Skip to content

Using volumes to perform builds

Volumes in Welder are pretty much the same as Docker volumes with a few specifics. The main reason why volumes are important for your builds is sharing some essential files and directories between host environment and a container. Containers only provide the SDK for building and running your application, but you need to provide secrets and caches to be download dependencies and publish artifacts.

volumes section can be declared under any build or deploy section within the descriptor as well as under any task definition. Volumes are inherited from default section and can be overridden by the profile section.

Maven

With Maven-based projects it is recommended to configure the following volumes in your descriptor:

  build:
    volumes:
      - ~/.m2/repository:${container:home}/.m2/repository:delegated
      - ~/.m2/settings.xml:${container:home}/.m2/settings.xml:ro
      - ~/.m2/settings-security.xml:${container:home}/.m2/settings-security.xml:ro

These volumes will allow to share your host's configured Maven settings and security settings with build containers as well as reuse cached artifacts within local Maven repository.

Gradle

For Gradle-based projects the following volumes configuration is recommended to share caches and settings with build containers:

  build:
    volumes:
      - ~/.gradle/init.gradle:${container:home}/.gradle/init.gradle:ro
      - ~/.gradle/gradle.encrypted.properties:${container:home}/.gradle/gradle.encrypted.properties:ro
      - ~/.gradle/gradle.properties:${container:home}/.gradle/gradle.properties:ro
      - ~/.gradle/caches:${container:home}/.gradle/caches:delegated
      - ~/.gradle/wrapper:${container:home}/.gradle/wrapper:delegated
      - ~/.gradle/daemon:${container:home}/.gradle/daemon:delegated

NodeJS

The following volumes configuration should allow to build NodeJS-based projects:

  build:
    volumes:
      - ~/.npm:${container:home}/.npm:delegated
      - ~/.npmrc:${container:home}/.npmrc:ro
      - ~/.yarnrc:${container:home}/.yarnrc:ro
      - ~/.ssh:${container:home}/.ssh:ro

Python

  build:
    volumes:
      - ~/.cache/pip:${container:home}/.cache/pip

Golang

For Golang projects you may want to configure git to get access to internal repos, and also to share your locally installed packages:

default:
  build:
    volumes:
      - "~/.gitconfig:${container:home}/.gitconfig:ro"
      - "~/.ssh:${container:home}/.ssh:ro"
      - "${task:gomodcache.trim}:${container:home}/go/pkg/mod"
    env:
      GOPRIVATE: "stash.atlassian.com,bitbucket.org" # allows to acces internal repos
      GOMODCACHE: ${container:home}/go/pkg/mod # shares installed go modules with container
# ...
tasks:
  gomodcache:
    runOn: host
    description: Returns directory of go mod cache on host
    script:
      - |-
        GOCACHEDIR="$( go env 2>/dev/null | grep GOMODCACHE | awk -F '=' '{print $2}' | sed "s/['\"]//g" )"
        if [ -z "$GOCACHEDIR" ]; then echo "/tmp/modcache"; else echo "$GOCACHEDIR" ; fi

GnuPG and signing of the artifacts

When you need to sign the built artifacts with GnuPG you may also want to share available keys with the container:

  build:
    volumes:
      - ~/.gnupg:${container:home}/.gnupg

Note

This volume can be added conditionally, for example only when build is running on the compliant environment (sox).