gradle-docker
gradle-docker copied to clipboard
palantir
Document dockerPush task
I'd like to be able to use the dockerPush task to push an image that was built using the palantir docker task to a private repository (Sonatype Nexus 3).
From the docs, I can't work out how to use the dockerPush task for pushing to a private repository. Can you document how this task works, along with an example.
Thanks in advance.
All you need to do is set the remote repository in the image name. E.g., "my.private.host/foo/bar" .
On Wed, Oct 26, 2016 at 1:56 AM jonesr91 [email protected] wrote:
I'd like to be able to use the dockerPush task to push an image that was built using the palantir docker task to a private repository (Sonatype Nexus 3).
From the docs, I can't work out how to use the dockerPush task for pushing to a private repository. Can you document how this task works, along with an example.
Thanks in advance.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/palantir/gradle-docker/issues/74, or mute the thread https://github.com/notifications/unsubscribe-auth/AGOdwQfEtEmkNgwYG-MtTKsx3Qr43IEEks5q3xWmgaJpZM4Kg6nT .
typically you docker login <host>. This saves your credentials in
~/.docker/config.json or similar.
On Wed, Oct 26, 2016 at 9:15 AM jonesr91 [email protected] wrote:
How/where would I specify my login credentials?
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/palantir/gradle-docker/issues/74#issuecomment-256399454, or mute the thread https://github.com/notifications/unsubscribe-auth/AGOdwULDgv0QzkVY37k4CaA3VQXGg2bcks5q33xUgaJpZM4Kg6nT .
For my use case, I'd prefer to use the palantir plugin to do the login for me so that I'm not dependant on the login command having already been executed on against that docker installation.
On 26 Oct 2016, at 17:17, Robert Fink [email protected] wrote:
typically you
docker login <host>. This saves your credentials in~/.docker/config.jsonor similar.On Wed, Oct 26, 2016 at 9:15 AM jonesr91 [email protected] wrote:
How/where would I specify my login credentials?
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/palantir/gradle-docker/issues/74#issuecomment-256399454, or mute the thread https://github.com/notifications/unsubscribe-auth/AGOdwULDgv0QzkVY37k4CaA3VQXGg2bcks5q33xUgaJpZM4Kg6nT .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
I'm using the plugin in my jenkinsfile, like others it would be great to have a mechanism for using the plugin to do the docker login to a private repo.
Thanks for the great plugin, very useful. Damian.
the typical flow for this is to let the CI system (circle/jenkins/etc) inject credentials as environment variables. then it should be easy enough to run docker login $foo $bar as a setup step in the CI script. i don't think we need to make this plugin more complicated in order to support this flow.
The CI I'm working with isn't set up to do docker login on its own quite yet, currently working around this with e.g.
task dockerLogin {
commandLine 'docker', 'login', '--username', "${DOCKER_USERNAME}", '--password', "${DOCKER_PASSWORD}", "${DOCKER_HOSTNAME}"
}
Note that this elicits WARNING! Using --password via the CLI is insecure. Use --password-stdin.
@uschi2000 Providing a feature that many users need is exactly opposite of complicated.
The Bmuschko Docker plugin can set the auth info in a Gradle file, why the Palantir Docker plugin can't do that? Please make us easier use this plugin please.
@amendoza-navent I'm curious, if the Bmuschko Docker plugin can do what you want, why are you even looking at this plugin? I personally looked at both plugins and chose Bmuschko Docker plugin, even though it's no longer actively maintained.
@amendoza-navent I'm curious, if the Bmuschko Docker plugin can do what you want, why are you even looking at this plugin? I personally looked at both plugins and chose Bmuschko Docker plugin, even though it's no longer actively maintained.
@asarkar I started using the Palantir plugin because there is many tutorials and video tutorials using this plugin in internet and now I was avoiding to change it.
As a workaround (or actually: solution) you can use something like this:
task dockerLogin(type: Exec) {
description = 'Logs in to Docker Registry'
group = 'Docker'
commandLine "docker"
standardInput = new ByteArrayInputStream("inject-your-password-here-via-Gradle-methods".getBytes())
args "login", "--username", "inject-your-username-here-via-Gradle-methods", "--password-stdin", "your.registry.example.com"
}
description & group are just for good measure, of course.
WHAT, you can't use this grade plugin to reliably push a docker image to a remove repository, unless you are not using authentication??
What company or organization would allow you to do that exactly?
In my case:
- we build you application from CI/CD Pipeline
- we use Framework (spring/micronaut/quarkus) to build native-image or docker-images from a gradle
- we never build / test / publish on the same stage of the pipeline.
- our CI/CD runs on multiple remote agents.
- we don't use custom docker image (gradle+docker) to build your application.
- we don't share artifacts between stages of the pipeline (docker save image), immutability principle
- we don't hard-code credentials or share them in a local docker config file (big-security concern), we generate access token for the duration of the pipeline and make then available via environment variables.
So all the suggestions above will not work in our case unless you are advising to go against best practices.
I use Harbor as a cloud registry, for both docker images and helm charts. For the helm plugin i can login, why not with this plugin? XD Personally, i like this plugin compared to bmushko because i can use a dockerfile instead of gradle dsl to build but, the login, is important.
For now, I'm using this.
