drone-plugins / drone-docker Goto Github PK

Hello,

I have been trying to use drone-docker in order to push images into our custom Registry and there seem to be a problem with authentication.

First of all, please note that we use Docker Registry v2. It's secured with TLS and we configured authentication to use JWT tokens. This setup has proved to work just fine with Docker client.

The peculiar thing is that if I look at the log, at the beginning of the build, I can clearly see that drone-docker successfully logged in:

  [info] Pulling image plugins/drone-docker:latest
  $ /usr/bin/docker -d
  WARNING: login credentials saved in /.docker/config.json
  Login Succeeded

However, at the end, pushing fails:

  $ /usr/bin/docker push registry.company.com/company/jenkins-slave:latest
  The push refers to a repository [registry.company.com/company/jenkins-slave] (len: 1)
  e1f3183388e0: Preparing
  unauthorized: authentication required
  [info] build failed (exit code 1)

I find weird that the config file is stored at the root of the machine and not in the user directory.
Do you think it might be related?

Thank you for your help

Aurélien

We noticed that our kubernetes deployments weren't able to find the image we had tagged with just ${DRONE_COMMIT:0:8} and "prerelease" string.

With the following commit in DRONE_COMMIT value "09334553" the plugin tries to tag the image as follows:

• /usr/local/bin/docker tag 09334553bd6437f70a5a3c5ad2830c16c28e4f5a gcr.io/xxxxxx/clouddriver:9.334553e+06
  Error parsing reference: "gcr.io/xxxxxx/clouddriver:9.334553e+06" is not a valid repository/tag.

This is on a drone server that has the new secret interpolation installed on it so it might be an issue with ${DRONE_COMMIT:0:8} instead of $DRONE_COMMIT:0:8 I will try and track that down, it's a bit of a roulette trying to recreate the issue of course.

If I can find the bug in the drone-docker code I will patch it.

A few days ago following commit was merged into the docker plugin. Our deployment pipeline started to fail right after.

I might be wrong, but it looks like prune also removes the volume where source code is mounted. That the reason for two errors:

1. unable to get absolute path to Dockerfile: getwd: no such file or directory
2. error_outlineERROR: get 89da68151e049a5047a107fb14d0930ad62035949305a723bcfab180c9f2dd35: volume not found

One important note is that we mount docker.sock to use docker cache and gain some speed in exchange to isolation.

Here is how the step looks like:

  publish-lib-docker:
    image: plugins/docker
    username: ${DOCKER_USERNAME}
    password: ${DOCKER_PASSWORD}
    email: ${DOCKER_EMAIL}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    repo: magpieapp/lib
    tags:
      - "${DRONE_BRANCH}_${DRONE_COMMIT}"
      - latest
    dockerfile: ./shared/Dockerfile
    context: ./shared/

We use Docker v1.13.1.

Here are details I can see in build output:

Live Restore Enabled: false
+ /usr/local/bin/docker system prune -f
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
WARNING: No swap limit support
Deleted Containers:
9360938c57f3856d5b95e728448c5e0c650ecb0085d67a4d9a4e26f6d3a03b1a
Deleted Volumes:
0757a2a51c2c8113f9ecf4614b5e42119334167b8ef9a8213e86160175a3de3b
89da68151e049a5047a107fb14d0930ad62035949305a723bcfab180c9f2dd35
92d493025cc5de41ab78a327f4f9a9585cf7ba4d33256d5dbb3252bacc17e841
Total reclaimed space: 27.17 MB
+ /usr/local/bin/docker build --rm=true -f ./shared/Dockerfile -t 5812553801c8841d99b3359f37b7f878e8ff866d ./shared/ --pull=true
unable to prepare context: unable to get absolute path to Dockerfile: getwd: no such file or directory

Here are details I can see in the build header:

error_outlineERROR: get 89da68151e049a5047a107fb14d0930ad62035949305a723bcfab180c9f2dd35: volume not found

We had to fall back to the version 1.12 of plugins/docker to make it work again.

i have a self-signed certificate i want to use the drone-docker plugin to publish to my private basic auth secured v2 docker-registry. would i just add it to the plugin image? plans on a config option for such? sorry if my noob shows.

Eventually exhausts loopback devices. I can verify that every time I execute a build the number of loopbacks increase until I get error There are no more loopback device available.

