ACR Build OS & Framework Patching Now Supports Docker Hub

In May we announced the public preview of ACR Build, enabling OS & Framework patching. When we announced the preview, only Azure Container Registries were supported for base image update notifications.

With DockerCon starting this week, it's only appropriate we add support for base in Docker Hub.

• Docker build a locally scoped directory in Azure, with a tag based on the build id:

git pull https://github.com/demo42/helloworld az acr build -t helloworld:{{.Build.ID}} .

• Create a build-task that automatically builds, based on git commits, or base image updates

az acr build-task create \ -n helloworld \ -c https://github.com/demo42/helloworld \ -t helloworld:{{.Build.ID}} \ --git-access-token $PAT

When az acr build completes, the base images dependencies are dynamically discovered. We believe dynamic discovery is key, so your build task and dependencies are kept in sync with your code:

 ACR Builder discovered the following dependencies:
- image:
    registry: demo42.azurecr.io
    repository: helloworld
    tag: aanc
    digest: sha256:581a6215cae409690a4106fb06f8a1f7b9cd4790b956cb197b22eb4cae9b3977
  runtime-dependency:
    registry: registry.hub.docker.io
    repository: baseimages/node
    tag: 9-alpine
    digest: sha256:1c3d74a201d4169a2dff0d49e831510384063df7546ee89bb806febfe29eaadb
  git:
    git-head-revision: e578d0e125be1599fb125bdd07c05f16d45ff1c1

Build Latency

To meet the scale of builds that we expect over time, ACR build has a built in randomness to the delay by which a base image update will be notified. This is currently between 10 and 60 minutes.

Using az acr build-task list-builds, you can see the build change from a Git Commit to Image Update

 BUILD ID   TASK               PLATFORM   STATUS    TRIGGER      STARTED              DURATION
---------- ------------------ ---------- --------- ------------ -------------------- ---------
aanc       helloworld         Linux      Succeeded Image Update 2018-06-11T18:34:55Z 00:00:45
aanb       helloworld         Linux      Succeeded Git Commit   2018-06-11T18:31:13Z 00:00:45

We believe automated OS & Framework patching is a key element of container life cycle management. We also know that running ahead means we may not always have the the experience just right. We encourage your thoughts and feedback:

• Getting started with ACR Build: aka.ms/acr/build
• Issues with ACR Build: aka.ms/acr/issues
• ACR Backlog: aka.ms/acr/backlog
• Feature suggestions for ACR: aka.ms/acr/uservoice

You can always reach me directly at Steve.Lasker at microsoft dot com or twitter: @SteveLasker

Steve