Multi-stage builds in Alibaba Cloud Container Registry (ACR) produce secure, compact Java application images with faster build times.
Prerequisites
-
Alibaba Cloud Container Registry is activated.
-
Docker must be installed. For more information, see Install and use Docker and Docker Compose.
-
A Java source code repository is hosted on GitHub, GitLab, or Bitbucket.
NoteYou can copy and host a simple Java Maven project from GitHub to try out the process.
Background information
Common issues in image building
Building an image from a Dockerfile can have several challenges:
-
Dockerfiles can be difficult to write
Developers may not be familiar with writing Dockerfiles to build application images.
-
Images can become bloated
Including compilation, testing, and packaging in a single Dockerfile adds unnecessary image layers, resulting in a complex hierarchy and a large image file.
-
Risk of source code leakage
Source code can be accidentally included in the final image, creating a security risk.
Benefits of multi-stage builds
For compiled languages such as Java, using a multi-stage build in your Dockerfile offers the following benefits:
-
Improved image security
The first stage uses a compile-time base image to download dependencies, compile, test, and package the application. The second stage uses a lean run-time base image and copies only the compiled artifacts from the first stage. The final image contains no source code.
-
Optimized image layers and size
The final image contains only the base image and compiled artifacts. This results in fewer image layers and a smaller file size.
-
Faster build speeds
Build tools such as Docker and BuildKit can execute multiple build stages in parallel to reduce the overall build time.
Step 1: Bind a source code repository
In the Alibaba Cloud Container Registry console, bind your hosted code repository. This example uses a GitHub repository.
Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the Personal Edition instance that you want to manage.
-
In the left-side navigation pane, choose .
-
In the row for GitHub, click Bind Account in the Actions column. In the dialog box that appears, click Go to the source code repository to bind account to open GitHub.
-
On the authorization page, click Authorize AliyunDeveloper. After you return to the Code Source page, the status for GitHub is displayed as Bound, indicating a successful binding.
Step 2: Create a repository
Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the Personal Edition instance that you want to manage.
-
In the left-side navigation pane, choose and then click Create Repository.
-
Configure the repository information.
Parameter
Description
Example
Region
The region where the repository is located.
China (Hangzhou)
Namespace
The namespace for the repository.
test23432
Repository Name
Enter a name for the repository.
test
Repository Type
The repository type can be Public or Private. You must be logged in to push images regardless of repository type. To protect your data, use a private repository.
-
Public: Anyone can pull images without authentication.
-
Private: Authentication is required to pull images.
Private
Summary
A brief description.
-
Description
A detailed description. Markdown is supported.
Use the created Dockerfile and the ACR image building service to build, package, and run the image.
-
-
Click Next and set the code source.
Parameter
Description
Code Source
Set Code Source to GitHub and select the bound source code repository.
Build Settings
For this example, select Automatically Build Images When Code Changes and Build with Servers Deployed Outside Chinese Mainland.
-
Automatically Build Images When Code Changes: Automatically triggers a build when code is committed to a branch.
-
Build with Servers Deployed Outside Chinese Mainland: Runs the build in a data center outside the Chinese mainland and pushes the resulting image to the specified region.
-
Build Without Cache: Forces a re-pull of the base dependency image for every build, which may increase build time.
-
-
Click Create Repository.
After the repository is created, the repository details page displays its basic information.
-
In the left-side navigation pane, click the
icon to the left of the repository name. On the Repositories page, you can see your new repository. A Status of Normal indicates that the repository was created successfully.
Step 3: Perform a build
-
In the left-side navigation pane, choose . Click the name of your repository, or click Manage in the Actions column of the repository.
-
In the left-side navigation pane, click Build. In the Build Rules section, click Add Build Rule.
-
Configure the build rule.
Parameter
Description
Example
Type
The event that triggers the build rule when code is pushed to the repository. Valid values are Branch and Tag.
