maven 无法将Jib生成的Docker映像从Gitlab作业推送到ECR

hwamh0ep  于 2023-03-01  发布在  Maven
关注(0)|答案(1)|浏览(221)

当在我的CI中构建项目时,我目前遇到了将Jib生成的Docker映像推送到ECR的问题。
在本地一切正常,命令mvn clean install -DskipTests -Pdocker,构建对应于应用程序的映像并将其推送到ECR。凭据由amazon-ecr-credential-helper管理,docker守护进程在本地可用,一切都像一个魅力。
Jib插件的配置包含以下配置:

<executions>
    <execution>
        <id>install</id>
        <phase>install</phase>
        <goals>
            <goal>build</goal>
        </goals>
    </execution>
</executions>

在.gitlab.yml中使用以下配置:

build backend:
image: maven:3.8.6-amazoncorretto-17
stage: build
tags:
- runner-docker
script:
- cd backend
- mvn clean install -DskipTests -Pdocker

代码已编译,但显示以下错误消息:

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:3.3.0:build (package) on project standalone: Build image failed, perhaps you should make sure your credentials for '123456.ecr.eu-west-1.amazonaws.com/my-project/backend' are set up correctly. See https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#what-should-i-do-when-the-registry-responds-with-unauthorized for help: Unauthorized for 123456.ecr.eu-west-1.amazonaws.com/my-project/backend: 401 Unauthorized -> [Help 1]
Jib cannot connect to ECR because no credential is specified.

将作业配置脚本更新为以下内容没有帮助:

mvn clean install -DskipTests -Pdocker \
-Djib.to.auth.username=$AWS_SECRET_KEY \
-Djib.to.auth.password=$AWS_SECRET_PASSWORD

关于如何从构建作业直接推送到ECR,有什么建议吗?我试过在托管Gitlab runner的VM上安装amazon-ecr-credential-helper,但没有成功。我也试过在runner本身的容器中安装,结果相同。
凭据存储在Gitlab中,我更愿意将它们保存在那里,而不是到处传播。

wfypjpf4

wfypjpf41#

我已经设法使用以下代码推送到ECR:

aws --version
aws configure set region eu-west-1
aws configure set aws_access_key_id $AWS_GITLAB_DEPLOYER_ACCESS_KEY_ID
aws configure set aws_secret_access_key $AWS_GITLAB_DEPLOYER_SECRET_ACCESS_KEY

mvn -DskipTests \
    -Pdocker \
    -Djib.to.auth.username=AWS \
    -Djib.to.auth.password=$(aws ecr get-login-password --region eu-west-1 --profile default) \
    clean install

相关问题