docker-registry-artifact-plugin
docker-registry-artifact-plugin copied to clipboard
gocd
The docker registry artifact plugin provides a way to push and pull docker images on GoCD
Docker Registry Artifact plugin
The docker registry artifact plugin provides a way to push and pull docker images on GoCD
Getting started
Requirements
- GoCD Server 18.7+
- Docker registry
- Docker daemon
Installation
- Download the right version of the plugin from the Releases page. The direct link to the latest released version is: https://github.com/gocd/docker-registry-artifact-plugin/releases/latest
- Copy the file
build/libs/docker-registry-artifact-plugin-VERSION.jarto the GoCD server under${GO_SERVER_DIR}/plugins/externaland restart the server. * TheGO_SERVER_DIRis usually/var/lib/go-serveron Linux andC:\Program Files\Go Serveron Windows.
Configuration
There are three levels of configuration needed in order for publishing and fetching a docker image as an artifact.
Configure the Artifact Store
-
Login to GoCD server as admin and navigate to Admin > Artifact Stores
-
Click on
Addto add the store details for the plugin.- Specify the store id
- Choose the docker registry artifact plugin
- Specify the
Docker Registry Url - Specify the
Registry Type - Specify registry details
If
Registry Typeisecr:
If
Registry Typeisother:
Artifact Store Properties
| Properties | Description | Mandatory |
|---|---|---|
RegistryType |
Can be either ecr or other |
yes |
If RegistryType is ecr:
| Properties | Description | Mandatory |
|---|---|---|
RegistryID |
ECR registry id to push and pull images | yes |
AWSRegion |
The aws region key to execute ecr get authorization token request | yes |
AWSAccessKeyId |
The aws access key id to execute ecr get authorization token request | no |
AWSSecretAccessKey |
The aws secret access key to execute ecr get authorization token request | no |
Note: If the AWSAccessKeyId and AWSSecretAccessKey are not provided, the following configurations are checked:
- Environment Variables
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY - System Properties
aws.accessKeyIdandaws.secretKey - Credential profiles file at the default location (~/.aws/credentials)
- Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable
- Instance profile credentials delivered through the Amazon EC2 metadata service
If RegistryType is other
| Properties | Description | Mandatory |
|---|---|---|
RegistryURL |
Registry to push and pull images | yes |
Username |
Username to authenticate with the docker registry. | yes |
Password |
Password to authenticate with the docker registry. | yes |
Publish artifact config
-
Navigate to the
Artifactstab under Stage > Job -
Choose artifact type
External- Specify the
artifact id. - Specify the
store idof an existing artifact store
- Specify the
-
Configure the build specific artifact details.
- Optionally specify the
ImageandTag. Usually, theTagcan be an environment variable that changes for every build. For example, theGO_PIPELINE_LABELcan be used to publish a versioned docker image. - Optionally specify the
BuildFile. Specify a json file name. The format of the file should be{"image": "name", "tag": "tag pattern"}. TheBuildFileoption can be used if theTagoption cannot be specified for the tag pattern you want to use. The generation of this json file must be handled within the GoCD job. - A private registry has to be part of the image name, like
RegistryURL/Image.
- Optionally specify the
Configure the Image in Publish Artifact Config:
Although the artifact store contains the registry url or the registry ID (in case of ECR), the image that needs to be published to the registry still needs to be tagged appropriately with the registry information. Otherwise, the docker client will be unable to push the image to the registry.
Specify the image as shown in the examples below for various container registries:
-
DockerHub:
<DOCKERHUB_USERNAME>/image -
Quay:
quay.io/<username>/image -
GCR:
gcr.io/<username>/image -
ECR:
<registry_id>.dkr.ecr.<aws_region>.amazonaws.com/image
Fetch artifact config
To pull an image from an upstream pipeline or stage, the following information is required:
-
Specify a
Pipeline Dependencymaterial if you have an upstream pipeline you want to pull the docker image. -
Navigate to
Taskstab under Stage > Job -
Add a
Fetch Artifacttask- Choose artifact origin type
External - Specify the pipeline, stage and job name.
- Specify the artifact id of the external artifact that belongs to the upstream job
- Choose artifact origin type
Troubleshooting
Enable Debug Logs
If you are on GoCD version 19.6 and above:
Edit the file wrapper-properties.conf on your GoCD server and add the following options. The location of the wrapper-properties.conf can be found in the installation documentation of the GoCD server.
# We recommend that you begin with the index `100` and increment the index for each system property
wrapper.java.additional.100=-Dplugin.cd.go.artifact.docker.registry.log.level=debug
If you're running with GoCD server 19.6 and above on docker using one of the supported GoCD server images, set the environment variable GOCD_SERVER_JVM_OPTIONS:
docker run -e "GOCD_SERVER_JVM_OPTIONS=-Dplugin.cd.go.artifact.docker.registry.log.level=debug" ...
If you are on GoCD version 19.5 and lower:
-
On Linux:
Enabling debug level logging can help you troubleshoot an issue with this plugin. To enable debug level logs, edit the file
/etc/default/go-server(for Linux) to add:export GO_SERVER_SYSTEM_PROPERTIES="$GO_SERVER_SYSTEM_PROPERTIES -Dplugin.cd.go.artifact.docker.registry.log.level=debug"If you're running the server via
./server.shscript:$ GO_SERVER_SYSTEM_PROPERTIES="-Dplugin.cd.go.artifact.docker.registry.log.level=debug" ./server.sh -
On windows:
Edit the file
config/wrapper-properties.confinside the GoCD Server installation directory (typicallyC:\Program Files\Go Server):# config/wrapper-properties.conf # since the last "wrapper.java.additional" index is 15, we use the next available index. wrapper.java.additional.16=-Dplugin.cd.go.artifact.docker.registry.log.level=debug
Building the code base
To build the jar, run ./gradlew clean test assemble
License
Copyright 2022 Thoughtworks, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
About the license and releasing your plugin under a different license
The code in this repository is licensed under the Apache 2.0 license. The license itself specifies the terms under which derivative works may be distributed (the license also defines derivative works). The Apache 2.0 license is a permissive open source license that has minimal requirements for downstream licensors/licensees to comply with.
This does not prevent your plugin from being licensed under a different license as long as you comply with the relevant clauses of the Apache 2.0 license (especially section 4). Typically, you clone this repository and keep the existing copyright notices. You are free to add your own license and copyright notice to any modifications.
This is not legal advice. Please contact your lawyers if needed.
gocd