๐ Docker in CI/CD: Your Robot Assembly Line
The Factory Analogy ๐ญ
Imagine you have a toy factory. Every time you create a new toy design, you need to:
- Build it the same way every time
- Test it works properly
- Package it in a box
- Ship it to stores
CI/CD with Docker is like having robot workers who do all this automatically! Every time you draw a new toy design (write code), the robots build, test, and ship it perfectly โ every single time.
What is CI/CD? ๐
CI = Continuous Integration โKeep building and checking your toys automaticallyโ
CD = Continuous Deployment โAutomatically send working toys to the storesโ
graph TD A["๐จโ๐ป You Write Code"] --> B["๐ค Robot Builds It"] B --> C["๐งช Robot Tests It"] C --> D{โ Tests Pass?} D -->|Yes| E["๐ฆ Package & Ship"] D -->|No| F["โ Alert Developer"]
Real Life Example
- You push code to GitHub
- Robots automatically build your Docker image
- Robots run all your tests inside containers
- If everything works โ your app goes live!
๐ Docker with GitHub Actions
What is GitHub Actions?
Think of GitHub Actions as your robot control center. Itโs where you write instructions telling robots what to do when you push code.
Your First Workflow ๐
Create a file: .github/workflows/docker.yml
name: Build My App
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build Docker Image
run: |
docker build -t myapp:latest .
- name: Run Tests
run: |
docker run myapp:latest npm test
What Does This Do? ๐ค
| Step | What Happens |
|---|---|
on: push |
Robot wakes up when you push code |
checkout |
Robot grabs your code |
docker build |
Robot builds your container |
docker run |
Robot tests your app |
Pushing to Docker Hub ๐ช
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Push to Docker Hub
run: |
docker push myapp:latest
Secrets = Like a locked safe for passwords. Never put real passwords in code!
๐ง Docker Buildx: The Super Builder
Whatโs Special About Buildx?
Regular docker build is like a basic hammer.
Buildx is like a robot arm with 20 tools โ faster, smarter, and can build for multiple computers at once!
Enable Buildx
# Check if buildx is ready
docker buildx version
# Create a super builder
docker buildx create --name mybuilder --use
# See your builders
docker buildx ls
Why Use Buildx? ๐
| Feature | Regular Build | Buildx |
|---|---|---|
| Build Speed | Normal | Much Faster |
| Build Caching | Basic | Super Smart |
| Multiple Platforms | โ No | โ Yes! |
| Parallel Building | โ No | โ Yes! |
๐ Multi-Platform Builds
The Problem
Imagine you make a toy that only works on red tables. But your friend has a blue table! They canโt play with your toy. ๐ข
Same with computers:
- Your Mac uses ARM chips (Apple Silicon)
- Servers use AMD64 chips (Intel/AMD)
- Raspberry Pi uses ARM32 chips
The Solution: Build for Everyone!
docker buildx build \
--platform linux/amd64,linux/arm64 \
-t myapp:latest \
--push .
This one command builds your app for:
- โ Intel/AMD computers
- โ Apple Silicon Macs
- โ AWS Graviton servers
- โ Raspberry Pi 4
Multi-Platform in GitHub Actions
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Buildx
uses: docker/setup-buildx-action@v3
- name: Build Multi-Platform
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64
push: true
tags: myapp:latest
Whatโs QEMU? ๐ฎ
QEMU is like a translator. When your Intel computer builds for ARM, QEMU pretends to be an ARM computer so the build works!
graph TD A["Your Intel Computer"] --> B["QEMU Translator"] B --> C["Pretends to be ARM"] C --> D["Builds ARM Image"] A --> E["Builds Intel Image"] D --> F["๐ฆ Both Ready!"] E --> F
โก BuildKit Features
What is BuildKit?
BuildKit is the super engine inside buildx. It makes everything faster and smarter!
Enable BuildKit
# Way 1: Environment variable
DOCKER_BUILDKIT=1 docker build .
# Way 2: Always on (add to ~/.bashrc)
export DOCKER_BUILDKIT=1
Feature 1: Parallel Building ๐โโ๏ธ๐โโ๏ธ
Old way: Build step 1, then step 2, then step 3โฆ
BuildKit way: Build steps 1, 2, and 3 at the same time if they donโt depend on each other!
# These can build in parallel!
FROM node:20 AS frontend
COPY frontend/ .
RUN npm install && npm run build
FROM python:3.12 AS backend
COPY backend/ .
RUN pip install -r requirements.txt
# Combine them
FROM nginx
COPY --from=frontend /dist /usr/share/nginx/html
COPY --from=backend /app /app
Feature 2: Smart Caching ๐ง
BuildKit remembers what it built before. If nothing changed, it skips that step!
# Slow (cache breaks easily)
COPY . .
RUN npm install
# Fast (BuildKit loves this)
COPY package*.json ./
RUN npm install
COPY . .
Feature 3: Secret Mounting ๐
Pass secrets without saving them in the image!
# Old risky way
COPY .npmrc /root/.npmrc # โ Secret in image!
# BuildKit safe way
RUN --mount=type=secret,id=npmrc \
cp /run/secrets/npmrc /root/.npmrc && \
npm install && \
rm /root/.npmrc
Build with:
docker build --secret id=npmrc,src=.npmrc .
Feature 4: Cache Mounts ๐พ
Keep downloaded files between builds!
RUN --mount=type=cache,target=/root/.npm \
npm install
This saves npm packages in a special cache. Next build = super fast!
Feature 5: SSH Mounting ๐
Clone private repos without exposing keys:
RUN --mount=type=ssh \
git clone git@github.com:private/repo.git
Build with:
docker build --ssh default .
๐ฏ Complete CI/CD Pipeline
Hereโs everything together โ a production-ready pipeline:
name: Docker CI/CD Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build and Push
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: |
myuser/myapp:latest
myuser/myapp:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
What Makes This Special?
| Feature | Benefit |
|---|---|
cache-from/to: type=gha |
Uses GitHubโs cache = super fast builds |
platforms |
Builds for multiple architectures |
| Pull request check | Only pushes on main branch merges |
| SHA tagging | Every build has a unique identifier |
๐ Summary: Your Robot Factory
graph TD A["๐ Write Code"] --> B["โฌ๏ธ Push to GitHub"] B --> C["๐ค GitHub Actions Wakes Up"] C --> D["๐ง Buildx Creates Builder"] D --> E["โก BuildKit Builds Fast"] E --> F["๐ Multi-Platform Images"] F --> G["๐ฆ Push to Docker Hub"] G --> H["๐ Deploy Anywhere!"]
You learned:
- โ CI/CD Pipelines โ Automatic build, test, deploy
- โ GitHub Actions โ Robot control center for Docker
- โ Buildx โ Super builder with extra powers
- โ Multi-Platform โ Build once, run everywhere
- โ BuildKit โ Fast, smart, secure builds
Now your code goes from laptop to production automatically! ๐