Build and push artifacts and images

You can use Harness CI to build image, push image, and upload artifacts, such as Docker images or test results. Build and Push steps build your codebase and then push the resulting artifact to a container registry or cloud storage repo. Upload Artifact steps upload any artifact.

Build and push

Build and Push steps build your codebase and then push the artifact to a repo. You can:

• Build and push to Docker Hub or a Docker registry
• Build and push to Azure Container Registry (ACR)
• Build and push to Amazon Elastic Container Registry (ECR)
• Build and push to Google Artifact Registry (GAR)
• Build and push to Google Container Registry (GCR)
• Build and push to GitHub Container Registry (GHCR)
• Build and push to a JFrog Artifactory Docker registry

For other non-Docker upload locations, you can use a script in a Run step to build and upload the artifact.

tip

You can also:

• Build images without pushing
• Build multi-architecture images

Video: Add a Build and Push step

The following video demonstrates how to add a Build and Push step to a Harness CI pipeline.

Kubernetes cluster build infrastructures require root access

With Kubernetes cluster build infrastructures, Build and Push steps use kaniko. Other build infrastructures use drone-docker. Kaniko requires root access to build the Docker image. It doesn't support non-root users.

If your build runs as non-root (runAsNonRoot: true), and you want to run the Build and Push step as root, you can set Run as User to 0 on the Build and Push step to use the root user for that individual step only.

If your security policy doesn't allow running as root, go to Build and push with non-root users.

Pull images

You can pull and run images in your pipelines by declaring them in your steps' Image setting. For example, you could pull and run an image in a Background step or Run step.

Upload artifacts

Upload Artifacts steps upload artifacts. These steps don't include build commands. You can:

• Upload artifacts to JFrog Artifactory non-Docker registries
• Upload artifacts to GCS
• Upload artifacts to S3
• Upload artifacts to Sonatype Nexus
• Upload Helm charts to container registries
• Send artifacts by email
• Run any upload script in a Run step or use plugins.

Artifacts tab

Regardless of how you upload artifacts, you can publish any artifact URL to the Artifacts tab.

Download artifacts

You can use Run steps and Plugin steps to download artifacts into your pipeline workspace.

For example:

• Download artifacts from GCS
• Download artifacts from S3
• Use the Download plugin
• Run any script in a Run step
• Manage dependencies
• Caching and data sharing

Troubleshoot building and pushing artifacts and images

Go to the CI Knowledge Base for questions and issues related to building and pushing images or uploading artifacts, such as:

• What drives the Build and Push steps? What is kaniko?
• Does a kaniko build use images cached locally on the node? Can I enable caching for kaniko?
• Can I run Build and Push steps as root if my build infrastructure runs as non-root? What if my security policy doesn't allow running as root?
• Can I set kaniko and drone-docker runtime flags, such as skip-tls-verify or custom-dns?
• Is remote caching supported in Build and Push steps?
• Build and Push to ECR step fails with error building image, failed to execute command, exec format error.
• Where does the Build and Push to ECR step pull the base images specified in the Dockerfile?
• Can I send artifacts by email?
• Can I run the Upload Artifacts to JFrog Artifactory step with a non-root user?
• How do I show content on the Artifacts tab?
• Does the Upload Artifacts to S3 step compress files before uploading them?
• Can I use a specific version of kaniko or drone-docker?
• How do I fix this kaniko container runtime error: kaniko should only be run inside of a container?