[DOCKER] Build Java with Wercker

http://www.wercker.com/

Wercker is a cloud-based CI tool that is popular these days, and it is intuitive and easy to understand that CI can be run on the docker image, and I personally appreciate that it can also be linked with github's private repository for free. is.

I personally use it in several languages, but here I will write a series of steps to build a Java program on wercker.

Use Case

Here, the actual setting example is described based on the following use cases.

--Manage Java projects with Maven and implement CI.

• clean && package
• sonar:sonar --Register the CI-completed environment in docker image --This time Amazon ECR

Workflows

This time it is as follows.

1. build --The first pipeline to be executed when wercker is started. This time, we are displaying messages without any special processing.
2. maven --Perform various processing related to maven --Notify Slack on success / failure
3. docker (master only) --Push docker image to ECR

Pipeline: build It's the default pipeline, so I'm leaving it as it is and just sending a little message. Actually, if there is a file creation or copy required for the subsequent processing, it will be done here.

wercker.yml

box: busybox
build:
  steps:
    - script:
        name: echo
        code: |
          echo " ${WERCKER_GIT_REPOSITORY}"

Pipeline: maven Run maven. Maven is specified for box so that java and maven commands can be used.

wercker.yml

maven:
  box: maven:3.5.2-jdk-8-alpine
  steps:
    - java/maven:
        goals: clean package
        cache_repo: true
    - java/maven:
        goals: sonar:sonar
        maven_opts: -Dsonar.host.url=${SONAR_URL} -Dsonar.login=${SONAR_LOGIN_KEY}
        cache_repo: true
    - script:
        name: copy to output
        code: |
          cp target/sada4j-*.jar $WERCKER_OUTPUT_DIR/sada4j.jar
  after-steps:
    - slack-notifier:
        url: ${SLACK_WEBHOOK_URL_NOTIFY}
        channel: ${SLACK_ROOM_NOTIFY}
        notify_on: failed
        username: wercker maven notify

Here's a quick look at what you're doing.

Executing maven using java / maven step

Step for maven execution is defined in wercker in advance, and if you specify java / maven for step when maven is executed, maven execution environment will be built automatically.

Please refer to the following documents for details such as the options that can be specified. https://github.com/wercker/step-maven

Use of environment variables

You can use environment variables in worcker. http://devcenter.wercker.com/docs/environment-variables

The following three types of environment levels can be defined. The scope of the settings will be adjusted as needed.

• Organization Level
• Application Level
• Pipeline Level

The environment variables that wercker supports as standard are as follows. http://devcenter.wercker.com/docs/environment-variables/available-env-vars

Save execution results to $ WERCKER_OUTPUT_DIR

In wercker, the CI process is also done on the docker container, so files are usually not inherited between different Pipelines.

If you want the file to be available in subsequent Pipelines, you must put the file in the directory specified by $ {WERCKER_OUTPUT_DIR}. In the above example, the files to be included in the docker image are set in $ {WERCKER_OUTPUT_DIR} for the subsequent docker image generation process.

Slack notifications via after-steps

After-steps allows you to define the Steps that will always be performed whether or not the processing in the Pipeline works correctly. In the above example, slack-notifier step is used to notify Slack.

In the case of slack-notifier, if you write notify_on: failed, you can send a notification only when the process of step fails.

Pipeline: docker Push the docker image to Amazon ECR. Wercker allows you to push any docker image to the docker repository by using the step internal / docker-push.

Wercker's Official Documentation provides an example of the following docker repository:

• Docker Hub
• Quary.io
• Google Container Registry

Here is an example of how to push to ECR.

wercker.yml

docker:
  box: openjdk:8-jdk-alpine
  steps:
    - internal/docker-push:
        aws-access-key: ${AWS_ACCESS_KEY_ID}
        aws-secret-key: ${AWS_SECRET_ACCESS_KEY}
        aws-region: ${AWS_REGION}
        aws-registry-id: ${AWS_REGISTRY_ID}
        aws-strict-auth: false
        repository: sada4j
        tag: latest
        ports: 8080
        working-dir: ${WERCKER_SOURCE_DIR}
        entrypoint: java -jar sada4j.jar

General-purpose story

docker push by wercker cannot describe the definition of docker build using Dockerfile. A docker image is created with the following rules.

--The docker image specified as box becomes the base image --Files placed on the box are ADD or COPYed together --It may be better to think that the state on the box will be the docker image as it is --The following command specifications must be explicitly stated in wercker.yml

• CMD
• ENTRYPOINT
• EXPOSE
• ENV
• VOLUME
• AUTHOR

See below for details on the options you can specify. http://devcenter.wercker.com/docs/steps/internal-steps#docker-push

Since the specifications are as described above, it is necessary to consider the following in operation.

--Remove unnecessary files existing on the box --The quickest way is to define the packaging and docker push in separate Pipelines, as in this example, and pass only the minimum required files via $ {WERCKER_OUTPUT_DIR}. --Separation from Dockerfile / docker-compose.yml

• 「Can I Build Dockerfiles?」 「Currently, no.」 http://devcenter.wercker.com/docs/faq/can-i-build-dockerfiles ――So basically it is a double description. Is there a good solution ...

Amazon ECR specific story

If you want to push to ECR, set the following values.

• aws-access-key
• aws-secret-key
• aws-region
• aws-registry-id --The number account ID.
• repository (option)
• tag (option)

We don't want to write the credential information directly in wercker.yml, so we'll set it in a wercker environment variable.

Now you should be able to build Java and push to docker repository according to your use case.

Other Tips

wercker-cli

What I feel that wercker is overwhelmingly superior to other CI SaaS is the richness of tools that can be used to check the operation in the local environment.

Wercker is provided with a command line tool called wercker-cli, which allows you to reproduce and execute the behavior on the server even in the local environment.

$ wercker build --pipeline maven
--> No Docker host specified, checking: /var/run/docker.sock
--> Executing pipeline
--> Running step: setup environment
Pulling from library/openjdk: latest
Digest: sha256:9745ed74401b23fb845b4eb7ae07ecb7dc2d40bece6bdb089975a20f76766401
Status: Image is up to date for openjdk:latest
--> Copying source to container
--> Running step: wercker-init
--> Running step: maven
02:19:34:  Hello from the Maven Wercker Step
(snip.)

You can also do the same things you can do with the APIs described below, such as building instructions to the Wercker server. For details, refer to the following sites and command help. http://www.wercker.com/cli

Currently, only OSX and Linux versions are available.

API

The following APIs are provided. You can set the application and instruct the build. http://devcenter.wercker.com/docs/api/endpoints

Wercker Source IP

Due to CI / CD flow, wercker may need to be used in combination with certain in-house tools. In that case, it is possible to specify the Wercker Source IP address and allow connection only for a specific IP.

Wercker's Source IP address is published in the following format, so for reference. https://s3.amazonaws.com/status.wercker.com/worker_ips/production/public.json

Use docker image registered in ECR in box

Write as follows in the box specified part of wercker.yml.

  box:
    id: <docker image name>
    aws-access-key: ${AWS_ACCESS_KEY_ID}
    aws-secret-key: ${AWS_SECRET_ACCESS_KEY}
    aws-region: ${AWS_REGION}
    repository: <docker image name>
    aws-registry-id: ${AWS_REGISTRY_ID}