使用Gradle插件将docker镜像推送到ECR
我正在使用gradle-docker-plugin构buildDocker镜像并将其推送到Amazon的ECR。 为此,我也使用在EC2实例上运行的远程docker守护进程。 我已经使用aws-java-sdk-ecr
库configuration了一个自定义任务EcrLoginTask
来获取ECR授权令牌。 相关代码如下所示:
class EcrLoginTask extends DefaultTask { String accessKey String secretCode String region String registryId @TaskAction String getPassword() { AmazonECR ecrClient = AmazonECRClient.builder() .withRegion(Regions.fromName(region)) .withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretCode))).build() GetAuthorizationTokenResult authorizationToken = ecrClient.getAuthorizationToken( new GetAuthorizationTokenRequest().withRegistryIds(registryId)) String token = authorizationToken.getAuthorizationData().get(0).getAuthorizationToken() System.setProperty("DOCKER_PASS", token) // Will this work ? return token } } buildscript { repositories { mavenCentral() } dependencies { classpath 'com.amazonaws:aws-java-sdk-ecr:1.11.244' classpath 'com.bmuschko:gradle-docker-plugin:3.2.1' } } docker { url = "tcp://remote-docker-host:2375" registryCredentials { username = 'AWS' password = System.getProperty("DOCKER_PASS") // Need to provide at runtime !!! url = 'https://123456789123.dkr.ecr.eu-west-1.amazonaws.com' } } task getECRPassword(type: EcrLoginTask) { accessKey AWS_KEY secretCode AWS_SECRET region AWS_REGION registryId '139539380579' } task dbuild(type: DockerBuildImage) { dependsOn build inputDir = file(".") tag "139539380579.dkr.ecr.eu-west-1.amazonaws.com/n6duplicator" } task dpush(type: DockerPushImage) { dependsOn dbuild, getECRPassword imageName "123456789123.dkr.ecr.eu-west-1.amazonaws.com/n6duplicator" }
远程docker连接工作正常,ECR令牌也被成功获取,并且dbuild
任务也被成功执行。
问题
dpush
任务失败 – “无法推送图像:没有基本的身份validation凭据”
我相信这是因为使用EcrLoginTask
接收的授权令牌没有被传递到EcrLoginTask
configuration闭包password
属性中。
我如何解决它 ? 每次构build执行时,我都需要提供凭据。