$ sudo losetup -a
/dev/loop0: [0032]:116 (/dev/loop0)
/dev/loop1: [0032]:117 (/dev/loop1)
/dev/loop2: [0035]:116 (/dev/loop2)
/dev/loop3: [0035]:117 (/dev/loop3)
/dev/loop4: [005c]:103 (/dev/loop4)
/dev/loop5: [005c]:104 (/dev/loop5)

for reference: jpetazzo/dind#19

I'm using this setup but i still get no cache performance increase. I do however see that is loading and saving however it doesn't seem to use the cache layers. Any idea? A normal build does use the cache layer.

Is there a specific reason why we just don't mount the docker socket in the container and use the existing docker for building?

build:
  image: alpine:3.2

publish:
  docker:
    registry: XX
    username: XX
    password: $$REGISTRY_PASSWORD
    email: [email protected]
    repo: XX
    load: docker/image.tar
    save:
      destination: docker/image.tar
      tag: latest

notify:
  slack:
    webhook_url: XX
    channel: update
    username: drone

cache:
  mount:
    - docker/image.tar

Hey,

I just wanted to fix a property name (file to dockerfile) in the documentation. But I found that the https://github.com/drone-plugins/drone-docker/blob/master/DOCS.md are already correct.

Would you mind updating docs online? :)

Thank you!

So, I know this might be a very generic error but I'm starting to believe it's because of an old Dockerfile that you use. Could we possibly bump drone-docker to the newest FROM rancher/docker:v10.13?

Anyways, basically, I run my generic .drone.yml but when I do, Drone tells me that it cannot connect to the Docker daemon. I'm running the generic Drone from the catalog but I also made my own version following the normal procedures and still receive the same errors. I'm running both Drone versions on /var/run/docker.sock.

I thought it was because it was a permissions error because of how I had Drone setup, but then I made both versions privileged and still no dice. It will not connect to the Docker daemon. E-mails and other notifications still work though.

Now that leads me to believe that it's not on my end but the workers that are spawned in the process. When Drone pulls from this repo, this Dockerfile's FROM rancher/docker:1.9.1 is what is reported. It will say the title error then it will report the docker info as 1.9.1 and not 10.13 that my host is reporting.

Could this possibly be the reason for this error?

Docker 1.12 provides some new functionality such as the HEALTHCHECK directive. It would be nice to update the plugin to incorporate Docker version 1.12 to take advantage of the newest updates and features of Docker.

I've been referred here for using drone to build docker images, but the docs and readme are too vague to really know how to start. Any chance we could get some examples, or instructions for how to use this plugin? Or at least when someone would want to use this plugin and when not to (e.g. building docker containers vs testing and then publishing an already built image, etc)
How is DOCS.md related to README.md? What is the file in the EOF and what are we supposed to replace?
I'd be willing to help update the docs if I knew the answers to these questions

here is my configuration:
publish:
docker:
environment:
- DOCKER_LAUNCH_DEBUG=true
Registry: registry.dataos.io
Insecure: true
Repo: datahubdevelop
Username: dangsha
Password: password
Email: aaa
file: Dockerfile
Tag: $$COMMIT
when:
branch: develop
event: push

the logs tells that login failed.
could anyone tell me why,thank you for the help

Did you commit & push a file drone-docker ? 😟

We're heavily using the ONBUILD command in Docker to build Ruby application Docker images from a generic Ruby base image. With Drone's caching enabled this should result in pretty quick builds if the base image or the app's dependencies haven't changed.

However, because Drone uses pull=true on each docker build command, our base image gets pulled in for each build regardless of caching. This, in turn, results in Docker running all ONBUILD steps again while building our app image, basically making the image cache useless for us.

Can we make the pull=true parameter optional, while defaulting to true? That could look like this:

publish:
  docker:
    repo: registry.example.com/app/example
    pull: false
    ...

@bradrydzewski: I'd be happy to submit a PR for this, can you let me know if you'd accept one? Thanks!

I even tried to insert the token after running docker login locally. i don't have any push restrictions on the provided account and was able to create the image just using the same commands that the plugin attempts:

$> docker build --pull=true --rm=true -f Dockerfile -t docker.io/stayfari/golang:latest .
$> docker tag docker.io/stayfari/golang:latest docker.io/stayfari/golang:1.6.2
$> docker push docker.io/stayfari/golang:latest

I do see that the login attempt succeeds and writes a config.json but it doesn't seem like its found when latter docker commands are run?

