If you want to implement the automated continuous integration feature, you can use Container Registry triggers. After an image is created, the applications in container services are automatically triggered to pull and redeploy the new image.
Security rules on trigger usage
HTTP services: Port 80 is used by default.
If you want to use other ports, append the port numbers to the end of the trigger URL. You can use only the following port numbers: 80, 21, 443, 70, 210, 280, 488, 591, 777, and from 1025 to 65535.
HTTPS services: Port 443 is used by default.
Only port 443 is supported. If you want to use other ports, use HTTP services. HTTPS services support only standard certificates and do not support self-signed certificates.
Trigger methods
Container Registry provides two triggering methods for a trigger: expression-based triggering and tag-based triggering. If no triggering method is specified, an image pull is triggered each time a new image tag is generated or the image tag is updated.
Expression-based triggering: Tags are filtered based on a regular expression. An image pull is triggered only when a tag matches the regular expression.
You can enter a simple regular expression. For example, if you enter
release-v.*
, an image pull is triggered only after an image with a tag that starts withrelease-v
is built. Otherwise, no image pull is triggered and the access status code in the access log is "untriggered".Click Access Log to view the access history of the trigger.
Tag-based triggering: An image pull is triggered based on the specified tags.
You can specify a maximum of 10 tags based on which an image pull needs to be triggered. Then, an image pull is triggered only when images with the specified tags are built. Otherwise, no image pull is triggered and the access status code in the access log is "untriggered".
Click Access Log to view the access history of the trigger.
Notification content
The notification content of a trigger includes the information about the repository and image tag, as shown in the following code. The repository information includes the namespace, name, and region of the repository.
POST /payload HTTP/1.1
Content-Type: application/json
Request URL: https://cs.console.aliyun.com/hook/trigger?triggerUrl=YzRmMWE5YzM2ZjMzYzQ0NmFiMGYzNWJlMmM2MjM2NzIyfGV4cHJlc3N8cmVkZXBsb3l8MThlMmllY2drdXYyZXw=&secret=365a4a664b45615438716a487a75695a7ac48329224b35b073c2197374e7d62a
Request method: POST
{
"push_data": {
"digest": "sha256:457f4aa83fc9a6663ab9d1b0a6e2dce25a12a943ed5bf2c1747c58d48bbb4917",
"pushed_at": "2016-11-29 12:25:46",
"tag": "latest"
},
"repository": {
"date_created": "2016-10-28 21:31:42",
"name": "repoTest",
"namespace": "namespace",
"region": "cn-hangzhou",
"repo_authentication_type": "NO_CERTIFIED",
"repo_full_name": "namespace/repoTest",
"repo_origin_type": "NO_CERTIFIED",
"repo_type": "PUBLIC"
}
}