|
| 1 | +# Docker Hub Setup for CircleCI |
| 2 | + |
| 3 | +Note: Max Neunhöffer has done the following to setup image pushing |
| 4 | + using the `neunhoef` account to produce an access token. |
| 5 | + |
| 6 | +## Overview |
| 7 | + |
| 8 | +The `rebuild-base-images-manual` workflow in CircleCI requires Docker Hub credentials to push images to the `arangodb` organization. |
| 9 | + |
| 10 | +## Setting Up Docker Hub Credentials |
| 11 | + |
| 12 | +### Step 1: Create a Docker Hub Access Token |
| 13 | + |
| 14 | +1. Go to [Docker Hub](https://hub.docker.com/) and log in with your account |
| 15 | +2. Click on your username in the top right corner and select **Account Settings** |
| 16 | +3. Navigate to **Security** in the left sidebar |
| 17 | +4. Click on **New Access Token** |
| 18 | +5. Give your token a description (e.g., "CircleCI ArangoDB Base Images") |
| 19 | +6. Set the access permissions: |
| 20 | + - **Access permissions**: Read, Write, Delete (needed to push images) |
| 21 | + - **Scope**: Select the `arangodb` organization if you have access |
| 22 | +7. Click **Generate** |
| 23 | +8. **Important**: Copy the token immediately - you won't be able to see it again! |
| 24 | + |
| 25 | +### Step 2: Create a Context in CircleCI |
| 26 | + |
| 27 | +1. Go to your CircleCI project: https://app.circleci.com/ |
| 28 | +2. Click on **Organization Settings** in the left sidebar |
| 29 | +3. Click on **Contexts** |
| 30 | +4. Click **Create Context** |
| 31 | +5. Name it exactly: `dockerhub-credentials` (this matches the context referenced in the workflow) |
| 32 | +6. Click **Create Context** |
| 33 | + |
| 34 | +### Step 3: Add Environment Variables to the Context |
| 35 | + |
| 36 | +1. Click on the `dockerhub-credentials` context you just created |
| 37 | +2. Click **Add Environment Variable** |
| 38 | +3. Add the first variable: |
| 39 | + - **Name**: `DOCKERHUB_USERNAME` |
| 40 | + - **Value**: Your Docker Hub username (must have push access to the `arangodb` organization) |
| 41 | + - Click **Add Environment Variable** |
| 42 | +4. Add the second variable: |
| 43 | + - **Name**: `DOCKERHUB_PASSWORD` |
| 44 | + - **Value**: The access token you created in Step 1 (paste the token here) |
| 45 | + - Click **Add Environment Variable** |
| 46 | + |
| 47 | +### Step 4: Verify Permissions |
| 48 | + |
| 49 | +Ensure that your Docker Hub account has the necessary permissions: |
| 50 | +- You must be a member of the `arangodb` organization on Docker Hub |
| 51 | +- Your role must have **push/write** permissions to publish images |
| 52 | + |
| 53 | +Contact the organization administrator if you need to be added or granted the appropriate permissions. |
| 54 | + |
| 55 | +## Triggering the Base Images Rebuild |
| 56 | + |
| 57 | +### Method 1: Using the CircleCI API |
| 58 | + |
| 59 | +You can trigger the workflow using the CircleCI API with curl: |
| 60 | + |
| 61 | +```bash |
| 62 | +curl -X POST \ |
| 63 | + --header "Content-Type: application/json" \ |
| 64 | + --header "Circle-Token: YOUR_CIRCLECI_API_TOKEN" \ |
| 65 | + --data '{ |
| 66 | + "parameters": { |
| 67 | + "rebuild_base_images": true |
| 68 | + } |
| 69 | + }' \ |
| 70 | + https://circleci.com/api/v2/project/gh/YOUR_ORG/servicemaker/pipeline |
| 71 | +``` |
| 72 | + |
| 73 | +Replace: |
| 74 | +- `YOUR_CIRCLECI_API_TOKEN`: Your personal CircleCI API token (create one in CircleCI User Settings > Personal API Tokens) |
| 75 | +- `YOUR_ORG`: Your GitHub organization or username |
| 76 | + |
| 77 | +### Method 2: Using the CircleCI Web UI |
| 78 | + |
| 79 | +1. Go to your project in CircleCI |
| 80 | +2. Click on **Trigger Pipeline** (top right) |
| 81 | +3. Add a parameter: |
| 82 | + - **Parameter Type**: `boolean` |
| 83 | + - **Name**: `rebuild_base_images` |
| 84 | + - **Value**: `true` |
| 85 | +4. Click **Trigger Pipeline** |
| 86 | + |
| 87 | +### Method 3: Using CircleCI CLI |
| 88 | + |
| 89 | +Install the CircleCI CLI and run: |
| 90 | + |
| 91 | +```bash |
| 92 | +circleci trigger pipeline \ |
| 93 | + --param rebuild_base_images=true \ |
| 94 | + --org YOUR_ORG \ |
| 95 | + --repo servicemaker |
| 96 | +``` |
| 97 | + |
| 98 | +## What the Workflow Does |
| 99 | + |
| 100 | +When triggered with `rebuild_base_images=true`, the workflow will: |
| 101 | + |
| 102 | +1. Checkout the code |
| 103 | +2. Set up Docker with layer caching |
| 104 | +3. Log in to Docker Hub using the credentials from the context |
| 105 | +4. Run `make build` in the `baseimages` directory to build all base images |
| 106 | +5. Run `make push` in the `baseimages` directory to push all images to `arangodb` organization |
| 107 | + |
| 108 | +The workflow has a 60-minute timeout for the build step to accommodate large image builds. |
| 109 | + |
| 110 | +## Troubleshooting |
| 111 | + |
| 112 | +### "denied: requested access to the resource is denied" |
| 113 | + |
| 114 | +This means your Docker Hub account doesn't have push access to the `arangodb` organization. Contact the organization administrator. |
| 115 | + |
| 116 | +### "Error saving credentials: error storing credentials" |
| 117 | + |
| 118 | +This is usually a transient Docker login issue. Re-run the workflow. |
| 119 | + |
| 120 | +### "DOCKERHUB_USERNAME or DOCKERHUB_PASSWORD not set" |
| 121 | + |
| 122 | +Make sure: |
| 123 | +1. The context name is exactly `dockerhub-credentials` |
| 124 | +2. The environment variables are named exactly `DOCKERHUB_USERNAME` and `DOCKERHUB_PASSWORD` |
| 125 | +3. Your CircleCI project has access to the context (check Context > Settings > Security) |
| 126 | + |
| 127 | +## Security Notes |
| 128 | + |
| 129 | +- **Never commit Docker Hub credentials to the repository** |
| 130 | +- Access tokens are more secure than passwords and can be revoked individually |
| 131 | +- Use tokens with the minimum required permissions |
| 132 | +- Regularly rotate access tokens (every 6-12 months) |
| 133 | +- Monitor the audit logs in Docker Hub for suspicious activity |
| 134 | + |
0 commit comments