My .drone.yml:

publish:
docker:
environment:
- DOCKER_LAUNCH_DEBUG=true
registry: 'docker.io'
repo: 'stayfari/golang'
email: '[email protected]'
username: 'username'
password: 'pa$$word'
auth: 'tokeN=='
tag:
- latest
- '1.6.2'
storage_driver: overlay
file: Dockerfile
insecure: false

My output (starting at successful login):
time="2016-04-28T17:37:10.805593708Z" level=info msg="POST /v1.21/auth"
WARNING: login credentials saved in /.docker/config.json
Login Succeeded
$ /usr/bin/docker version
time="2016-04-28T17:37:11.945716342Z" level=info msg="GET /v1.21/version"
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: linux/amd64

Server:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: linux/amd64
$ /usr/bin/docker info
time="2016-04-28T17:37:11.984750143Z" level=info msg="GET /v1.21/info"
Containers: 0
Images: 0
Server Version: 1.9.1
Storage Driver: overlay
Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.3.6-coreos
Operating System: (containerized)
CPUs: 2
Total Memory: 3.855 GiB
Name: 3e5d9b5d14e9
ID: EDHP:3LXX:N73P:3FVU:VSME:2EGX:D56X:7BTL:3W36:BIWR:XAVI:777Y
Debug mode (server): true
File Descriptors: 11
Goroutines: 19
System Time: 2016-04-28T17:37:11.985961473Z
EventsListeners: 0
Init SHA1:
Init Path: /usr/bin/docker
Docker Root Dir: /var/lib/docker
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
$ /usr/bin/docker build --pull=true --rm=true -f Dockerfile -t index.docker.io/v1/stayfari/golang:latest .
time="2016-04-28T17:37:12.028837166Z" level=info msg="POST /v1.21/build?buildargs=%7B%7D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&pull=1&rm=1&t=index.docker.io%2Fv1%2Fstayfari%2Fgolang%3Alatest&ulimits=null"
Sending build context to Docker daemon 100.9 kB
Sending build context to Docker daemon 100.9 kB

Step 1 : FROM golang:1.6.2
1.6.2: Pulling from library/golang
70e9a6907f10: Pulling fs layer
...
d4228319d724: Pull complete
Digest: sha256:4e3aca89aefc5b5b0722f31e1eeafc607937eb936717b2674a4088b55412d818
Status: Downloaded newer image for golang:1.6.2
---> d4228319d724
Step 2 : ENV GO15VENDOREXPERIMENT "1"
---> Running in 737306ce8a78
---> f24a652aa594
Removing intermediate container 737306ce8a78
Step 3 : RUN go get -u github.com/FiloSottile/gvt
---> Running in b32f97263cdc
---> cb63191207cd
Removing intermediate container b32f97263cdc
Successfully built cb63191207cd
$ /usr/bin/docker tag index.docker.io/v1/stayfari/golang:latest index.docker.io/v1/stayfari/golang:1.6.2
time="2016-04-28T17:38:01.845710555Z" level=info msg="POST /v1.21/images/index.docker.io/v1/stayfari/golang:latest/tag?repo=index.docker.io%2Fv1%2Fstayfari%2Fgolang&tag=1.6.2"
$ /usr/bin/docker push index.docker.io/v1/stayfari/golang:latest
time="2016-04-28T17:38:01.883856311Z" level=info msg="POST /v1.21/images/index.docker.io/v1/stayfari/golang/push?tag=latest"
The push refers to a repository [docker.io/v1/stayfari/golang](len: 1)
cb63191207cd: Preparing
unauthorized: authentication required
[info] build failed (exit code 1)

README has mentioned option for private registry publish.
I had to spend some time, while found out that it requests https:// to be prepended at begining of repository.
So I think for others some example in README would help.

If you add the dns option to your yml file you will be greated with this error, seems like its an issue with docker when using --net=host not sure if thats what drone is using ?

