1

我创建了由 CodePipeline 触发的 CodeBuild 项目,并且“docker push”步骤总是失败并显示“原因:退出状态 1”错误消息

这是我的构建日志(将我的组织 ID 替换为 <MY_ORG_ID>):

[Container] 2021/06/12 14:39:47 Entering phase INSTALL
[Container] 2021/06/12 14:39:47 Phase complete: INSTALL State: SUCCEEDED
[Container] 2021/06/12 14:39:47 Phase context status code:  Message: 
[Container] 2021/06/12 14:39:47 Entering phase PRE_BUILD
[Container] 2021/06/12 14:39:47 Running command echo Logging in to Amazon ECR...
Logging in to Amazon ECR...

[Container] 2021/06/12 14:39:47 Running command aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin <MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[Container] 2021/06/12 14:39:51 Running command docker push <MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service:latest
The push refers to repository [<MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service]
An image does not exist locally with the tag: <MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service

[Container] 2021/06/12 14:39:51 Command did not exit successfully docker push <MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service:latest exit status 1
[Container] 2021/06/12 14:39:51 Phase complete: PRE_BUILD State: FAILED
[Container] 2021/06/12 14:39:51 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: docker push <MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service:latest. Reason: exit status 1

这是我的 buildspec.yaml:

version: 0.2

env:
  git-credential-helper: yes
phases:
  pre_build:
    commands:
      - echo Logging in to Amazon ECR...
      - aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin <MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com
  build:
    commands:
     - echo Pushing Docker image <MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service:latest
    - DOCKER_REPO=<MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com
    - IMAGE_TAG=${DOCKER_REPO}/reponame/core-service:${EKS_CLUSTER_NAME}-${CODEBUILD_RESOLVED_SOURCE_VERSION}-v${CODEBUILD_BUILD_NUMBER}
    - echo Set IMAGE TAG = $IMAGE_TAG
    - docker build --build-arg NODE_ENV=production --build-arg DOCKER_REPO=${DOCKER_REPO} -t $IMAGE_TAG core-service/.
  - docker push $IMAGE_TAG

正如许多参考资料指出的那样,我已将此语句添加到附加到相应 AWS CodeBuild 服务角色的策略中,但它仍然不起作用。

{
  "Statement": [
    ### BEGIN ADDING STATEMENT HERE ###
    {
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:CompleteLayerUpload",
        "ecr:GetAuthorizationToken",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    ### END ADDING STATEMENT HERE ###
    ...
  ],
  "Version": "2012-10-17"
}

我可以手动运行这些步骤,但它总是在 CodeBuild 上给我这个错误。

拜托,如果你能帮忙,那里有类似的线程,但没有一个可以专门解释这个问题的解决方案。谢谢。

4

1 回答 1

0

从错误消息中可以看出,尝试使用此标签推送图像会引发错误:

<MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service:latest

发生这种情况是因为我的存储库中已经存在图像标签“最新”。

通过多次运行相同的 docker push 命令,我发现 CodeBuild 有时会打印完整的错误消息,有时不会。推送一个唯一的图像名称标签解决了这个问题:

<MY_ORG_ID>.dkr.ecr.eu-west-2.amazonaws.com/reponame/core-service:${CODEBUILD_RESOLVED_SOURCE_VERSION}-v${CODEBUILD_BUILD_NUMBER}

权限和身份验证一切正常。

于 2021-06-12T18:56:58.810 回答