如何传递 jenkins 的凭据以将 docker 映像推送到我自己的注册表? [英] How to pass credentials for jenkins to push a docker image to my own registry?

问题描述

JHipster 现在使用 maven-jib-plugin.在此之前，我在 docker-container 中运行的 jenkins 服务器能够使用 *.war 文件构建 docker 映像，并使用Jenkinsfile"(对于 gradle，但我切换了)通过管道将其推送到我自己的 docker-registry现在到 Maven)，在作业完成后，另一个作业通过使用 ssh 在远程主机上执行 shell 脚本，将新构建的 docker-image 拉入我服务器上的新 docker-container.

JHipster now uses the maven-jib-plugin. Before that, my jenkins server running in a docker-container was able to build a docker image with the *.war-file and push it to my own docker-registry with a pipeline using a 'Jenkinsfile' (for gradle, but I switched to Maven now), and after job completion another job pulled the newly build docker-image into a new docker-container on my server by executing shell scripts on the remote host using ssh.

此任务的阶段是:

    def dockerImage
    stage('build docker') {
        sh "cp -Rvvv src/main/docker build/"
        sh "cp -vvv build/libs/*.war build/docker/"
        dockerImage = docker.build("$IMAGE_NAME:$IMAGE_TAG", "build/docker")
    }

    stage('publish docker') {
        docker.withRegistry("$REGISTRY_URL", "$REGISTRY_USER") {
            dockerImage.push "$IMAGE_TAG"
        }
    }

    stage('Remove Unused docker image') {
        sh "docker rmi $IMAGE_NAME:$IMAGE_TAG"
    }

据我所知，使用 jib 使其变得更容易，并且 Jenkinsfile 中的相关部分由 $ jhipster ci-cd 生成它归结为

Now as far as I can understand with jib making it easier and the relevant section in the Jenkinsfile produced with $ jhipster ci-cd it comes down to

    def dockerImage
    stage('publish docker') {
        sh "./mvnw -ntp jib:build -Dimage=$REGISTRY/$IMAGE_NAME:$IMAGE_TAG  -Djib.to.auth.username=$REGISTRY_USER"
    }

不幸的是，jib 似乎不再使用给定 $REGISTRY_USER 的 docker-registry 用户登录凭据，这些凭据与以前一样保存在 Jenkins 的凭据"部分中在 Jenkins 中运行的 docker 守护进程.

Unfortunately jib seems not to be using the credentials for the docker-registry user-login of the given $REGISTRY_USER any more which are saved in the Jenkins' 'credentials'-section as before with the docker daemon running in Jenkins.

我如何告诉 jenkins 管道中的 jib-plugin 使用存储在我的 jenkins 帐户中的 docker-registry-login 凭据，我认为这是/是一个安全的解决方案?我不希望在每个客户端或 github 上处理凭据(尤其是密码).

How can I tell the jib-plugin in the jenkins pipeline to use the credentials for the docker-registry-login which are stored in my jenkins account, which I thought was/is a secure solution? I don't want the credentials - especially the password - to be handled on every client nor on github.

推荐答案

通过环境变量提供凭据的一种方法是按以下方式使用 withCredentials()，如 这条评论.

One way to provide credentials through environment variables is to use withCredentials() in the following way, as hinted in this comment.

    def dockerImage
    stage('publish docker') {
        withCredentials([usernamePassword(credentialsId: 'myregistry-login', passwordVariable: 'DOCKER_REGISTRY_PWD', usernameVariable: 'DOCKER_REGISTRY_USER')]) {
            // assumes Jib is configured to use the environment variables
            sh "./mvnw -ntp jib:build"
        }
    }

这篇关于如何传递 jenkins 的凭据以将 docker 映像推送到我自己的注册表?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！