409 Conflict: Conflicting options: dns and the network mode

Drone 0.4 with plugins/drone-docker:latest (as of today).
I have a self-hosted private docker registry v2 set up with basic auth.
Authenticating to my registry doesn't require email, which conflicts with how docker login is implemented here: https://github.com/drone-plugins/drone-docker/blob/release/0.4/main.go#L147
However in master branch you have it fixed, so the email is optional.
I am in progress of implementing a fix for branch/0.4 (https://github.com/meetmatt/drone-docker).
Pull request to come.

Adding docker build --build-args is useful for:

• extending martix builds e.g. different download urls / versions inside the Dockerfile
• building different images with previously cross-compiled binaries

time="2017-04-03T14:38:06.593516078Z" level=info msg="API listen on /var/run/docker.sock" 
Registry credentials not provided. Guest mode enabled.

...

Successfully built b356134105a4
+ /usr/local/bin/docker tag 728dd1752bbf9157f56bdd6367f0146dd79a79ed yangxuan8282/pugo:1-arm
+ /usr/local/bin/docker push yangxuan8282/pugo:1-arm
The push refers to a repository [docker.io/yangxuan8282/pugo]
dc174c621de7: Preparing
dc6bf54d9910: Preparing
c1141797abf6: Preparing
time="2017-04-03T14:38:13.718831377Z" level=error msg="Upload failed: denied: requested access to the resource is denied" 
time="2017-04-03T14:38:13.719173706Z" level=error msg="Attempting next endpoint for push after error: denied: requested access to the resource is denied" 
denied: requested access to the resource is denied
exit status 1

I have added DOCKER_USERNAME && DOCKER_PASSWORD

Currently the --pull=true is a fixed value in the build command. I think it would be better to make it an option in the config, to avoid pulling the base image every time.

When using chained images from multiple repositories, the insecure_registry mode only allows the initial registry to work. Subsequent/chained images from other registries (i.e. one per department/team) will fail because of the X509 error.

Any reason we aren't using https://hub.docker.com/_/docker/ instead of the rancher base?

See moby/moby#22641.

I'm having some issues with private registry pulls (using basic auth behind nginx). The drone build section is able to authenticate and pull images from the private registry just fine, but the drone-docker plugin seems to fail to push the image

plugin failure log (from drone):

time="2016-07-22T06:36:15.872816337Z" level=error msg="Handler for POST /v1.22/auth returned error: Login: 404 page not found\n (Code: 404; Headers: map[Content-Length:[19] Docker-Distribution-Api-Version:[registry/2.0] X-Content-Type-Options:[nosniff] Server:[nginx/1.9.15] Date:[Fri, 22 Jul 2016 06:36:15 GMT] Content-Type:[text/plain; charset=utf-8]])" 
Error response from daemon: Login: 404 page not found
 (Code: 404; Headers: map[Content-Length:[19] Docker-Distribution-Api-Version:[registry/2.0] X-Content-Type-Options:[nosniff] Server:[nginx/1.9.15] Date:[Fri, 22 Jul 2016 06:36:15 GMT] Content-Type:[text/plain; charset=utf-8]])
Login failed.
[info] build failed (exit code 1)

Nginx log when build section pulls an image:

[22/Jul/2016:06:36:07 +0000] "GET /v2/ HTTP/1.1" 401 195 "-" "docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.16.0-4-amd64 os/linux arch/amd64 UpstreamClient(Go-http-client/1.1)"
droneci [22/Jul/2016:06:36:07 +0000] "GET /v2/build/node6/manifests/latest HTTP/1.1" 200 1777 "-" "docker/1.11.2 go/go1.5.4 git-commit/b9f10c9 kernel/3.16.0-4-amd64 os/linux arch/amd64 UpstreamClient(Go-http-client/1.1)"

Nginx log when drone-docker tries to auth:

[22/Jul/2016:06:36:15 +0000] "GET /v2/ HTTP/1.1" 401 195 "-" "docker/1.10.2 go/go1.5.3 git-commit/c3959b1 kernel/3.16.0-4-amd64 os/linux arch/amd64"
[22/Jul/2016:06:36:15 +0000] "GET /v1/_ping HTTP/1.1" 401 195 "-" "docker/1.10.2 go/go1.5.3 git-commit/c3959b1 kernel/3.16.0-4-amd64 os/linux arch/amd64"
[22/Jul/2016:06:36:15 +0000] "POST /v1/users/ HTTP/1.1" 401 195 "-" "docker/1.10.2 go/go1.5.3 git-commit/c3959b1 kernel/3.16.0-4-amd64 os/linux arch/amd64"
droneci [22/Jul/2016:06:36:15 +0000] "GET /v1/users/ HTTP/1.1" 404 19 "-" "docker/1.10.2 go/go1.5.3 git-commit/c3959b1 kernel/3.16.0-4-amd64 os/linux arch/amd64

