I have builds with private registry pulls working perfectly well with secrets through the UI. I’m trying to get
drone exec to work from command line. I feel like I’ve missed something obvious but meh. I’ve read the v1.0 faq and worked through that. I’m working with drone v1.1
# --trusted would be superfluous in this case
sudo drone exec --secret-file /home/<user>/.drone_secrets/project.env
my secrets file looks like this:
docker-registry-login.json (works perfectly through the UI):
"User-Agent": "Docker-Client/18.09.1 (linux)"
- name: preprocess
- python3 ./hello.py
# other possible commands
# - pip3 install virtualenv
# - virtualenv venv
# note that this secret works fine in drone v1.1
what am I missing?
Also note, my files paths are verified and my file also matches my
usually we recommend running
docker pull manually to pull images you require, instead of having drone do this. we recommend adding
pull: if-not-exists when running locally so that Drone does not try to pull images that already existing in your local cache.
- name: preprocess
with that being said, I think you can do something like this:
drone exec --registry=https://username:[email protected]
but in general I recommend just pulling what you need manually.
That’s good to know.
I’ve confirmed that works.
I have lots of images on a private registry, and settings
if-not-exists manually when running locally feels like a bad way to do this.
It seems that using
--secret-file should work with
image_pull_secrets, only it doesn’t. Could there be a bug?
In the meantime I could of course create a script that temporarily replaces
pull: always with
pull: if-not-exists and pulls all my images.
I cannot confirm this. It has worked for me, however, if you are experiencing issues I recommend cloning the repository and sending a patch.
I might try to debug that way, thanks.
Could you perhaps give me some pointers? My current situation is as follows:
- everything is working fine when using the drone server
- My registry is running on a non-default port (5000)
- When setting
--secret-file there is an effect that I can see when using
environment: from_secret . All secret variables are just
******* which I assume is on purpose.
I ended up writing a script to make exec work. just posting here since it might help someone.
cp .drone.yml .drone.yml.bak
# These env variables are missing in exec for some reason. Need to emulate here
echo -n "DRONE_COMMIT_SHA=" > /tmp/drone_exec.env
echo `git rev-parse HEAD` >> /tmp/drone_exec.env
echo -n "DRONE_SOURCE_BRANCH=" >> /tmp/drone_exec.env
echo `git rev-parse --abbrev-ref HEAD` >> /tmp/drone_exec.env
# Drone currently has some problems connecting to a private registry through "exec".
# So, we just brute force this (exec is rarely needed locally)
# Use local images if available
sed -i 's/pull\: always/pull\: if-not-exists/g' .drone.yml
docker pull my.private.registry/my_image
drone exec --trusted --env-file /tmp/drone_exec.env [email protected]
mv .drone.yml.bak .drone.yml