Create a build configuration that pulls source from private repository

If your source is located in a private repository, create a build configuration with settings that include information about where to pull source from a private repository. For the build output, you can choose to specify registry details along with a registry secret to access your built image in the registry. Or, you can choose to let Code Engine take care of building the image for you from your source and storing the image in IBM Cloud Container Registry. For this case, you do not need to specify a registry secret or the location of the image registry.

Creating a build configuration does not create an image, but creates the configuration to build an image. You must then run a build that references the build configuration to create an image. The build configuration is not validated or used to create an image until the build is run. The build configuration enables multiple subsequent builds of an image, such as when changes are applied to the source repository.

You can choose to ignore certain file patterns from within your source code by using the .ceignore file, which behaves similarly to a .gitignore file. For example, entries for a .ceignore file for a node.js application might include node_modules and .npm. For more sample file patterns to ignore, see the GitHub .gitignore repository.

Creating a build configuration from the console (private repo)

Go to the Code Engine dashboard.
Select the project where you added your container registry.
From the project page, click Image builds.
From the Image build tab, click Create. The Specify build details side panel opens where you enter the details of your build.
In the Source section, enter a name for your build, the URL of your source repository, and your code repo access.
- If your code is in a private repo, use an SSH URL for the code repository URL and either select the name of an existing SSH secret or create an SSH secret. An example of an SSH URL is git@github.com:IBM/CodeEngine.git.
- Optionally, select a source branch name. If you do not provide a branch name and you leave the field empty, Code Engine automatically uses the default branch of the specified repository. You can enter any other branch name, tag, or commit ID.
Click Next to continue.
In the Strategy section, select the strategy that you want to use.
- If you select Dockerfile, you can also specify an alternative path for your Dockerfile.
- Select the size of your build under Build resources.
Click Next to advance to the last section.
In the Output section, enter the details of your container image.
- Select an existing registry secret, or click Create registry secret to add a new one.
- If you are building your image to a Container Registry instance that is in your account, you can select Code Engine managed secret and Code Engine creates and manages the secret for you.
- Then, select the namespace, repository, and tag of the image you want to build. You can choose for Code Engine to create and manage the namespace in Container Registry for you.
- If your image exists in Container Registry, you can select from the existing images, or enter a new repository or tag.
Click Done to finish the creation of the build.

After you create the build configuration, you must run the build to create the image file. After your image file is created, you can deploy an app or run a job with your newly built image file.

Creating a build configuration with the CLI (private repo)

To create a build configuration with the CLI, use the build create command. For a complete listing of options, see the ibmcloud ce build create command.

With the build create command, you can choose to let Code Engine take care of building the image from your source for you and storing the image in IBM Cloud Container Registry. For this automatic access case, you do not need to specify a registry secret or the location of the image registry. Or, you can specify the location for your build image output and provide a registry secret so that Code Engine can access and push the build result to your registry.

Creating a build configuration with the CLI (with private repo source and automatic access to registry)

In this scenario, Code Engine builds an image from your private repository source, and automatically uploads the image to IBM Cloud Container Registry. See Setting up authorities for image registries for more information about setting required permissions for Code Engine to automatically access these images in Container Registry.

Before you begin

Create a build configuration to build an image from a private repository and let Code Engine automatically store and access the image. For example, the following build create command creates a build configuration that is called helloworld-build-private that builds from the private Git repo https://github.com/myprivaterepo/builds, and uses the buildpacks strategy and medium build size. Code Engine automatically uploads the image to IBM Cloud Container Registry. Also, because the branch name of the repository is not specified with the --commit option, Code Engine automatically uses the default branch of the specified repository, which is main for this Git repo. By not specifying the location of the image registry or a registry secret, Code Engine pushes the build output to IBM Cloud Container Registry with automatic access.

Because the Git repo provided is private, access requires a Git repo secret. As a result, the --source that you specify must use the SSH protocol, such as git@github.com:myprivaterepo/builds.git. The value for --source must not use the http or https format.

ibmcloud ce build create --name helloworld-build-private --source git@github.com:myprivaterepo/builds.git --context-dir /hello --strategy buildpacks --git-repo-secret myrepo

After you create the build configuration, you must run the build to create the image file. After your image file is created, you can deploy an app or run a job with your newly built image file.

Creating a build configuration with the CLI (with private repo source and user-provided access to registry)

In this scenario, Code Engine builds an image from your private repository source with a Git repository secret that you provide, and then uploads the image to your container registry with the registry access that you provide.

Before you begin

Create a build configuration to build an image from a private repo and specify the location of the image registry for the build output with a registry secret. With the build create command, specify the --image option to provide the location of the image registry, and specify the --registry-secret option to access the registry. For example, the following command creates a build configuration that is called helloworld-build-private that builds from the private Git repo https://github.com/myprivaterepo/builds, uses the buildpacks strategy and medium build size, and stores the image to us.icr.io/mynamespace/codeengine-helloworld by using the registry secret that is defined in myregistry.

In this example, the command uses the default medium build size. Because the branch name of the repository is not specified with the --commit option, Code Engine automatically uses the default branch of the specified repository.

ibmcloud ce build create --name helloworld-build-private --image us.icr.io/mynamespace/codeengine-helloworld --registry-secret myregistry --source git@github.com:myprivaterepo/builds.git --context-dir /hello --strategy buildpacks --git-repo-secret myrepo

After you create the build configuration, you must run the build to create the image file. After your image file is created, you can deploy an app or run a job with your newly built image file.