[1.0.0-rc1] How to pull image from private registry and execute commands in it

Hello!

In drone 0.8.X i was able to pull some image and run commands in it. Like this:

pipeline:
  build:
    image: gcr.io/my-project-001/sbt:latest
    commands:
      - env | sort
    when:
      event: [push, pull_request, tag]

It just needed to have registry credentials added per repo.

How can it be achieved with 1.0.0?
https://docs.drone.io/config/pipeline/steps/ states that:

If the image is private you will need to configure registry credentials.

But how?
Tried to add:

  settings:
    username:
      from_secret: docker_username
    password:
      from_secret: docker_password

and different variations of it to no avail.

Thanks a bunch in advance!

1 Like

I’m running into the same problem, but as a service which relies on kubernetes-secrets. My env vars are populated, the settings stanza doesn’t affect my pull tho.

kind: pipeline
name: default
steps:
  - name: test
    image: clojure
    pull: always
    commands:
      - env
      - ./scripts/test.sh
    environment:
      LEIN_USERNAME:
        from_secret: aws_key_id
      LEIN_PASSPHRASE:
        from_secret: aws_secret

services:
  - name: redis
    image: quay.io/ORG/redis:3.0
    pull: always
    settings:
      username:
        from_secret: ORG_user
      password:
        from_secret: ORG_password
---
kind: secret

external_data:
  aws_key_id:
    path: drone-ORG
    name: aws_key_id_prod
  aws_secret:
    path: drone-ORG
    name: aws_secret_prod
  ORG_user:
    path: drone-ORG
    name: ORG_user
  ORG_password:
    path: drone-ORG
    name: ORG_password

With 0.8 i was able to solve my issues by just viewing code. Like with autoscaler params. But it isn’t available yet, too ;(

help me. drone.io 1.0
image: xxyyregistry.azurecr.io/ci/yelp:0.0.1
settings:
username:
from_secret: registry_username
password:
from_secret: registry_password
commands:
- ls
- detect-secrets scan
when:
event:
- push
branch:
- develop
- seguridad

THIS NO WORK!!!
my keys registry azure: registry_username, registry_password
yaml: line 54: did not find expected key

the syntax in your example is not valid. To pull a private image see the following thread How to pull private images with 1.0

for example, help me

i´m use drone.io 1.0
one step of my pipeline

image: xxyyregistry.azurecr.io/ci/yelp:0.0.1
image_pull_secrets:

  • registry_username
  • registry_password
    commands:
  • echo “start”
  • ls
  • detect-secrets scan
  • echo “the end”
    when:
    event:
  • push
    branch:
  • develop
  • seguridad

THIS NO WORK!!!
my keys registry azure: registry_username, registry_password
did not find expected key
i’m not access drone cli, only UI

the syntax in your second example does not match what was described in How to pull private images with 1.0. Also note that are expected to store a json string with credentials, not a username and password (this is also described in the link I posted).

how can i get that token for the json file? (My record is azure).
In drone version 0.8 in the UI you could register the following Registry Address, Resgistry Username, Registry Password. (Now in version 1.0 this option does not appear)
I usually access docker login_server -username registry_username -password regstry_passwod

auth value???

{
“auths”: {
https://index.docker.io/v1/”: {
“auth”: “YW11cmRhY2E6c3VwZXJzZWNyZXRwYXNzd29yZA==”
}
}
}
drone 0.8
image

You can use the docker login [registry] command on a system with docker, then check ~/.docker/config.json file for the token. docker login will prompt you for username and password.

I think perhaps there is still a misunderstanding … you should upload your json file as a secret, and then reference the named secret in image_pull_secrets. Drone expects the full json string as the secret value.

You can find the json file at ~/.docker/config.json after running docker login. I recommend running this command on a linux machine.

hi, tanks you
my step pipeline is

  • name: secretsecurity
    image: xxyyregistry.azurecr.io/ci/yelp:0.0.1
    commands:
    • ls
    • detect-secrets scan
      image_pull_secrets:
    • dockerconfigjson
      when:
      event:
    • push
      branch:
    • develop
    • release
    • master
    • seguridad
      my file json is test: dockerconfigjson

{
“auths”: {
https://xxyyregistry.azurecr.io”: {
“auth”: “cmVnaXN0cnlfdXNlcm5hbWU6cmVnaXN0cnlfcGFzc3dvcmQK”
}
}
}
Question:
What is the path where I must place my json file in drone so that I can take the changes?

Create a secret like this

Also I think image_pull_secrets needs to be outside the step definition. Put it in the bottom of the .drone.yaml file like in the linked post.

kind: pipeline
name: default

steps:
- name: build
  image: registry.company.com/my/image
  commands:
  - go build
  - go test

image_pull_secrets:
- dockerconfigjson
2 Likes

default: Error response from daemon: Get https://xxyyregistry.azurecr.io/v2/ci/yelp/manifests/0.0.1: unauthorized: authentication required

this no work

diff Create a secret / create registry secret

I can confirm it works when properly configured – we are using this internally. You can audit the source code and unit tests to learn more about how this behaves:

i’m sorry.
tank’s
its work now

in end file…
image_pull_secrets:

  • dockerconfigjson