I have builds with private registry pulls working perfectly well with secrets through the UI. I’m trying to get drone exec to work from command line. I feel like I’ve missed something obvious but meh. I’ve read the v1.0 faq and worked through that. I’m working with drone v1.1
# --trusted would be superfluous in this case
sudo drone exec --secret-file /home/<user>/.drone_secrets/project.env
usually we recommend running docker pull manually to pull images you require, instead of having drone do this. we recommend adding pull: if-not-exists when running locally so that Drone does not try to pull images that already existing in your local cache.
I ended up writing a script to make exec work. just posting here since it might help someone.
cp .drone.yml .drone.yml.bak
# These env variables are missing in exec for some reason. Need to emulate here
echo -n "DRONE_COMMIT_SHA=" > /tmp/drone_exec.env
echo `git rev-parse HEAD` >> /tmp/drone_exec.env
echo -n "DRONE_SOURCE_BRANCH=" >> /tmp/drone_exec.env
echo `git rev-parse --abbrev-ref HEAD` >> /tmp/drone_exec.env
# Drone currently has some problems connecting to a private registry through "exec".
# So, we just brute force this (exec is rarely needed locally)
# Use local images if available
sed -i 's/pull\: always/pull\: if-not-exists/g' .drone.yml
docker pull my.private.registry/my_image
drone exec --trusted --env-file /tmp/drone_exec.env $@
mv .drone.yml.bak .drone.yml