8

我无法使用 Jenkins Pipeline 将 ocker 图像推送到 Amazon ECR:我总是得到no basic auth credentials:-(

这是我的设置:

  • 詹金斯 2.46.2
  • 亚马逊 ECR 插件 1.4
  • 我已将 AWS 凭证添加aws-jenkins到 Jenkins(在本地测试并成功推送到 AWS ECR)
  • 我已经打印/root/.dockercfg在我的调试身份验证Jenkinsfile

詹金斯文件:

stage("Docker") {
  dir(path) {
    docker.build("my-image:latest")
  }
  docker.withRegistry("https://<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com", "ecr:eu-central-1:aws-jenkins") {
    sh "cat /root/.dockercfg" // debug
    docker.image("my-image:latest").push()
  }
}

日志:

[Pipeline] withDockerRegistry
Wrote authentication to /root/.dockercfg
[Pipeline] {
[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ cat /root/.dockercfg
{"https://<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com": {
  "auth": "[...]",
  "email": "nobody@example.com"
}}[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ docker tag --force=true my-image:latest <my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image:latest
Warning: '--force' is deprecated, it will be removed soon. See usage.
[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ docker push <my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image:latest
The push refers to a repository [<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image]
e30bf54e0f87: Preparing
b9f2c30c0d28: Preparing
5defc95691fd: Preparing
295d6a056bfd: Preparing
no basic auth credentials
[Pipeline] }
[Pipeline] // withDockerRegistry

有任何想法吗?

更新(2017-05-23):
这是 Jira 问题: https ://issues.jenkins-ci.org/browse/JENKINS-44143

4

2 回答 2

3

即使 docker.withRegistry 将在启动时登录到 ECR 并在完成后注销似乎是合乎逻辑的,但它并没有执行。因此,您必须在执行推送之前安装awscli并添加 ECR 登录命令。

sh("eval \$(aws ecr get-login --no-include-email | sed 's| https://|| ')")

有关详细示例,请参见http://www.tikalk.com/devops/ecr-in-pipeline/

于 2017-07-14T11:54:22.627 回答
0

只需从本地 PC 或云服务器中删除或重命名$HOME/.docker/config.json文件。它将解决没有基本身份验证凭据的问题。

在终端中执行以下步骤:

mv $HOME/.docker/config.json $HOME/.docker/config.json.backup
于 2020-01-27T10:24:12.010 回答