drone-docker icon indicating copy to clipboard operation
drone-docker copied to clipboard
verified publisher icon drone-plugins

base image connector for vm

Open Aishwarya-Lad opened this issue 1 year ago • 3 comments

Adding provision to allow the base image to be pulled from a private docker registry. The screen shots show pulling from private repo - docker.io/**************/test-private:1.0.1

Screenshot 2024-06-18 at 12 47 00 AM Screenshot 2024-06-18 at 12 46 49 AM

Aishwarya-Lad avatar Jun 17 '24 21:06 Aishwarya-Lad

We have the existing DOCKER_PLUGIN_CONFIG options which allows you to pass the contents of a dockerconfig.json with auth credentials. It is more flexible than providing base credentials because you can provide multiple credentials, in the event that you have multiple base images in multiple registries. https://github.com/drone-plugins/drone-docker/blob/master/cmd/drone-docker/main.go#L233C13-L233C26

We should be able to use the existing DOCKER_PLUGIN_CONFIG option instead of adding new parameters, given it is much more flexible. I recommend we close this pull request and use DOCKER_PLUGIN_CONFIG

cc @jimsheldon if you have additional questions

Creating a new ticket to track the infras separataely. Right now K8 changes have been merged, but buildx needs rescoping.

I saw the above message in Jira. Note that buildx is a separate plugins stored in this repository: https://github.com/drone-plugins/drone-buildx

However, the DOCKER_PLUGIN_CONFIG should also be used with the buildx plugin so I would expect adding new parameters to be un-necessary, although it might require additional testing.

bradrydzewski avatar Jun 17 '24 23:06 bradrydzewski

@bradrydzewski the reason we decided with this approach was because, docker would not support login to 2 private repositories that have same registry url. So we decided with docker login PLUGIN_DOCKER_REGISTRY -> build image -> docker login PLUGIN_REGISTRY. If we were to pass the DOCKER_PLUGIN_CONFIG, we might still need to use PLUGIN_DOCKER_REGISTRY.

https://github.com/moby/moby/issues/37569

cc. jamie-harness

Aishwarya-Lad avatar Jun 18 '24 04:06 Aishwarya-Lad

We have the existing DOCKER_PLUGIN_CONFIG options which allows you to pass the contents of a dockerconfig.json with auth credentials. It is more flexible than providing base credentials because you can provide multiple credentials, in the event that you have multiple base images in multiple registries. https://github.com/drone-plugins/drone-docker/blob/master/cmd/drone-docker/main.go#L233C13-L233C26

We should be able to use the existing DOCKER_PLUGIN_CONFIG option instead of adding new parameters, given it is much more flexible. I recommend we close this pull request and use DOCKER_PLUGIN_CONFIG

@bradrydzewski as confirmed in the slack thread, we are moving ahead with the approach of writing config.json in drone plugins from variables PLUGIN_DOCKER_USERNAME , PLUGIN_DOCKER_PASSWORD and PLUGIN_DOCKER_REGISTRY instead of passing DOCKER_PLUGIN_CONFIG from CI side. It is not straightforward to decrypt the secrets with out current setup, as mentioned in detail in the slack thread.

Aishwarya-Lad avatar Jun 21 '24 22:06 Aishwarya-Lad