i have been trying out drone and have been unsuccessful in pushing the docker image to gcr.
pipeline:
build:
image: plugins/docker
dockerfile: docker/Dockerfile
registry: gcr.io
repo: gcr.io/<REPO>
tags: "${DRONE_COMMIT_SHA}"
insecure: true
debug: true
The following is the error message:
denied: Unable to access the repository; please check that you have permission to access it.
I have been trying to follow the documentation but I always get this error.
Need help. Thanks.
The first step is to store your credentials (we call them secrets) in drone. You can do this using the command line utility or the user interface.
drone secret add <github_repo> --name=docker_username --value=<username>
drone secret add <github_repo> --name=docker_password --value=<password>
Once you have stored your credentials you must update your yaml configuration file to request access to the named secrets using the secrets attribute (this seems to be missing in your example). Example configuration:
pipeline:
build:
image: plugins/docker
dockerfile: docker/Dockerfile
registry: gcr.io
repo: gcr.io/<REPO>
secrets: [ docker_username, docker_password ]
For reference please see the following secret documentation which uses the docker plugin as the primary example http://docs.drone.io/manage-secrets/
Related
I'm building an apptainer/singularity multi-stage recipe in a gitlab CI environment.
The first step of the recipe is built from an image hosted in a private registry, whereas the second built from an image hosted on dockerhub. Something like this:
# First stage
BootStrap: docker
Registry: <my_private_registry>
From: <my_image>
Stage: base
%files
...
%post
...
# Second stage
BootStrap: docker
Registry: index.docker.io
From: continuumio/miniconda3
Stage: final
%files from base
...
%post
...
Since the first registry is private, in the gitlab CI instance I'm setting the variables APPTAINER_DOCKER_USERNAME and APPTAINER_DOCKER_PASSWORD, as suggested here for CI/CD workflow.
This allows to build the first stage of the recipe succesfully.
Unfortunately, when the build of the second stage starts, it fails with:
> FATAL: While performing build: conveyor failed to get: unable to retrieve auth token: invalid username/password: unauthorized: incorrect username or password
I think because the credentials for my private registry are passed to dockerhub in the second stage.
How can I login to different registries in multi-stage builds?
Any idea about how to deal with this problem?
I found a way to accomplish what I wanted. The fact was that environment variables overrides other login modes.
So I deleted the APPTAINER_DOCKER_USERNAME and APPTAINER_DOCKER_PASSWORD environment variables and, using this method, I added the following before_script field to my .gitlab-ci.yaml:
apptainer:
stage: deploy
image:
name: kaczmarj/apptainer:1.1.3
entrypoint: [""]
tags:
- privileged
before_script:
- echo "$DOCKER_REGISTRY_TOKEN" | apptainer remote login --username <my_username> --password-stdin docker://$CI_REGISTRY
This way, both the private registry (stored in $CI_REGISTRY) and the public
one (dockerhub) are available.
I was trying to SSH to my server and pull the code and do some configuration stuff, each time code is pushed to master branch. I defined all of my repository variables used in this yaml file.
I also added ssh key, added host in the list of known hosts and fetched fingerprint.
This is my bitbucket-pipelines.yml file:
image: atlassian/default-image:2
pipelines:
branches:
master:
- step:
script:
- name: "SSH Deploy to production web"
- pipe: atlassian/ssh-run:0.2.6
variables:
SSH_USER: $SSH_USER
SERVER: $SSH_SERVER
COMMAND: $SSH_COMMAND
PORT: $SSH_PORT
The error I get is:
I checked my yml file using bitbucket validator and everything seems to be OK.
I would appreciate any help since I just started using bitbucket pipelines.
name isn't a property of script.
