nx-tools
nx-tools copied to clipboard
Published
20 hours ago •
gperdomor
gperdomor
(nx-tools/container) Only push to specified image repositories
I'm trying to push my built images to a private container repository. The action keeps failing because it attempts to push to a docker.io registry in addition to my AWS ECR. I don't have a docker.io repo and do not wish to create one. I only want to push to my AWS ECR. Here's the relevant part from my Nx project.json
"container": {
"executor": "@nx-tools/nx-container:build",
"dependsOn": [
"@my-project/source:ecr-login" // this is a root target that logs in to AWS ECR, it works fine.
],
"options": {
"engine": "docker",
"push": true,
"metadata": {
"images": [
"my-project/my-app", // I tried just using "my-app", but it still attempts to push to docker.io
"$AWS_CONTAINER_IMAGE_REGISTRY/my-project/my-app"
],
"load": true,
"tags": [
"latest",
"type=schedule",
"type=ref,event=branch",
"type=ref,event=tag",
"type=ref,event=pr",
"type=semver,pattern={{version}}",
"type=semver,pattern={{major}}.{{minor}}",
"type=semver,pattern={{major}}",
"type=sha,prefix=sha-"
]
}
}
}
The task fails when attempting to push to docker.io (but I don't want it to push there). Here's some of the console output:
#19 exporting to image
#19 exporting layers done
#19 writing image sha256:3a77a93b...be25fcfd959f
#19 writing image sha256:3a77a93b...be25fcfd959f 0.1s done
#19 naming to docker.io/my-project/my-app:master
#19 naming to docker.io/my-project/my-app:master 0.1s done
#19 naming to docker.io/my-project/my-app:latest 0.1s done
#19 naming to docker.io/my-project/my-app:sha-e2ed498
#19 naming to docker.io/my-project/my-app:sha-e2ed498 0.1s done
#19 naming to 39...23.dkr.ecr.us-west-2.amazonaws.com/my-project/my-app:master
#19 naming to 39...23.dkr.ecr.us-west-2.amazonaws.com/my-project/my-app:master 0.1s done
#19 naming to 39...23.dkr.ecr.us-west-2.amazonaws.com/my-project/my-app:latest
#19 naming to 39...23.dkr.ecr.us-west-2.amazonaws.com/my-project/my-app:latest 0.1s done
#19 naming to 39...23.dkr.ecr.us-west-2.amazonaws.com/my-project/my-app:sha-e2ed498
#19 naming to 39...23.dkr.ecr.us-west-2.amazonaws.com/my-project/my-app:sha-e2ed498 0.2s done
#19 DONE 0.9s
#20 pushing my-project/my-app:master with docker
#20 pushing layer 93...d7
#20 pushing layer d1...cc
#20 pushing layer 64...60
#20 pushing layer 4c...71
#20 pushing layer 8a...7e
#20 pushing layer 7c...9d 0.0s
#20 pushing layer d4...3a 0.0s
#20 pushing layer 93...d7 1.7s done
#20 pushing layer d1...cc 1.7s done
#20 pushing layer 64...60 1.7s done
#20 pushing layer 4c...71 1.7s done
#20 pushing layer 8a...7e 1.7s done
#20 pushing layer 7c...9d 1.7s done
#20 pushing layer d4...3a 1.7s done
#20 ERROR: denied: requested access to the resource is denied
------
> pushing my-project/my-app:master with docker:
------
ERROR: denied: requested access to the resource is denied
If I omit the base image name, the task properly pushes to my AWS ECR, but I no longer have the simple name available in my Docker Desktop (i.e. the image name is prefixed with the AWS ECR URL):
"container": {
"executor": "@nx-tools/nx-container:build",
"dependsOn": [
"@my-project/source:ecr-login" // this is a root target that logs in to AWS ECR, it works fine.
],
"options": {
"engine": "docker",
"push": true,
"metadata": {
"images": [
"$AWS_CONTAINER_IMAGE_REGISTRY/my-project/my-app"
],
"load": true,
"tags": [
"latest",
"type=schedule",
"type=ref,event=branch",
"type=ref,event=tag",
"type=ref,event=pr",
"type=semver,pattern={{version}}",
"type=semver,pattern={{major}}.{{minor}}",
"type=semver,pattern={{major}}",
"type=sha,prefix=sha-"
]
}
}
}
Is there any way to skip attempting to push to docker.io?
