Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Jenkins Amazon ECR: no basic auth credentials

I'm not able to push ocker images to Amazon ECR with Jenkins Pipeline: I always get no basic auth credentials :-(

Here is my setup:

  • Jenkins 2.46.2
  • Amazon ECR plugin 1.4
  • I've added AWS credentials aws-jenkins to Jenkins (tested locally and successfully pushed to AWS ECR)
  • I've printed /root/.dockercfg to debug auth in my Jenkinsfile

Jenkinsfile:

stage("Docker") {
  dir(path) {
    docker.build("my-image:latest")
  }
  docker.withRegistry("https://<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com", "ecr:eu-central-1:aws-jenkins") {
    sh "cat /root/.dockercfg" // debug
    docker.image("my-image:latest").push()
  }
}

Logs:

[Pipeline] withDockerRegistry
Wrote authentication to /root/.dockercfg
[Pipeline] {
[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ cat /root/.dockercfg
{"https://<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com": {
  "auth": "[...]",
  "email": "[email protected]"
}}[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ docker tag --force=true my-image:latest <my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image:latest
Warning: '--force' is deprecated, it will be removed soon. See usage.
[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ docker push <my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image:latest
The push refers to a repository [<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image]
e30bf54e0f87: Preparing
b9f2c30c0d28: Preparing
5defc95691fd: Preparing
295d6a056bfd: Preparing
no basic auth credentials
[Pipeline] }
[Pipeline] // withDockerRegistry

Any ideas?

UPDATE (2017-05-23):
Here is the Jira issue: https://issues.jenkins-ci.org/browse/JENKINS-44143

like image 831
Cedric Thiebault Avatar asked May 02 '17 08:05

Cedric Thiebault


1 Answers

Even that it seems logical that docker.withRegistry will perform a login to ECR at start and logout when done, it is not performed. Therefor you must install awscli and add ECR login command before you perform the push.

sh("eval \$(aws ecr get-login --no-include-email | sed 's|https://||')")

See http://www.tikalk.com/devops/ecr-in-pipeline/ for detailed example.

like image 167
yorammi Avatar answered Oct 30 '22 22:10

yorammi