Docker Engine


The docker-engine runs tasks in a per-task docker container, providing lightweight task isolation.

Worker Configuration

The examples folder contains a docker-config.yml illustrating how to configure the worker when using the docker-engine.

Currently, it makes sense to enable the following plugins, when using docker-engine.

  • artifacts,
  • env,
  • livelog,
  • logprefix,
  • tcproxy,
  • cache,
  • maxruntime,
  • success,
  • watchdog,
  • relengapi,

Example Payload Schema

The payload schemas changes based on how the worker is configured, in some future a worker manager will expose per-workerType documentation. But if configured like the examples/docker-config.yml the payload schema will look like:

artifactsArray of

Artifacts to be published

expiresstringdate-time
namestring^([\x20-\x2e\x30-\x7e][\x20-\x7e]*)[\x20-\x2e\x30-\x7e]$

This will be the leading path to directories and the full name for files that are uploaded to s3. It must not begin or end with / and must only contain printable ascii characters otherwise.

pathstring^.*[^/]$

File system path of the artifact

typestring
  • file
  • directory

Artifacts can be either an individual file or a directory containing potentially multiple files with recursively included subdirectories.

cachesArray of
mountPointstring
namestring^[\x20-\x7e]{1,255}$
optionsObject of

Options for docker volumes at this time no options are supported.

Anything ¯\_(ツ)_/¯
preloadOne of
URLstringuri

URL to fetch resource from, this must be http:// or https://.

Artifact ReferenceObject of

Object referencing an artifact by name from a specific taskId and optional runId.

artifactstring[0:1024]

Name of artifact to fetch.

runIdinteger[0:50]

runId to fetch artifact from, defaults to latest runId if omitted

taskIdstring^[A-Za-z0-9_-]{8}[Q-T][A-Za-z0-9_-][CGKOSWaeimquy26-][A-Za-z0-9_-]{10}[AQgw]$

taskId of task to fetch artifact from

Index ReferenceObject of

Object referencing a given artifact by name from a task indexed under the given namespace.

artifactstring[0:1024]

Name of artifact to fetch.

namespacestring[0:1024]^[a-zA-Z0-9_!~*'()%-]+$

Index namespace under which to find the taskId to fetch the artifact from

Fetch from URL with HashObject of

Fetch resource from a URL and validate against given hash.

Hash must be specified in hexadecimal notation, you may specify none or all of md5, sha1, sha256, or sha512, all specified hashes will be validated. If no hash is specified, no validation will be done.

md5string^[0-9a-fA-F]{32}$
sha1string^[0-9a-fA-F]{40}$
sha256string^[0-9a-fA-F]{64}$
sha512string^[0-9a-fA-F]{128}$
urlstringuri

URL to fetch resource from, this must be http:// or https://.

commandArray of

Command to run inside the container.

string
disableTaskclusterProxyboolean

The taskcluster proxy forwards requests to the proxy tcproxy while attaching a request signature covering task.scopes. The proxy is enabled by default, this option can be used to disable it per-task.

Please refer to engine specific documentation for how to access the proxy, often it is something like: http://<hostname>/<proxy>/<...>, hence, forwarding to the queue would be http://<hostname>/tcproxy/queue.taskcluster.net/....

enableRelengAPIProxyboolean

The relengapi proxy forwards requests to the proxy relengapi. The proxy is disabled by default, this option can be used to enable it per-task.

Please refer to engine specific documentation for how to access the proxy, often it is something like: http://<hostname>/<proxy>/<...>, hence, forwarding to the queue would be http://<hostname>/relengapi/<request>/....

envObject of

Mapping from environment variables to values

<string>string
imageOne of
Pull Image from Registrystring
Fetch from URL with HashObject of

Fetch resource from a URL and validate against given hash.

Hash must be specified in hexadecimal notation, you may specify none or all of md5, sha1, sha256, or sha512, all specified hashes will be validated. If no hash is specified, no validation will be done.

md5string^[0-9a-fA-F]{32}$
sha1string^[0-9a-fA-F]{40}$
sha256string^[0-9a-fA-F]{64}$
sha512string^[0-9a-fA-F]{128}$
urlstringuri

URL to fetch resource from, this must be http:// or https://.

Index ReferenceObject of

Object referencing a given artifact by name from a task indexed under the given namespace.

artifactstring[0:1024]

Name of artifact to fetch.

namespacestring[0:1024]^[a-zA-Z0-9_!~*'()%-]+$

Index namespace under which to find the taskId to fetch the artifact from

Artifact ReferenceObject of

Object referencing an artifact by name from a specific taskId and optional runId.

artifactstring[0:1024]

Name of artifact to fetch.

runIdinteger[0:50]

runId to fetch artifact from, defaults to latest runId if omitted

taskIdstring^[A-Za-z0-9_-]{8}[Q-T][A-Za-z0-9_-][CGKOSWaeimquy26-][A-Za-z0-9_-]{10}[AQgw]$

taskId of task to fetch artifact from

maxRunTimeinteger,string^\s*(?:\s*(\d+)\s*d(?:ays?)?)?(?:\s*(\d+)\s*h(?:ours?|r)?)?(?:\s*(\d+)\s*m(?:in(?:utes?)?)?)?\s*$

The maximum task run-time before the task is killed and resolved as failed. Specified as an integer in seconds, or as string on the form: 1 day 2 hours 3 minutes.

This is measured as the execution time and does not include time the worker spends downloading images or upload artifacts.

For this worker-type the maxRunTime may not exceed: 4h0m0s.

privilegedboolean

Run the task docker container in privileged mode.

Setting this option requires that task.scopes contains the scope worker:privileged:<provisionerId>/<workerType>.