CentOS Community Container Pipeline (CCCP) is an open-source platform to containerize applications based on CentOS.
CCCP: Builds the application (from a git repository) → Packages with the appropriate runtime → Scans the image → Pushes image to a public registry
I have a certain stack I develop with (be it Django, Golang, NodeJS, Redis, RabbitMQ, etc.) using my CentOS as a base platform.
How do I package that application into a container that's updated automatically every time I push changes? What about security and updates, how do I automate that each time I push any changes?
That's where CCCP comes in.
- Scan the image for updates, fixes, capabilities and push it to a public registry (by default, http://registry.centos.org)
- Automatically rebuild when a change is detected within the repository. Such
as an update in base image (
FROMin Dockerfile) or a
git pushto the project's git repository
- Notifications / alerts regarding build status and scan results (by e-mail)
How do I host my application?
Similar to projects such as Homebrew it's as easy as opening up a pull request.
A developer wishing to host their container image will open up a pull request to the CentOS Container Index.
Once the pull request is merged, CCCP:
- Links the Dockerfile
- Builds the image
- Scans / analyzes it
- Pushes to registry.centos.org
- Notifies the developer (email)
Once a project is in the CentOS Container Index, the CentOS Container Pipeline Service service automatically tracks the project's Git repo and branch and rebuilds it every time there is a future change.
How everything works
Project onboard / the main "index"
First off, the pipeline points to an index. For the CentOS community and in our example, this refers to the: CentOS Container Index.
Jenkins and OpenShift tracking
Jenkins is utilized in order to track each application's Git repository as well as branch for any changes. This triggers a new build on OpenShift when a change is pushed.
Changes to the application's repository, update to the base image or any RPMs that are part of the image will trigger a new build
Building the image
The container image is built by OpenShift.
Scan and analyze the image
Scanning happens by running scripts in the container image to check for:
- updates for packages installed via
- capabilities of the container created from resulting container image by
RUNlabel in the Dockerfile
- verify the installed RPMs
Push to the public registry (https://registry.centos.org)
Finally, the image is pushed to https://registry.centos.org
An email is sent out the developer mentioning the status of the build and scan process as well as a link to read the detailed logs.
Deploy your own pipeline
The service recently underwent an architecture change and is now completely deployed on top of OpenShift. We have documented the steps in docs directory. We recommend you to follow the docs and open up issues if something doesn't work out.
Contribute to the CentOS Community Container Pipeline Service
We're always looking for ideas and improvements for the service! If you're interested in contributing to this repository, follow these simple steps:
- open an issue on GitHub describing the feature/bug
- fork the repository
- work on your branch for the fix of the issue
- raise a pull request
Before a PR is merged, it must:
- pass the CI done on CentOS CI
- be code reviewed by the maintainers
- have maintainers' LGTM (Looks Good To Me)
Chat (Mattermost): Our prefered method to reach the main developers is through Mattermost at chat.openshift.io.
IRC: If you prefer IRC, we can reached at #centos-devel on Freenode.
Email: You could always e-mail us as well at email@example.com