Docker Hub builds

Question

Docker Hub builds

zacanger opened this issue 5 years ago · comments

zacanger commented 5 years ago

Is this a feature request or a bug?

Feature request

Expected behavior:

Commits to master and git tags build and push images to Docker Hub (see also this script).

Actual behavior:

I've been doing it manually from my machine.

Details

Images could be built and pushed in Circle, but that could lead to credentials leaking. I wonder if automated builds would be better? That would probably require a service account or one of the maintainers or moderators setting it up.

Veera Pirla · Answer 1 · Sun Jun 30 2019 21:20:07 GMT+0800 (China Standard Time)

Hey, I am curious to understand, how publishing images from Circle CI could lead to credentials leaking.

zacanger · Answer 2 · Mon Jul 01 2019 00:15:42 GMT+0800 (China Standard Time)

Docker Cloud credentials would have to be made available as environment variables to the build. If someone were to get in some malicious code, they could steal those credentials and have access to hub.docker.com/u/entropicdev.

Veera Pirla · Answer 3 · Mon Jul 01 2019 01:56:14 GMT+0800 (China Standard Time)

My understanding is that CI tools make secure env variables available for an only master/development branch. In that case, the malicious code should be merged to master, That won't happen very easily because there will be multiple reviews for each PR.