Refactor to be
master:
- step:
name: "SSH Deploy to production web"
script:
- pipe: atlassian/ssh-run:0.2.6
variables:
SSH_USER: $SSH_USER
SERVER: $SSH_SERVER
COMMAND: $SSH_COMMAND
PORT: $SSH_PORT
i had write a .drone.yml in my gogs git repository. but when i push the git change , drone web tell me Insufficient privileges to use privileged mode. how can i fix it?
this is my .drone.yml:
pipeline:
build:
image: test-harbor.cx580.com/centos/centos7:Beat2.0
privileged: true
commands:
- mkdir -p /data/k8s/drone/jar-db/
- \cp README.md /data/k8s/drone/jar-db/
- ls /data/k8s/drone/jar-db/
push:
image: plugins/docker
repo: test-harbor.cx580.com/centos/centos7:Beat2.0
registry: test-harbor.cx580.com
username: ci
password: '1qaz!QAZ'
tags:
- latest
i had search in google, this websize tell me Your repository isn't in the trusted list of repositories. Get in touch with Devops and ask them to trust it but ,how can i trusted the repositorie?
and i get setting in the drone web , and check the Trusted in the settings,but it also failed :
img
Set drone-server env (My repositorie is GitLab)
...
- DRONE_OPEN=false
- DRONE_ADMIN=<your gitlab username>
- DRONE_GITLAB_PRIVATE_MODE=true
...
Enable drone settings
Settings -> Trusted like this
Gitlab provides a .gitlab-ci.yml template for building and publishing images to its own registry (click "new file" in one of your project, select .gitlab-ci.yml and docker). The file looks like this and it works out of the box :)
# This file is a template, and might need editing before it works on your project.
# Official docker image.
image: docker:latest
services:
- docker:dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
build-master:
stage: build
script:
- docker build --pull -t "$CI_REGISTRY_IMAGE" .
- docker push "$CI_REGISTRY_IMAGE"
only:
- master
build:
stage: build
script:
- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
except:
- master
But by default, this will publish to gitlab's registry. How can we publish to docker hub instead?
No need to change that .gitlab-ci.yml at all, we only need to add/replace the environment variables in project's pipeline settings.
1. Find the desired registry url
Using hub.docker.com won't work, you'll get the following error:
Error response from daemon: login attempt to https://hub.docker.com/v2/ failed with status: 404 Not Found
Default docker hub registry url can be found like this:
docker info | grep Registry
Registry: https://index.docker.io/v1/
index.docker.io is what I was looking for.
2. Set the environment variables in gitlab settings
I wanted to publish gableroux/unity3d images using gitlab-ci, here's what I used in Gitlab's project > Settings > CI/CD > Variables
CI_REGISTRY_USER=gableroux
CI_REGISTRY_PASSWORD=********
CI_REGISTRY=docker.io
CI_REGISTRY_IMAGE=index.docker.io/gableroux/unity3d
CI_REGISTRY_IMAGE is important to set.
It defaults to registry.gitlab.com/<username>/<project>
regsitry url needs to be updated so use index.docker.io/<username>/<project>
Since docker hub is the default registry when using docker, you can also use <username>/<project> instead. I personally prefer when it's verbose so I kept the full registry url.
This answer should also cover other registries, just update environment variables accordingly. 🙌
To expand on the GabLeRoux's answer,
I had issues on the pushing stage of the GitLab CI build:
denied: requested access to the resource is denied
By changing my CI_REGISTRY to docker.io (remove the index.) I was able to successfully push.
I setup a simple go project and I wish to build and deploy a simple docker image to my private registry.
This is my .drone.yml:
pipeline:
build:
image: golang
commands:
- go build
docker:
image: plugins/docker
username: xxxxxxxxxxx
password: yyyyyyyyyyy
repo: docker.mycompany.it:5000/drone/test
tags: latest
debug: true
But the plugins tries to connect and authenticate to docker registry.
If you are using a custom registry you need to set the registry parameter in the plugin configuration [1]. The registry parameter is provided to the docker login command (e.g. docker login gcr.io)
Example configuration with custom registry:
pipeline:
docker:
image: plugins/docker
repo: index.company.com/foo/bar
registry: index.company.com
[1] source http://plugins.drone.io/drone-plugins/drone-docker/