I’m trying to use the
drone-docker plugin to push to an AWS ECR registry. There used to be a
drone-ecr plugin I see, but its readme indicates that it was merged into the normal
drone-docker plugin, and if I look in
drone-docker I can see that there is a
What I’m unclear on is how to direct
drone-docker to use this ecr command.
We merged the ECR and GCR plugins into the same repository as the Docker plugin, however, we still publish separate images for each. The instructions here are still valid http://plugins.drone.io/drone-plugins/drone-ecr/
Gotcha. When I do:
I see in the drone output that it’s tagging an image:
which seems off.
Notably, I’m running this on our staging AWS account, which does have push access to the production account ECR repositories.
What can I do to prevent it from prepending the staging information to the front of the repo?
If the repo name does not include the registry prefix, it is prepended. This would lead me to believe there is a typo or mismatch. You can see the relevant code here: https://github.com/drone-plugins/drone-docker/blob/master/cmd/drone-docker-ecr/main.go#L53:L55
I recommend tracing through the code which should help you work through any additional difficulties with configuration.
It sort of looks like it’s overriding the provided registry with one it grabs from an ECR API call: https://github.com/drone-plugins/drone-docker/blob/master/cmd/drone-docker-ecr/main.go#L48
This would explain how it gets the staging account registry URL, since that string never appears in my drone yml. In fact it doesn’t look like the
registry option from the drone yml is used at all.
I wonder if I could use the ordinary
drone-docker plugin with credentials from secrets, and then have a pipeline phase that runs prior which sets those secrets via an AWS API call. Alternatively I’ll just fork
drone-docker-ecr to not clobber the registry.
You could alternatively submit a patch to check and see if the registry address contains
dkr.ecr.us-east-1.amazonaws.com instead of
HasPrefix. I presume this would not break the existing functionality, while handling your use case.