Icon

You are viewing the documentation of TeamCity 2018.x, which is not the most recently released version of TeamCity.
View this page in the latest documentation or refer to the listing to choose the documentation corresponding to your TeamCity version.

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: related to https://youtrack.jetbrains.com/issue/TW-51820

...

Excerpt

In this section, you can specify a Docker image which will be used to run the build step. Once an image is specified, all the following options are available:

SettingDescription
Run step within Docker container

Specify a Docker image here. TeamCity will start a container from the specified image and will try to run this build step within this container.  

Pull image explicitly (since TeamCity 2017.2)Docker image platformSelect <Any> (default), Linux or Windows.
Pull image explicitly

If the checkbox is enabled, docker pull <imageName> will be run before the docker run command.

Additional docker run arguments

The Edit arguments field allows specifying additional options for docker run. The default argument is --rm.

Technically, the command of the build runner is wrapped in a shell script, and this script is executed inside a Docker container with the docker run command. All the details about the started process, text of the script etc. are written into the build log (the Verbose mode enables viewing them).

The checkout directory and most build agent directories are mapped inside the Docker process, and TeamCity passes most environment variables from the build agent into the docker process.

After the build step with the Docker wrapper, a build agent will run the chown command to restore access of the buildAgent user to the checkout directory. This mitigates a possible problem when the files from a Docker container are created with the 'root' ownership and cannot be removed by the build agent later. 

hidden-data
When a process is run under Docker in the Linux environment, the owner of the created files is root. TeamCity Docker Wrapper used to set umask 0 to make sure all created files are writable by the parent build agent process.

However, if a script running on the docker sets permissions explicitly, the created file may not be writable outside the docker process.
At the same time, setting umask 0 may have unexpected and undesired effect regarding file permissions.

To fix such situations, TeamCity now runs "chown -R buildAgentUserId <checkout directory>"  command at the end of the build step with Docker Wrapper. This default behavior can be altered using the teamcity.docker.chown.enabled=false configuration parameter. And umask 0 trick is not used anymore by default, but can be enabled with the teamcity.docker.umask.enabled=true configuration parameter.

If the process environment contains the TEAMCITY_DOCKER_NETWORK variable, this network is passed to the started docker run command with --network switch. 

It is possible to provide extra parameters for the docker run command, for instance, provide an additional volume mapping.

 

...