How to process Specs in Docker using a custom Docker image

Related content

Still need help?

The Atlassian Community is here for you.

Ask the community

robotsnoindex

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When using repository-stored specs, Bamboo offers a feature of processing the specs inside a Docker container, isolated from the Bamboo environment. By default, this feature uses the atlassian/bamboo-specs-runner image from Docker Hub, matching your version of Bamboo.

Should you require any customization to the default image used by the Specs runner, you'd need to maintain your own image, and then configure Bamboo to use it. The purpose of this article is to explain how to achieve the latter.

Please see this page for more information on this feature.

Environment

Bamboo with repository-stored Specs.

This article assumes you have already created a customized image, and that it is available in a Docker registry (either public or private). 

Solution

Public repository

If your Docker image is available on a public repository in Docker Hub, it's pretty straightforward: you can specify it directly under Overview >> Security Settings >> Edit >> Docker image, using the following syntax.

<namespace>/<repository>:<tag>

Example:

Example

Private repository

Bamboo currently doesn't offer an option to pass credentials for a private registry. Please see the following feature request: BAM-19731 - Add Capability for 'Docker Runner' to connect to private image registry

Workarounds

There are, however, a few workarounds (please see the Feature Request above) that you can perform so that the credentials are cached, and that way Bamboo doesn't need to send any credentials. You would just need to run docker login for the private registry on the Bamboo host machine, using the same user account that runs Bamboo. This will cache the credentials for that registry in ~/.docker/config.json.

For example:

  1. Given a private repo in Docker Hub (example): USER/test-repo:7.2.6

  2. Open terminal as the same user that runs your Bamboo instance, and execute the following command:

    docker login registry.hub.docker.com/USER/test-repo
  3. Provide your credentials so the login is successful and it gets cached in ~/.docker/config.json

  4. Under Bamboo >> Cog icon >> Overview >> Security Settings >> Edit, set the following for Docker image:

    registry.hub.docker.com/<NAMESPACE>/<REPOSITORY>:<TAG>

    Example:

  5. The Specs Scan should then succeeds:

    2022-01-18 18:27:49,173 Pulling docker image registry.hub.docker.com/USER/test-repo:7.2.6
[...]
18-Jan-2022 18:27:49	Processing Specs within Docker container
[...]
18-Jan-2022 18:28:00	[INFO] BUILD SUCCESS

Syntax for private repositories stored in Docker Hub:

registry.hub.docker.com/<namespace>/<repository>:<tag>

Syntax for repositories stored in private / local / other registries:

<registry.address>:<port>/<namespace>/<repository>:<tag>

Last modified on Mar 7, 2025

Was this helpful?

Yes
No
Provide feedback about this article

Related content

Powered by Confluence and Scroll Viewport.