Branch
Branch/Tag
The code branch to build from.
master
Build Context Directory
The directory where the Dockerfile is located. This is a relative path from the root of the code branch. In this tutorial, the full path is /Dockerfile, so enter / here.
/
Dockerfile Filename
The name of the Dockerfile. The default is Dockerfile. For example, if the full path is /Dockerfile, enter Dockerfile.
Dockerfile
Image Version
The tag for the image version.
V1.0.0
-
Click OK to return to the Build page.
-
In the Build Rules section, find the rule that you created and click Build in the corresponding Actions column.
In the Build Log section, a build status of Success indicates that the build is complete.
Step 4: Configure an image accelerator
Pulling images from Docker Hub can be slow due to network latency. Configure an image accelerator for your local Docker installation to improve download speeds.
-
Log on to the Alibaba Cloud Container Registry console. In the top navigation bar, select the region where your container instance was created.
-
In the left-side navigation pane, choose Image Tool > Image Accelerator. In the Booster section, copy the accelerator address.
-
Run the following commands to configure the image accelerator in Docker. Replace
https://g******w9.mirror.aliyuncs.comwith the accelerator address that you copied. The following commands are for Ubuntu and CentOS. For other operating systems, see Configure an image accelerator.mkdir -p /etc/docker # Create a directory for the configuration file. tee /etc/docker/daemon.json <<-'EOF' # Write the accelerator configuration. { "registry-mirrors": ["https://g******w9.mirror.aliyuncs.com"] } EOF systemctl daemon-reload # Reload the configuration file. systemctl restart docker # Restart the Docker service.
Verify the results
View the built image
In the left-side navigation pane, choose Repository > Repositories. Click the name of your repository, or click Manage in the Actions column. In the left-side navigation pane of the repository details page, click Image Version to view the built image.
Run the image
Starting from September 9, 2024, the format of registry endpoints for new Personal Edition instances will change. For more information, see Usage notes for new Personal Edition instances. Choose a method to push and pull images based on your instance version.
New Personal Edition instance
-
Run the following command in Docker to log on to Alibaba Cloud Docker Registry. In the command, replace
acr_e2******@test.aliyunid.comwith your Alibaba Cloud account name,cn-hangzhouwith the instance region, andcrpi-xxxxwith the instance ID. You will be prompted for your password. To find the instance ID, log on to the Alibaba Cloud Container Registry console, go to your Personal Edition, and find the Instance ID on the Overview page under the Instance tab.docker login --username=acr_e2******@test.aliyunid.com crpi-xxxx.cn-hangzhou.personal.cr.aliyuncs.com -
Run the following command to pull the image.
docker pull crpi-xxxx.cn-hangzhou.personal.cr.aliyuncs.com/test23432/test:V1.0.0 -
Run the following command to view your Docker images.
docker images -
Run the following command to run the image.
docker run -ti crpi-xxxx.cn-hangzhou.personal.cr.aliyuncs.com/test23432/test:V1.0.0 Hello World!
Old Personal Edition instance
-
Run the following command in Docker to log on to Alibaba Cloud Docker Registry. In the command, replace
acr_e2******@test.aliyunid.comwith your Alibaba Cloud account name andcn-hangzhouwith your instance's region. You will be prompted for your password.docker login --username=acr_e2******@test.aliyunid.com registry.cn-hangzhou.cr.aliyuncs.com -
Run the following command to pull the image. In the command, replace
cn-hangzhouwith your instance's region,test23432with your namespace, andtest:V1.0.0with your repository name and image tag.docker pull registry.cn-hangzhou.cr.aliyuncs.com/test23432/test:V1.0.0 -
Run the following command to view your Docker images.
docker images -
Run the following command to run the image. Replace
cn-hangzhouwith the region of your Personal Edition instance. Replacetest23432with your actual namespace. Replacetest:V1.0.0with your actual repository name and image tag.docker run -ti registry.cn-hangzhou.cr.aliyuncs.com/test23432/test:V1.0.0 Hello World!