OCI Artifact Usage¶
Experimental Feature
OCI artifact support is currently experimental. Please provide feedback and report any issues you encounter.
This page provides comprehensive documentation on using doco-cd with OCI (Open Container Initiative) artifacts, including webhook payloads, and artifact packaging conventions.
What is an OCI artifact?
In the context of doco-cd, an OCI artifact is a structured package of deployment configuration files (e.g., .doco-cd.yaml, compose files, assets)
that is stored in an OCI-compliant registry.
This allows you to manage your deployment configurations using the same tools and workflows as your container images.
See also:
Overview¶
Doco-CD supports pulling deployment configurations from OCI registries (e.g., Docker Hub, GitHub Container Registry, private registries) in addition to Git repositories. This allows you to:
- Store deployment configuration as versioned OCI artifacts
- Use container registries as your source of truth for deployments
- Trigger deployments via OCI webhook events
- Validate artifact signatures before deployment
- Use the same registry infrastructure for both container images and configuration
Getting Started¶
To use OCI artifacts with doco-cd, you need to:
- Package your deployment configuration according to the
doco.v1layout specification, see the example below for details. - Push the artifact to an OCI registry
- Configure doco-cd with either polling or webhooks to pull the artifact and trigger deployments
- (Optional) Configure signature verification with trust policies
Supported OCI Registries¶
Doco-cd can pull artifacts from any OCI-compliant registry that supports OCI Image Spec v1.0 or later. This includes, but is not limited to:
- Docker Hub (
docker.io) - GitHub Container Registry (
ghcr.io) - GitLab Container Registry (
registry.gitlab.com) - Amazon ECR (
*.dkr.ecr.*.amazonaws.com) - Google Artifact Registry (
*.pkg.dev) - Azure Container Registry (
*.azurecr.io) - Private/Self-hosted registries (supporting OCI Image Spec v1.0+)
See Private Container Registries for authentication to private registries.
doco.v1 Artifact Layout¶
The doco.v1 layout (see version in deploy config) is a strict, versioned specification for packaging deployment configurations as OCI artifacts. It ensures consistency and enables validation.
Artifact Structure¶
A doco.v1 artifact must have a root-level deployment configuration file (.doco-cd.y(a)ml) in the root (/) of the artifact.
The rest of the artifact can contain any files needed for deployment, as with deployments from Git repository (e.g., compose files, app configuration, assets, scripts), see Deploy Settings.
Artifact Layout Examples
Required Files¶
-
.doco-cd.y(a)ml: RequiredThe main deployment configuration file.
Example: Creating an OCI Artifact¶
Here's a complete example of creating and pushing a doco.v1 OCI artifact:
-
Create the artifact directory
-
Create the OCI artifact
We use skopeo to copy the directory directly to an OCI registry without needing to create a Docker image: