Name: docker-buildkite-agent
Owner: Buildkite
Description: Previous home of buildkite/agent docker image scripts
Created: 2015-02-25 07:01:59.0
Updated: 2018-05-09 21:41:12.0
Pushed: 2018-04-27 05:33:13.0
Size: 200
Language: null
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Originally this repository contained the source for the docker images for Buildkite Agent, but they are now built as part of that project. See https://github.com/buildkite/agent/tree/master/packaging/docker/linux.
er pull buildkite/agent:3.0
er run buildkite/agent:3.0 --help
The default tag (i.e. buildkite/agent and buildkite/agent:latest) will always point to the latest stable release (currently 3.x).
We recommend you use buildkite/agent:3 for new setups.
If you want to use an exact version of Buildkite Agent you can use the corresponding tag, such as buildkite/agent:3.0.1.
You can see all the available versions on https://hub.docker.com/r/buildkite/agent/tags/.
Most agent configuration settings can be set with environment variables. Setting sensitive data, (such as the agent token) via environment variables or command line arguments is not recommended as they are exposed in commands such as docker inspect.
In addition to environment variables, you can copy or mount a configuration file to /etc/buildkite-agent/buildkite-agent.cfg, for example:
er run -it \
"$HOME/buildkite-agent.cfg:/etc/buildkite-agent/buildkite-agent.cfg:ro" \
ildkite/agent:3
You can add custom agent hooks by mounting or copying them into the /buildkite/hooks directory (and ensuring they are executable).
For example, this is how you'd mount the hooks directory using a read-only host volume:
er run -it \
"$HOME/buildkite-hooks:/buildkite/hooks:ro" \
ildkite/agent:3
Alternatively, if you create your own image based off buildkite/agent, you can copy your hooks into the correct location:
buildkite/agent
hooks /buildkite/hooks/
There are many approaches to exposing secrets to Docker containers. In addition, many Docker platforms have their own methods for exposing secrets. If you?re running your own Docker containers, we recommend using a read-only host volume.
The following example mounts a directory containing secrets on the host machine ($HOME/buildkite-secrets) into the container as a read-only data volume at /buildkite-secrets:
er run -it \
"$HOME/buildkite-secrets:/buildkite-secrets:ro" \
ildkite/agent:3
You can then use an environment agent hook to expose those secrets via environment variables, or to configure tools such as git or ssh.
To configure a git-credentials file located at /buildkite-secrets/git-credentials, you could use the following environment agent hook mounted to /buildkite/hooks/environment:
in/bash
-euo pipefail
config --global credential.helper "store --file=/buildkite-secrets/git-credentials"
u can export other secrets here too
port FOO=bar
To configure a private SSH key located at /buildkite-secrets/id_rsa_buildkite_git you could use the following environment agent hook mounted to /buildkite/hooks/environment:
in/bash
-euo pipefail
"$(ssh-agent -s)"
add -k /buildkite-secrets/id_rsa_buildkite_git
u can export other secrets here too
port FOO=bar
Other options for configuring Git and SSH include:
ssh-agent on the host machine and mounting the ssh-agent socket into the containers. See the Buildkite Agent SSH keys documentation for examples on using ssh-agent.To invoke Docker from within builds you'll need to mount the Docker socket into the container:
er run -it \
/var/run/docker.sock:/var/run/docker.sock \
ildkite/agent:3
Note that this gives builds the same access to the host system as docker has, which is generally root.
The entrypoint uses tini to correctly pass signals to, and kill, sub-processes. Instead of redefining ENTRYPOINT we recommend you copy executable scripts into /docker-entrypoint.d/. All executable scripts should not contain any file extension, and will be executed in alphanumeric order.
Come and say hi in the #docker channel in the Buildkite Chat slack room!