Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Jib uses inferred credential provider before .docker/config.json

See original GitHub issue

Description of the issue: I am not able to publish images to the GCR (Google Container Registry), I am running the Jenkins command (mvn -T C4 clean install -DskipTests process-classes -Dbuild.number=$BUILD_NUMBER jib:build), when I squeeze the command through the terminal of linux where it is installed I was able to upload the image, but within jenkins I can not.

Expected behavior: Upload image to gcr.io

Steps to reproduce: Create job in Jenkins and configure to run the command: mvn -T C4 clean install -DskipTests process-classes -Dbuild.number = $ BUILD_NUMBER jib: build

Environment:

Linux Debian 4.9.144-3.1 (2019-02-19) x86_64 Jenkins 2.164.2

plugin: Google Container Registry Auth Plugin
credentials GCP Storage Admin JDK 11

jib-maven-plugin Configuration:

			<plugin>
				<groupId>com.google.cloud.tools</groupId>
				<artifactId>jib-maven-plugin</artifactId>
				<version>1.1.2</version>
				<configuration>
					<from>
						<image>openjdk:11-jdk-slim</image>
					</from>
					<to>
						<image>${docker.image.prefix}/eureka</image>
						<tags>
							<tag>${build.number}</tag>
							<tag>latest</tag>
						</tags>
						<credHelper>gcr</credHelper>
					</to>
					<container>
						<jvmFlags>
							<jvmFlag>-Dspring.profiles.active=producao</jvmFlag>
						</jvmFlags>
						<labels>
							<service-name>eureka</service-name>
						</labels>
						<mainClass>br.com.agendeapp.eureka.EurekaServiceApplication</mainClass>
					</container>
				</configuration>
			</plugin>

Log output: [INFO] — jib-maven-plugin:1.1.2:build (default-cli) @ eureka — [INFO] [INFO] Containerizing application to [36mgcr.io/agende-app-222611/eureka[0m, [36mgcr.io/agende-app-222611/eureka:27[0m, [36mgcr.io/agende-app-222611/eureka[0m… [INFO] Retrieving registry credentials for gcr.io… [INFO] Getting base image openjdk:11-jdk-slim… [INFO] Building dependencies layer… [INFO] Building resources layer… [INFO] Building classes layer… [INFO] The base image requires auth. Trying again for openjdk:11-jdk-slim… [INFO] Retrieving registry credentials for registry-1.docker.io… [INFO] [INFO] Container entrypoint set to [java, -Dspring.profiles.active=producao, -cp, /app/resources:/app/classes:/app/libs/*, br.com.agendeapp.eureka.EurekaServiceApplication] [INFO] [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 18.320 s (Wall Clock) [INFO] Finished at: 2019-05-03T17:42:14+00:00 [INFO] Final Memory: 68M/162M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:1.1.2:build (default-cli) on project eureka: Build image failed, perhaps you should make sure you have permissions for gcr.io/agende-app-222611/eureka: Unauthorized for gcr.io/agende-app-222611/eureka: 403 Forbidden [ERROR] {“errors”:[{“code”:“DENIED”,“message”:“Access denied.”}]} [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException Build step ‘Invoke top-level Maven targets’ marked build as failure Finished: FAILURE

Additional Information: The terminal is installed gcloud sdk, and when trying to run maven the upload occurs

Issue Analytics

State:
Created 4 years ago
Comments:9 (6 by maintainers)

Top GitHub Comments

1reaction

chanseokohcommented, Jun 10, 2019

@rafaeldalbosco v1.3.0 is released, and it will give priority to the credentials explicitly configured in .docker/config.json before attempting a well-known credential helper on PATH.

1reaction

chanseokohcommented, May 6, 2019

Reversing the order makes sense. Maybe the original intention was that if the registry is gcr.io and there exists a runnable docker-credential-gcr binary, the user should really configure docker-credential-gcr correctly as a priority. However, with the current order, the only way to circumvent the issue is to remove the cred helper (either explicitly or just from $PATH). OTOH, in the reverse case, the user can explicitly configure <credHelper> to override docker.json.

Top Results From Across the Web

google/jib - Gitter

I am using Eclipse IDE in windows machine for the application developement. I found that i need to install docker-credential-ecr-login on my developement ......

JIB is not able to detect docker credentials - Stack Overflow

I am building a generated app whith Jhipster. I run the command to build the images and run the app containerized. I started...

fabric8io/docker-maven-plugin

A general image part containing the image name and alias. A <build> configuration specifying how images are built. A <run> configuration ...

Build containers faster with Jib, a Google image ... - YouTube

Instead of using Dockerfiles, Jib packs a Java application into a container by inferring what it needs from your Maven or Gradle project....

Dockerizing Java Apps using Jib - Baeldung

Learn to simplify containerization of Java applications using Jib. ... we'll provide our DockerHub credentials to .m2/settings.xml: