What is Docker?
Docker is a platform for developers and sysadmins to develop, deploy, and run applications using containers.
Docker is also referred to as an application packaging tool. This means that enabled applications can be configured and packaged into a Docker image that can be used to spawn Docker containers that run instances of the application. It provides many benefits including runtime environment isolation, consistency via code, and portability.
Docker containers can run on any operating system that supports the Docker Engine. Find out more in CircleCI and Docker: What you need to know
What are Docker containers?
Docker containers are designed to run applications in isolation and at scale. They allow for streamlining the management and implementation of applications.
Docker containers are objects that are based on, and spawned from, Docker images. Docker images are templates, like cookie cutters. Cookie cutters enable you to quickly and consistently produce individual cookies from the dough. Just like cookies are distinguished in shape by the type of cookie cutter, Docker images determine the specifications of the Docker containers that they create.
Building Docker images on CircleCI
Docker images contain instructions for building Docker containers and are therefore specific to the type of application that one wants to run in the container. Building Docker images on CircleCI is simplified because CircleCI supports Docker natively. This allows for building Docker in Docker and multi-stage Docker builds. CircleCI enables building Docker images within CI/CD pipelines using the
setup_remote_docker: key to enable building, running, and pushing images to Docker registries from within a Docker executor job.
CircleCI makes it easier to build custom Docker images with a Dockerfile wizard. Additionally, check out these tips for optimizing Docker builds to help you get started optimizing your Docker image development and build process. Not everyone will want to build custom images. Creating a custom Docker image to run your CI builds is not a trivial task. In situations where lots of packages need to be installed, source code needs to be compiled, or downloads occur over slow connections, this is the sweet spot where your own custom Docker image will shine.
Using Docker images
Docker enables the most powerful benefits of continuous integration and delivery: building and testing in isolation. Building CI/CD pipelines with Docker takes advantage of clean containers to eliminate any dependency issues that arise from local application development. This process requires Dockerizing your application.
Wrapping an application in Docker is a powerful way to enforce the correct dependencies and operating system. It also requires additional knowledge to properly configure and package the container images. There are several tools to help you Dockerize your application. For instance, you can Dockerize Java applications with Jib. Dockerizing an app using a Dockerfile is the most common way. Here are some diverse examples of Dockerizing apps with a Dockerfile:
- Package a Clojure application using Docker
- CI/CD for Node.js projects: using CircleCI, Kubernetes, and Docker with deployment to the Google Cloud Platform
- Continuous Drupal: Maintaining a Drupal website With Docker, Git & Composer
Publishing Docker images
There are many Docker registries: Docker Hub, AWS Elastic Container Registry, Azure Container Registry, Google Container Registry, and more. CircleCI has deployment orbs that assist in setting up deployment to these services. An orb is a reusable package of YAML configuration that condenses repeated pieces of config into a single line of code. For example, you can automatically deploy private Docker images to AWS ECR with the AWS ECR orb.
Security for Docker images
Using publicly available Docker images involves mitigating the types of risks associated with OSS software. Therefore, scanning images is vital for discovering vulnerabilities. Image scans can be performed with the help of orbs for simplifying the integration of scanning tools like Anchore, AquaSec, and Snyk. For examples, see Adding Container Security Scanning to Your CircleCI Pipeline with Anchore or Integrating container image scanning into CircleCI builds with the Twistlock orb or Security with Snyk in the CircleCI workflow.
Testing Docker containers
Testing Docker containers is a critical piece of any CI/CD pipeline. Most teams do pretty well with application-level testing, and there are plenty of frameworks (including JUnit and RSpec) to support it. But server-level testing–the validation of server configuration and services–is, too often, omitted. To learn how to execute tests against custom Docker images, see testing Docker Images with CircleCI and Goss.
Should I use Docker?
Yes, you should use Docker because it enables testing in isolation. Test-driven development is an essential part of CI/CD. Well-tested applications are more likely to ship without issue to users. For a completely automated CI/CD pipeline that deploys apps, developers need to trust that the test results reveal any issues that users may encounter. We test in isolation to remove the influence of our local development machine. The benefit of building and testing in isolation is that you can confidently ship code that passes all tests automatically to your users.
Docker and CircleCI
Docker on CircleCI is a first-class experience. CircleCI maintains a fleet of Docker images, called convenience images, for various programming languages and a few databases. These images are specifically designed to run well in a continuous integration (CI) environment. They exist to serve as a quick and convenient starting point for users. We also have powerful advanced features such as Docker layer caching to keep your Docker image builds as fast as possible.
Start using Docker on CircleCI today:
Together, Docker and workflows add power and customization to the build process. With workflows, your VCS provider (GitHub, for example) will get a list of statuses, one for each job. This way, it’s easier to tell at a glance where the failure happened, and you can navigate directly to the job that failed. Use workflows to keep your builds fast and efficient.
Building Docker images on CircleCI
To help you get the most out of building Docker images, CircleCI offers support for Docker layer caching. CircleCI will try to reuse any Docker images (layers) built during a previous job or workflow. Every unchanged layer that was built in a previous job will be accessible in the remote environment. However, there are cases where your job will run in a clean environment, even if the configuration specifies
docker_layer_caching: true. These cases involve running many parallel jobs for the same project that depend on the same environment.
For more information, check out Config best practices: Docker layer caching and the Docker layer caching documentation.