Container Registry provides the cloud-native application delivery chain feature. This feature allows you to freely combine tasks such as image building, image security scanning, image synchronization, and image distribution in a single delivery chain. The cloud-native delivery chain can be fully observable, traceable, and secured. This topic describes how to create a delivery chain so that you can build, scan, synchronize, and distribute images around the world only by submitting source code changes.

Step 1: Create a delivery chain and configure basic information

  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the required Container Registry Enterprise Edition instance.
  5. On the management page of the Container Registry Enterprise Edition instance, choose Delivery Chain > Chain in the left-side navigation pane.
  6. In the upper-left corner of the Chain page, click Create Delivery Chain.
  7. On the Create Delivery chain page, set the following parameters:
    • Name: the name of the delivery chain.
    • Description: optional. The description of the delivery chain.
    • Scope: Select a namespace and an image repository in the namespace.

Step 2: Configure image building rules

  1. In the Chain section, click Image Building. Then, click Add Build Rule.
  2. In the Build Information step, set the following parameters and click Next.
    Parameter Description
    Type Specify the type of the source code repository. Valid values: Branch and Tag.
    Branch/Tag Select or enter a branch or a tag. Regular expressions are supported. If you specify the release-(?<imageTag>\w*)regular expression, the system automatically builds an image of V1 when the source code under the release-v1 branch is updated. The image cannot be built immediately. For more information about how to use regular expressions, see Use regular expressions in named capturing groups.
    Note After you specify regular expressions, images can be built only by the system. You cannot manually build images.
    Dockerfile Directory The directory where the Dockerfile resides. You must specify a relative directory. The parent directory is the root directory of the code branch.
    Dockerfile Filename The name of the Dockerfile. The default name is Dockerfile.
  3. In the Tag step, set the parameters, click Save, and then click Next.
    Note Click Add Configuration to add an image tag. You can specify up to three image tags.
    Parameter Description
    Image Tag The tag of the image, for example, latest. You can enable named capturing groups. For example, you can use the captured content if you specify a named capturing group for Branch/Tag.
    Build Time The time when source code is pushed. The time is in UTC+8 format, for example, 20201015 or 202010151613.
    Note This parameter is optional. If you set this parameter, images can be built only by the system. You cannot manually build images.
    Commit ID The number of characters to be obtained from the commit ID of the most recently pushed code. By default, the first six characters are used. You can adjust the slider to change the number of characters.
    Note This parameter is optional. If you set this parameter, images can be built only by the system. You cannot manually build images.
  4. In the Build Information step, set the following parameters and click Next.
    Parameter Description
    Type Specify the type of the source code repository. Valid values: Branch and Tag.
    Branch/Tag Select or enter a branch or a tag. Regular expressions are supported. If you specify the release-(?<imageTag>\w*)regular expression, the system automatically builds an image of V1 when the source code under the release-v1 branch is updated. The image cannot be built immediately. For more information about how to use regular expressions, see Use regular expressions in named capturing groups.
    Note After you specify regular expressions, images can be built only by the system. You cannot manually build images.
    Dockerfile Directory The directory where the Dockerfile resides. You must specify a relative directory. The parent directory is the root directory of the code branch.
    Dockerfile Filename The name of the Dockerfile.
  5. In the Build Configurations step, set the following parameters and click Confirm.
    Parameter Description
    Build Architecture The architecture for which you want to build images. You can select multiple architectures. If you select multiple architectures, multiple container images for the architectures are built for each image tag.
    Build Parameters The runtime parameters of the image build. Each build parameter is a key-value pair that is case-sensitive. You can set a maximum of 20 build parameters.

Step 3: Configure the blocking rule for image security scanning

Image security scanning ensures security when images are synchronized and distributed.

  1. In the Chain section, click Security Scan.
  2. In the Node configuration section, configure the blocking rule.
    • Blocking: You must set the Vulnerability Severity and Number of vulnerabilities parameters to define the blocking rule.

      If an image meets the conditions that are defined in the blocking rule, the system stops performing follow-up steps for the image.

    • Non-blocking: The system proceeds with follow-up steps for all images.

Step 4: Configure image synchronization rules

After you configure image synchronization rules, updated images are automatically synchronized between Container Registry Enterprise Edition instances based on the rules.

  1. In the Chain section, click Trigger Synchronization. Then, click Create Rule.
  2. In the Create Rule dialog box, enter a rule name, specify the destination Container Registry Enterprise Edition instance, and then click Next.
    Note If access over the Internet is disabled, images can be automatically synchronized between regions.
  3. In the Replication Information step, configure the synchronization information of the source instance. Then, click Create Rule.
    Parameter Description
    Replication Level Select the synchronization level. Valid values: Namespaces and Repository.
    Source Address Specify a namespace and a repository. Enter a regular expression to filter image tags in the repositories of the namespace or in the specified repository. By default, all image tags are synchronized. You can specify the source repository only when you set the Replication Level parameter to Repository.

Step 5: Configure distribution triggers

You can configure distribution triggers to automatically distribute images so that applications can be automatically redeployed.

  1. In the Chain section, click Distribution Trigger. Then, click Create.
  2. In the Create Trigger dialog box, set the parameters and click Confirm.
    Parameter Description
    Name The name of the trigger.
    Trigger URL The URL to which the trigger sends notifications. You can obtain the URL from the configurations of your Container Service for Kubernetes (ACK) cluster.
    Trigger The trigger method. Valid values:
    • All: Each time an image is updated, image distribution is triggered.
    • By RegExp: A regular expression is used to filter image tags. Image distribution is triggered only when an image tag matches the regular expression.
    • By Tags: Tags are used to filter images. Image distribution is triggered only when an image tag is in the specified tag list.
  3. On the Create Delivery Chain page, click Create.

Result

On the Chain page, you can view the created delivery chain.

After source code is updated in the code repository, you can log on to the Container Registry Enterprise Edition instance and go to the Record page. On this page, you can view the status and result of each step in the delivery chain. Finally, you can verify that the images are updated in your ACK cluster.