search

jenkinsci / amazon-ecr-plugin

Amazon EC2 Container Registry plugin for Jenkins
https://plugins.jenkins.io/amazon-ecr/
MIT License
32 stars 22 forks source link

Use ECR credentials without docker-workflow plugin #172

Open cg2v opened 6 months ago

cg2v commented 6 months ago

What feature do you want to see added?

I would like the credentials returned by credentials('ecr::') to be usable as environment variables with docker login/podman login.

My site uses podman, not docker for builds, and I am not confident that the docker-workflow plugin will function with podman as the backend, so I am not using it. Instead I am invoking podman using sh().

When I try to log in to an ECR registry, like so:

   stages {
        stage('Prep') {
            environment {
               AWS_REGISTRY = credentials('ecr:us-east-1:aws')
            }
            steps {
               sh 'podman login -u $AWS_REGISTRY_USR -p $AWS_REGISTRY_PSW $AWS_REGISTRY_HOST'
            }
       }
   }

the login fails with an invalid token. When I inspect $AWS_REGISTRY_PSW, I discover that it is the entire token returned by GetAuthorizationToken, which means it's a base64 encoded string of Username:Password

Instead, I have to ignore the amazon-ecr plugin and do something like this in my steps:

                withCredentials([aws(credentialsId: 'aws')]) {
                    sh 'aws ecr get-login-password --region us-east-1 | \
                        podman login -u AWS --password-stdin $AWS_REGISTRY_HOST'
                }

Upstream changes

No response

Are you interested in contributing this feature?

No response

TobiX commented 4 months ago

I have started using https://github.com/isometry/docker-credential-env, maybe that also works for you?