In the realm of software development, balancing continuous integration with maintaining quality is a significant challenge. ttl.sh and Gitness offer a solution. ttl.sh is an ephemeral Docker image registry that allows for the creation of temporary image tags with built-in expiry. Gitness, an open-source platform by Harness, simplifies the management of source code repositories and development pipelines. This blog post will explore how these tools can be used to create temporary CI environments to expedite development processes.
Multiple developers working on different features can lead to merge conflicts and a bloated image registry. Traditional CI environments often retain Docker images from feature branches too long, which complicates image management and increases the likelihood of testing against outdated or incorrect images.
The workflow in the diagram leverages ttl.sh and Gitness to manage these challenges:
1. Feature Branch Workflow: The creation of a pull request (PR) for a feature branch triggers a build in Gitness.
2. Image Creation: Gitness constructs a Docker image from the feature branch, using ttl.sh for tagging with a UUID and a time-to-live (TTL) limit. This process does not require credentials and maintains privacy.
3. Automated Testing: The image is put through automated tests. Should the tests fail, developers are notified; if they succeed, the process proceeds.
4. Image Promotion: After a PR passes all checks and is merged, the image is given a permanent tag and pushed to a central image registry, which at this point, requires proper credentials.
This approach ensures that only quality-assured images make it to the central registry, reducing the clutter and promoting a cleaner CI process.
Let's construct this setup step by step. Starting with pushing an image to ttl.sh through Gitness, I’ll guide you to resources for completing the remaining components of the system.
Begin with the Gitness documentation to set up your first project. You can start a new repository or link an existing one from GitHub or GitLab. The specific source code repository can be any; the essential requirement is the presence of a Dockerfile.
Navigate to "Pipelines'' within your repository and create a new pipeline. Gitness will suggest a sample pipeline. Replace it with the following YAML:
You can find a gist version of the above YAML here.
Observe the image repo and tag. ttl.sh is the image repository name and the UUID (xxxx-yyyy-nnnn-2a2222-4b44) is the image name. You can replace the hard coded image name with a Gitness secret for a dynamic image name. Click on Secrets and add a new Gitness secret called random_image_name. Now you can update your pipeline YAML so that the image name is not fixed:
Add another run step so that when all tests pass, the image tag is retagged and pushed to a private image registry. You’ll need authentication at this step.
While ttl.sh's no-credential, ephemeral approach offers flexibility and simplicity for CI environments, it introduces unique security considerations. The convenience of pushing images without credentials is counterbalanced by potential security risks — namely, the possibility of unauthorized image pulls. You can mitigate these risks through short-lived images and using UUIDs for image names:
Short-Lived Images: By design, images in ttl.sh are ephemeral. Setting a short expiration time for an image means it's available for a limited time window, reducing the risk exposure period.
Use of UUIDs: Incorporating UUIDs into image tags significantly lowers the risk of unauthorized access. The randomness and complexity of UUIDs make it exceedingly difficult for someone to guess the image name and pull it without authorization.
However, for production environments, organizations might consider deploying a private version of ttl.sh. This allows for more control over the security aspects, such as network isolation, access control, and auditing capabilities.
Integrating ttl.sh and Gitness creates an ephemeral CI environment that streamlines the build and test process. It helps to avoid the accumulation of outdated images and keeps the pipeline lean. This method is not just about speed; it's about maintaining a manageable and efficient development workflow. Adopting these tools can lead to more frequent and dependable software delivery for your engineering teams. Check out and follow Harness YouTube channel for technical content on Gitness and more.