[1.0.0-rc1] How to pull image from private registry and execute commands in it

yellowmegaman · November 23, 2018, 7:18pm

Hello!

In drone 0.8.X i was able to pull some image and run commands in it. Like this:

pipeline:
  build:
    image: gcr.io/my-project-001/sbt:latest
    commands:
      - env | sort
    when:
      event: [push, pull_request, tag]

It just needed to have registry credentials added per repo.

How can it be achieved with 1.0.0?
https://docs.drone.io/config/pipeline/steps/ states that:

If the image is private you will need to configure registry credentials.

But how?
Tried to add:

  settings:
    username:
      from_secret: docker_username
    password:
      from_secret: docker_password

and different variations of it to no avail.

Thanks a bunch in advance!

flah00 · November 29, 2018, 8:42pm

I’m running into the same problem, but as a service which relies on kubernetes-secrets. My env vars are populated, the settings stanza doesn’t affect my pull tho.

kind: pipeline
name: default
steps:
  - name: test
    image: clojure
    pull: always
    commands:
      - env
      - ./scripts/test.sh
    environment:
      LEIN_USERNAME:
        from_secret: aws_key_id
      LEIN_PASSPHRASE:
        from_secret: aws_secret

services:
  - name: redis
    image: quay.io/ORG/redis:3.0
    pull: always
    settings:
      username:
        from_secret: ORG_user
      password:
        from_secret: ORG_password
---
kind: secret

external_data:
  aws_key_id:
    path: drone-ORG
    name: aws_key_id_prod
  aws_secret:
    path: drone-ORG
    name: aws_secret_prod
  ORG_user:
    path: drone-ORG
    name: ORG_user
  ORG_password:
    path: drone-ORG
    name: ORG_password

yellowmegaman · November 29, 2018, 9:05pm

With 0.8 i was able to solve my issues by just viewing code. Like with autoscaler params. But it isn’t available yet, too ;(

asdrubalos · March 26, 2019, 3:31pm

help me. drone.io 1.0
image: xxyyregistry.azurecr.io/ci/yelp:0.0.1
settings:
username:
from_secret: registry_username
password:
from_secret: registry_password
commands:
- ls
- detect-secrets scan
when:
event:
- push
branch:
- develop
- seguridad

THIS NO WORK!!!
my keys registry azure: registry_username, registry_password
yaml: line 54: did not find expected key

bradrydzewski · March 26, 2019, 3:33pm

the syntax in your example is not valid. To pull a private image see the following thread How to pull private images with 1.0

asdrubalos · March 26, 2019, 3:51pm

for example, help me

i´m use drone.io 1.0
one step of my pipeline

image: xxyyregistry.azurecr.io/ci/yelp:0.0.1
image_pull_secrets:

registry_username
registry_password
commands:
echo “start”
ls
detect-secrets scan
echo “the end”
when:
event:
push
branch:
develop
seguridad

THIS NO WORK!!!
my keys registry azure: registry_username, registry_password
did not find expected key
i’m not access drone cli, only UI

bradrydzewski · March 26, 2019, 3:53pm

the syntax in your second example does not match what was described in How to pull private images with 1.0. Also note that are expected to store a json string with credentials, not a username and password (this is also described in the link I posted).

asdrubalos · March 26, 2019, 5:36pm

how can i get that token for the json file? (My record is azure).
In drone version 0.8 in the UI you could register the following Registry Address, Resgistry Username, Registry Password. (Now in version 1.0 this option does not appear)
I usually access docker login_server -username registry_username -password regstry_passwod

auth value???

{
“auths”: {
“https://index.docker.io/v1/”: {
“auth”: “YW11cmRhY2E6c3VwZXJzZWNyZXRwYXNzd29yZA==”
}
}
}
drone 0.8

orhanhenrik · March 26, 2019, 6:05pm

You can use the docker login [registry] command on a system with docker, then check ~/.docker/config.json file for the token. docker login will prompt you for username and password.

bradrydzewski · March 26, 2019, 6:08pm

I think perhaps there is still a misunderstanding … you should upload your json file as a secret, and then reference the named secret in image_pull_secrets. Drone expects the full json string as the secret value.

You can find the json file at ~/.docker/config.json after running docker login. I recommend running this command on a linux machine.

asdrubalos · March 26, 2019, 6:23pm

hi, tanks you
my step pipeline is

name: secretsecurity
image: xxyyregistry.azurecr.io/ci/yelp:0.0.1
commands:
- ls
- detect-secrets scan
  image_pull_secrets:
- dockerconfigjson
  when:
  event:
- push
  branch:
- develop
- release
- master
- seguridad
  my file json is test: dockerconfigjson

{
“auths”: {
“https://xxyyregistry.azurecr.io”: {
“auth”: “cmVnaXN0cnlfdXNlcm5hbWU6cmVnaXN0cnlfcGFzc3dvcmQK”
}
}
}
Question:
What is the path where I must place my json file in drone so that I can take the changes?

orhanhenrik · March 26, 2019, 6:31pm

Create a secret like this

Also I think image_pull_secrets needs to be outside the step definition. Put it in the bottom of the .drone.yaml file like in the linked post.

kind: pipeline
name: default

steps:
- name: build
  image: registry.company.com/my/image
  commands:
  - go build
  - go test

image_pull_secrets:
- dockerconfigjson

asdrubalos · March 26, 2019, 8:20pm

default: Error response from daemon: Get https://xxyyregistry.azurecr.io/v2/ci/yelp/manifests/0.0.1: unauthorized: authentication required

asdrubalos · March 26, 2019, 9:05pm

this no work

diff Create a secret / create registry secret

bradrydzewski · March 26, 2019, 9:21pm

I can confirm it works when properly configured – we are using this internally. You can audit the source code and unit tests to learn more about how this behaves:

asdrubalos · March 27, 2019, 1:31am

i’m sorry.
tank’s
its work now

in end file…
image_pull_secrets:

dockerconfigjson