The Ops team is responsible for maintaining a curated base image with a common application runtime. As the company is building Java apps, they bundle Oracle JDK and Tomcat, applying security updates as needed.
This scenario has been tested on DockerHub 2.0 and works like a charm. Updating the base image sources on Github triggers a build for base-image job, which is then published to DockerHub 2.0.
Jenkins detects these changes to the DockerHub hosted images, and and jobs that depend on the upstream base-image* will be rebuilt, tested, and published (and possibly released).
The Ops team are happy with this, as their fears of developers running ancient docker images full of security holes are calmed by knowing that by simply updating the base-image, all projects that depend on it will be notified and updated automatically:
To learn more about Docker integration with CloudBees Jenkins Platform, be sure to read additional blogs on http://blog.cloudbees.com, including Architecture: Integrating CloudBees Jenkins Platform with Docker Hub (INSERT LINK).
You can read more documentation about CloudBees and Docker containers here.
* Note the new Docker-Workflow feature will automatically register for changes to base images if you use that way to build out your pipeline:
Team's logos are from commitstrip.com, which I recommend you follow - you may not learn much but you should get some good laughs.
Nicolas De Loof is based in Rennes, France. Read more about Nicolas in his meet the bees blog post, and follow him on Twitter.