Is this because the docker version is out of date ? (1.10.2 for publish vs 1.11.2 for build) The actual authentication seems fine but it seems to hit the wrong URL for the next step?

  deploy_develop:
    image: plugins/docker
    repo: 127.0.0.1/cgebe/project-develop
    registry: 127.0.0.1:5000
    tags: 
      - latest 
      - ${DRONE_COMMIT_SHA:0:8}
    when:
      status: success
      branch: develop

port is always substituted with port 80.

The push refers to a repository [127.0.0.1/cgebe/project-develop]
Put http://127.0.0.1/v1/repositories/cgebe/project-develop/: dial tcp 127.0.0.1:80: getsockopt: connection refused

So far, an image can be variably tagged with $$BRANCH, $$COMMIT or $$BUILD_NUMBER. It is not possible to use a commit tag, right? So that if I push a tag on my git repo, a docker build is being triggered with an image tag of the same tag name?

we have meet a bug in drone 0.5 while using plugins/docker

this is one stage in our pipeline:

dockerize-online:
    image: plugins/docker
    environment:
      - DOCKER_LAUNCH_DEBUG=true
    debug: true
    repo: docker-registry-cn.easemob.com/kubernetes/im/eva-web
    tags: ${DRONE_COMMIT:0:7}
    registry: https://docker-registry-cn.easemob.com
    username: xxx
    password: xxx
    dockerfile: image/docker/eva-web/Dockerfile
    context: image/docker/eva-web/
    volumes:
      - /data/apps/opt/eva:/data/apps/opt/eva
    when:
      branch: release

and we got these error output:

...
192 Successfully tagged 9214e217d1f484e6607d67c6dc214740c918e0e2:latest
193 + /usr/local/bin/docker tag 9214e217d1f484e6607d67c6dc214740c918e0e2 docker-registry-cn.easemob.com/kubernetes/im/eva-web:9.214e+24
194 Error parsing reference: "docker-registry-cn.easemob.com/kubernetes/im/eva-web:9.214e+24" is not a valid repository/tag: invalid reference format
195 time="2017-05-23T07:18:54Z" level=fatal msg="exit status 1" 

I think this is a bug of go substring !

docker-registry-cn.easemob.com/kubernetes/im/eva-web:9.214e+24
should be
docker-registry-cn.easemob.com/kubernetes/im/eva-web:9214e21

We would like to use a tagging scheme based on the version of our nodejs applications defined in in the project package.json file. There doesn't seem to be way to inject this into Drone at build time.

See #64 for a possible implementation using a simple yaml file created as a build task.

I've configured a drone 0.5 environment and adapted a build config to check if it works.

Unfortunately, there is a issue on publishing a docker image. At first glance, it seems this plugin isn't gathering correctly the registry host. (or if it is, maybe it is not accepting it?)

Here's the configuration I've used.

  publish_docker_image:
    image: plugins/docker
    registry: **secret**
    username: **secret**
    password: **secret**
    email: **secret**
    repo: findhit/frontend
    tag: ${DRONE_COMMIT_BRANCH##deployed/}-${DRONE_COMMIT_SHA:0:8}
    when:
      branch:
        - deployed/*

Here's the output tail of where it fails:

Successfully built 7455cacb8b7a
+ /usr/local/bin/docker tag f03090ce1508a09b06ee2e14f27fb0588710319f findhit/frontend:staging-f03090ce
+ /usr/local/bin/docker push findhit/frontend:staging-f03090ce
The push refers to a repository [docker.io/findhit/frontend]
137ad23e6a22: Preparing
e2fb26a41375: Preparing
68c92a11771f: Preparing
5e01ccb60705: Preparing
cb91c689a4ac: Preparing
e5d83b6ea03c: Preparing
df411e57e548: Preparing
4fe15f8d0ae6: Preparing
e5d83b6ea03c: Waiting
df411e57e548: Waiting
4fe15f8d0ae6: Waiting
denied: requested access to the resource is denied
exit status 1

If you noticed it, it is trying to push it under docker.io/findhit/frontend instead of provided registry.

