The following configuration does not work when there are “docker_username” & “docker_password” secrets set along with the repo’s registry, having “image:” & “repo:” set to the same custom Docker registry.
But it will work only when I set “image: plugins/docker:17.10”. (Publicly accessible image at the official Docker Hub image repository).
pipeline: publish: image: custom-docker-registry.com:5010/plugins/docker:17.10 registry: custom-docker-registry.com:5010 repo: custom-docker-registry.com:5010/andrey01/testapp1 tag: latest dockerfile: Dockerfile secrets: [ docker_username, docker_password ] when: event: [push, tag]
+ /usr/local/bin/dockerd -g /var/lib/docker time="2018-02-11T21:22:55Z" level=fatal msg="Error authenticating: exit status 1"
$ drone registry ls arno/testapp1 custom-docker-registry.com:5010 Username: arno Email: $ drone repo info arno/testapp1 Owner: arno Repo: testapp1 Type: git Config: .drone.yml Visibility: private Private: true Trusted: false Gated: false Remote: https://redacted.com/arno/testapp1.git $ drone secret ls arno/testapp1 docker_username Events: push, tag, deployment Images: <any> docker_password Events: push, tag, deployment Images: <any>
docker_username & docker_password are the same as I have set for the registry.
I have also tried plugins/docker:17.12.
The following code is working fine:
pipeline: kubectl: image: custom-docker-registry.com:5010/andrey01/kubectl:1.9.1 pull: true commands: - "sh .drone.sh"
My first guess is that the “docker_username” & “docker_password” secrets set in “publish:” are somehow preventing from reading the docker username & password set in repo’s registry, breaking “image:” pulling.
- How Drone / Docker would behave when there are “docker_username” & “docker_password” secrets set along with the repo’s registry, having “image:” & “repo:” set to the same custom Docker registry.
- Do “docker_username” & “docker_password” secrets have something to do with “image:” ?
- Does “registry:” apply only to “repo:” ?
It would have been great to see in the log additional bits of information which could show the stage when auth breaks - at the image: pull or at the repo: push?