So, it’s kinda odd. I tried running:
gcloud docker -- push my_image
and it works. But when using plugins/gcr, setting the keys and all and even be able to successfully run:
docker login -u _json_key -p $(cat key.json)
I get an error at the end of the build of:
denied: Unable to access the repository, please check that you have permission to access it.
Maybe the plugins/gcr should use gcloud instead.
denied: Unable to access the repository, please check that you have permission to access it.
This indicates you have not configured your secrets correctly. Please see:
And if you are still having difficulty please provide all items requested here:
http://docs.drone.io/secrets-not-working/#still-having-trouble
Maybe the plugins/gcr should use gcloud instead.
I believe we will discover this to be a configuration / usage issue. I do not expect any technical design changes to the plugin will be required.
@bradrydzewski I’m not sure though, because when I ran
docker push gcr.io/project-id/image:tag
I got the same error.
But here’s the output from the commands you specified:
9:42:59 › drone secret ls <redacted>/<redacted>
gcr_creds_container_builder_key_id
Events: push, tag, deployment
Images: plugins/gcr
gcr_creds_container_builder_service_account_id
Events: push, tag, deployment
Images: plugins/gcr
gcr_creds_container_builder_private_key_file
Events: push, tag, deployment
Images: plugins/gcr
gcr_creds_container_builder_private_key_base64
Events: push, tag, deployment
Images: plugins/gcr
9:43:04 › drone repo info <redacted>/<redacted>
Owner: <redacted>
Repo: <redacted>
Type: git
Config: .drone.yml
Visibility: private
Private: true
Trusted: true
Gated: false
Remote: https://github.com/<redacted>/<redacted>.git
9:43:15 › drone build info <redacted>/<redacted> 246
Number: 246
Status: failure
Event: push
Commit: <redacted>
Branch: dev
Ref: refs/heads/dev
Message: debug config - created an actual API key for the service account
Author: <redacted>Need to see the yaml file as well.
build_image_dev_1:
group: build_image
image: plugins/gcr
registry: us.gcr.io
dockerfile: dev.Dockerfile
tag: dev
repo: <redacted>/<redacted>
secrets:
- source: gcr_creds_container_builder_private_key_base64
target: token
when:
branch: dev
build_image_dev_2:
group: build_image
image: plugins/gcr
registry: us.gcr.io
dockerfile: dev.Dockerfile
tag: dev
repo: <redacted>/<redacted>
secrets:
- source: gcr_creds_container_builder_private_key_base64
target: google_credentials
when:
branch: devActually, now, I tried adding a registry and using a custom repo and got this error:
Error response from daemon: pull access denied for us.gcr.io/<redacted>/gcrbuilder, repository does not exist or may require 'docker login'
I guess it’s related?
I just tested the latest version of the plugin and I was unable to reproduce any issues. This is my yaml configuration:
pipeline:
build:
image: plugins/gcr
pull: true
registry: gcr.io
secrets: [ token ]
repo: gcr.io/drone-1191/foo
I created a service account in google here with proper access to publish images. I added the token to drone via the user interface. It is a plain text, json value (I did not base64 encode).
I ran the build and everything worked as expected:
As I am unable to reproduce, and I have many enterprise clients using this plugin in production, I do not believe there is much more I can do to assist here.
I recommend double checking your service account permissions and your drone configuration. I then recommend downloading and running the plugin locally from the command line, as described in the README, and digging into the code if you continue to experience issues.
Thanks.
This may be out of scope, but what exactly is proper publish image? Because even doing this through google-sdk I’m still getting the same issue.
But I think it’s kinda working now. The tutorial was kinda odd because it said to base64 encode it that’s why I was doing it that way.
