Pulling Private Images with 1.0


#1

I have not had time to document this yet, so I figured I would write a quick post. If you are coming from Drone 0.8 you may be wondering how to configure credentials required to pull private images defined in your yaml, for example:

kind: pipeline
name: default

steps:
- name: build
  image: registry.company.com/my/image
  commands:
  - go build
  - go tets

In the above example, registry.company.com/my/image is a private registry and requires username and password to pull the image. To provide Drone with the credentials you need to create a secret named .dockerconfigjson, where the secret value is valid docker configuration file with your authentication credentials.

NOTE when you add the registry credentials as a secret you probably need to enable the secret for pull requests. I am pretty sure this is required, but I might be wrong. So for the moment, assume this is required.

The docker configuration file should look something like this:

{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "YW11cmRhY2E6c3VwZXJzZWNyZXRwYXNzd29yZA=="
		}
	}
}

If you are unfamiliar with this file please consult the official Docker documentation. Do not try to construct this file by hand. There is also a nice article about the config file format here: https://www.projectatomic.io/blog/2016/03/docker-credentials-store/


Option 2

The second option would be to pass this file to the agent. This will make the credentials available globally to all builds and all repositories. First you would mount the config file into your agent container:

docker run \
-v /root/.docker/config.json:/root/.docker/config.json

Then you need to pass the agent the path of the mounted file:

docker run \
-e DRONE_DOCKER_CONFIG=/root/.docker/config.json