I have my pipeline set up to a point where on promoting a build, the resulting docker images get pushed to our private registry. Now the final step is to automate the update of the running/production docker stack with these images. The manual procedure is to ssh into that machine, pull the new images and run a docker compose up -d.
Here’s what I have automated in my .drone.yml:
---
kind: pipeline
type: ssh
name: deploy
concurrency:
limit: 1
trigger:
event:
- promote
target:
- production
depends_on:
- publish
server:
host: myhost.domain
user: myuser
ssh_key:
from_secret: rsa_key
clone:
disable: true
steps:
- name: Pull and compose up
commands:
- cd /home/myuser/docker
- ./up-org.sh &
- echo "Redeploy at $(date)" >> /home/myuser/deploy.log
Now I have 2 problems:
- I’m pulling the images from a private repo, which in this case says
Error response from daemon: Head "http://nexus.xxxx.xxxx/v2/myimage/manifests/1.1.0": no basic auth credentials
This user has a .docker/config.json with the stored auth information and all pulls work if I manually ssh into that host with the same user, so I don’t understand why, if run from the ssh runner, these credentials are not used?
- finally, the docker compose up -d is run (from within up-org.sh) and the log file is properly created, but the drone step remains in running state, i.e. the entire pipeline doesn’t finish. Why is that?