Drone

Pulling private images not working in OSS version

Pulling private images is done by specifying a secret for Drone to use.

This is confirmed to work with encrypted secrets which are the only kind of secrets available in the OSS version.

I cannot get the functionality to work though. We’re running Drone v1.8.1 OSS. I’m not sure, but it seems that the embedded runner passes secrets to the registry which are constructed from no-op interfaces.


Support told me that the relevant code could be found here but as you see from the log snippet, messages from that module are not logged


As I said, not sure, but I think that:

  • Starting from this line the manager initializes secrets.
  • And here and here are the implementations of the secret interfaces of the OSS version
  • So it looks like the encrypted secrets from the manifest are not used as registry secrets.

drone.yml

---
kind: pipeline
type: docker
name: Default

image_pull_secrets:
  - pull_docker_config

steps:

  - name: pull-private
    image: xxx

  - name: docker 
    image: plugins/docker
    settings:
      repo: xxx
      registry: xxx
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
---
kind: secret
name: pull_docker_config
data: xxx
---
kind: secret
name: docker_username
data: xxx
---
kind: secret
name: docker_password
data: xxx
---
kind: signature
hmac: xxx

...

Log snippet

{"level":"trace","msg":"registry: database: cannot find secret","name":"pull_docker_config","time":"2020-07-01T04:53:45Z"}
{"level":"trace","msg":"registry: no registry credentials loaded","time":"2020-07-01T04:53:45Z"}
{"level":"trace","msg":"registry: no registry credentials loaded","time":"2020-07-01T04:53:45Z"}
{"level":"trace","msg":"registry: database: find secret","name":"pull_docker_config","time":"2020-07-01T04:53:45Z"}

I sent a PR which has a fix/workaround for this bug: https://github.com/drone/drone/pull/3007