There are many good reasons why you would set up a private Docker registry in Artifactory to manage your Docker images. One of them is the ability to promote images, letting you easily move and copy images from one repository to another in your CI/CD pipeline while setting different access privileges. Another is Artifactory’s universal nature, supporting all major package formats and build tools to support the other technologies you use together with Docker. In this post, I’m going to focus on another unique feature of Artifactory; its ability to serve as a system of record for your Docker builds (as well as all your other builds, of course)
Through Artifactory’s integration with tools such as Maven, Gradle, Jenkins, TeamCity and Bamboo, as well as JFrog CLI, all of these tools collect exhaustive metadata about your builds including build artifacts and their dependencies, environment variables, system settings, build agent details and more. When your build is done, these tools upload it along with all of this extra information to Artifactory.
The whale meets the butler
The big news is that through the Jenkins Artifactory Plugin, your Jenkins job can now also collect exhaustive build information as it builds your Docker images and then uploads it together with your images to your Docker registry in Artifactory. Through this bill of materials stored in Artifactory, you now have fully reproducible Docker builds! The build information includes all the build artifacts (layers) that make up the Docker image, as well as its dependencies (all layers, files and resources used to create the image, including the image base layers).
No image in your Docker registry is complete without its metadata
But that’s not all; the exhaustive metadata gives you better control over Docker image lifecycle. You only need to build your images once, and then, by promoting them together with their metadata, you can safely deploy them to production with confidence since each image deployed will have the same digest value as it did as a release candidate entering the pipeline proving that it did not undergo any changes along the way.
Pushing your images, along with their build information, to your Docker registry in Artifactory is nothing more than a simple API call in your Jenkins Pipeline job.
The whole is greater than the sum of its parts
I think that most of us will agree that Docker is great technology; almost everyone is using it today. Exhaustive build information is also great, but of course, metadata doesn’t stand on its own without the build it describes. Put them together, and we’ve built promotion pipelines that take Docker to production safely with fully reproducible builds.
Ready to put all the parts of your Docker image, including its build information, into your Docker registry?