-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ECR credential provider #5
Conversation
An easier way to test this I think would be to adjust the drone pipeline to push a git-hash image to our registry. Then we can use the |
It was already doing this but only for pushes to |
Dockerfile
Outdated
ENV HOME=/buildah | ||
RUN mkdir -m 777 -p $HOME/.docker | ||
RUN chown -R app $HOME |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to manage HOME and these permissions would be bad anyway.
/home/build already exists for the build user and /home/app exists for the app user so just consume the default home of whichever user we settle on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh thanks, I didn't bother looking at the upstream quay.io/buildah/stable
Containerfile till now. Good catch.
Updated to use USER build
because it seems the reference image already sets up all the necessary permissions subuid, subgid for that user so we don't need to repeat for another user.
Adds the
amazon-ecr-credential-helper
to the container image.ECR
access-key
andsecret-key
will be set as environment variables, and the credential helper will do the work when executing any buildah command.buildah login
is not needed.Testing
I spun up minikube to have a working registry.example.com
The seccomp.json is from here and is needed for docker because of this
Alternatively, testing with podman, you don't need seccomp.json
I'll post more details on how to test in slack