Ssh runner remains in running state and doesn't use .docker/config.json on image pulls

I have my pipeline set up to a point where on promoting a build, the resulting docker images get pushed to our private registry. Now the final step is to automate the update of the running/production docker stack with these images. The manual procedure is to ssh into that machine, pull the new images and run a docker compose up -d.

Here’s what I have automated in my .drone.yml:

kind: pipeline
type: ssh
name: deploy
  limit: 1

  - promote
  - production

  - publish
  host: myhost.domain
  user: myuser
    from_secret: rsa_key  

  disable: true
  - name: Pull and compose up
      - cd /home/myuser/docker
      - ./ &
      - echo "Redeploy at $(date)" >> /home/myuser/deploy.log

Now I have 2 problems:

  • I’m pulling the images from a private repo, which in this case says
Error response from daemon: Head "http://nexus.xxxx.xxxx/v2/myimage/manifests/1.1.0": no basic auth credentials

This user has a .docker/config.json with the stored auth information and all pulls work if I manually ssh into that host with the same user, so I don’t understand why, if run from the ssh runner, these credentials are not used?

  • finally, the docker compose up -d is run (from within and the log file is properly created, but the drone step remains in running state, i.e. the entire pipeline doesn’t finish. Why is that?