml file:

image: docker:stable

variables:
  DOCKER_DRIVER: overlay2
  CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_API: $CI_REGISTRY_IMAGE/career_api:latest
  CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_APP: $CI_REGISTRY_IMAGE/career_app:latest
  CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP: $CI_REGISTRY_IMAGE/career_dev_app:latest
  CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_API: $CI_REGISTRY_IMAGE/career_dev_api:latest

  # from https://storage.googleapis.com/kubernetes-release/release/stable.txt
  K8S_STABLE_VERSION_URL: https://storage.googleapis.com/kubernetes-release/release/v1.18.4/bin/linux/amd64/kubectl

stages:
  - prebuild
  - test
  - transform
  - build
  - deploy

Then, later on, the file specifies all these stages for a DEV and a MASTER branch. Specifically, I have trouble understanding the script in the prebuild stage of the dev branch:

prebuild_dev:
  stage: prebuild
  extends: .prebuildreq
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker pull $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP || true
    - docker build -f Dockerfile --pull -t $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP --cache-from $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP .
    - docker push $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP
  only:
    refs:
      - dev
  tags:
    - testcicd

How I see it now is that the gitlab runner is ran as docker container? (Signified by the image:docker and DOCKER_DRIVER:overlay2 in the beginning of the file). Then, in the prebuild stage it does 4 steps:

  1. login to the container registry with predefined vars $CI_REGISTRY_USER, $CI_REGISTRY_PASSWORD, and $CI_REGISTRY.
  2. Pull CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP from this registry. First question: What does || true do here?
  3. Build a dockerfile but also pull $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP? Second question: What is happening in this line?
  4. push image (The pulled one or the built one?) back to container registry

Some help to understand this would be greatly appreciated.

Solution
    • docker pull $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP || true

    i assume not 100% sure, not to fail command if docker pull image doesn't exist.

    Question : 1

    docker build -f Dockerfile --pull -t $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP --cache-from $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP .

    Docker build --pull fetch the specified image digest always for the base image. Instead of using the local version.

    Consider it like your base image available at your Build Jenkin machine but it won't use and pull again.

    note : --pull --no-cache are flags, you wont be passing any values with it.

    Like we do with docker -t or docker -p

    Question : 2

    docker build -f Dockerfile --pull -t $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP --cache-from $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP .

    $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP is not pulling image, after -t it's tagging the image with name.

    Question : 3

    push image (The pulled one or the built one?) back to container registry

    Build one since you have tag image with $CONTAINER_RELEASE_IMAGE_CAREER_GROWTH_DEV_APP