[pipelines] Docker logins for assets
See original GitHub issueWhen using CDK Pipelines the autogenerated Assets action will build Docker images, and publish to the cdk-provided ECR. However if included Dockerfiles build on images in a non-public repository (e.g. an ECR in a different account), those builds will fail since the Assets action has no way of specifying sources to docker login
in to.
Use Case
Prior to using Pipelines we’ve used a shared ECR in a dedicated account to both store our internal base images, as well as images built on top of those. A single docker login
would cover both pull and push from that repo.
However when switching to Pipelines, the destination repo changes. Pipelines transparently handles login to to that, but provides no configuration option for docker registries that need to be logged in to prior to asset building.
Proposed Solution
Other
The error message from the Assets/DockerAsset1 CodeBuild project was:
Step 1/13 : FROM <account>.dkr.ecr.eu-west-1.amazonaws.com/...
| Get https://<account>.dkr.ecr.eu-west-1.amazonaws.com/...: no basic auth credentials
- 👋 I may be able to implement this feature request
- ⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request
Issue Analytics
- State:
- Created 3 years ago
- Reactions:28
- Comments:19 (8 by maintainers)
Top GitHub Comments
Here’s the hack I added to my pipeline stack (after the pipeline was created) to get past this:
@quincycs this issue arises when using aws-ecr-assets to build a Docker image as part of the pipeline. Cdk Assets will create a new Assets build pipeline step as an implementation detail. It’s for that the login step is needed.