Is there any chance I can help on this?
Thanks.

It won't work in ubuntu 16.04, and gives me the error below.
I'm running a machine at digital ocean with this config Ubuntu Docker 1.12.3 on 16.04
And running drone:0.4 docker image.

[info] Pulling image plugins/drone-git:latest
Drone Git Plugin built from 43dcd64
$ git init
Initialized empty Git repository in /drone/src/gitlab.com/studiobox/amanger-backend/.git/
$ git remote add origin https://gitlab.com/studiobox/amanger-backend.git
$ git fetch --no-tags origin +refs/heads/master:
From https://gitlab.com/studiobox/amanger-backend
* branch            master     -> FETCH_HEAD
* [new branch]      master     -> origin/master
$ git reset --hard -q 78dbfd833602c8e6be897beb2271bc83ecc9e390
$ go build
[info] Pulling image plugins/drone-docker:latest
Drone Docker Plugin built at 2016-07-29 06:41:09 UTC
$ /usr/bin/docker daemon -g /drone/docker -s devicemapper
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Login failed.
[info] build failed (exit code 1)

Any help would be really aprecciated, and if some more information is needed let me know.
Thanks! And great project!

We had to set a max count on the registry itself to accomplish this.

I am trying to use the plugin to publish a docker image to an internal docker registry. The username has a "-" in the name (example: user-name). I looks like because of this we are facing this error.

$ /usr/bin/docker daemon -g /drone/docker
Error response from daemon: Registration: "Wrong username format (it has to match "^[a-z0-9]{4,30}$")"
Login failed.

I was unable to push to a private registry that is secured by htpasswd (username and password). My .drone.yml file had the username and password values, but I omitted the email value. I was able to get the push to work by adding a bogus email address to the .drone.yml file. This seems like a bug. Or, I am misunderstanding something. Please help me understand.

How I can deploy to several destinations at the same time?
I'm building micro service application and need to push to 5-10 destinations, doing so sequentially makes little sense when there are spare cores available

look at using the rancher base-docker image
https://github.com/rancher/docker-from-scratch

For example, we use 'when' to only publish images on a tag event. This seems to be a frequently asked question, so explicitly adding it to the docs is probably worthwhile.

We previously implemented a temporary workaround to programmatic image tags by loading an environment file. I would like a more permanent solution based on some previous suggestions, specifically using a file to load tags.

We could add a tag_file field to the yaml that points to a version file:

pipeline:
  docker:
    image: plugins/docker
    username: kevinbacon
    password: pa55word
    email: [email protected]
    repo: foo/bar
    tags: latest
+   version_file: VERSION

The tag is read from the file. Example version file:

17.3

The version file will not override the tags attribute. Instead it should be appended to the tag list.

This means we should remove the prior workaround:

func main() {
-	// Load env-file if it exists first
-	if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
-		godotenv.Load(env)
-	}

Hi,

Thanks for a great project.

Setting up a stack on rancheros/rancher, with a private docker registry, gogs and drone.
Can't seem to get the publish from drone-docker-plugin to my private registry working.

I am probably missing something.

I'm using letsencrypt for SSL in the registry, and can't get the dind-docker used by drone-docker-plugin to trust the certificate.

Is there a good way to do this? Can I inject an alternate image for dind with the root cert, or similar?

//Robin

Drone 0.5

drone exec

# DEBUG
debug: true

# Define the CI pipeline
pipeline:
  docker:
    username: xxxx
    password: xxxx
    email: [email protected]
    repo: bannerwise/core
    tag: testing
    file: Dockerfile
    insecure: false
  deploy-to-deis:
    image: node:5
    commands:
      - curl -sSL http://deis.io/deis-cli/install-v2.sh | bash
      - ln -fs $PWD/deis /usr/local/bin/deis
      - deis auth:login https://deis.xxxx.xx --username xxxx --password xxxx
      - deis ps -a api-testing

Running Matrix job #0
[deploy-to-deis:L0:0s] + curl -sSL http://deis.io/deis-cli/install-v2.sh | bash
[deploy-to-deis:L1:1s] Downloading deis-v2.4.0-linux-amd64 From Google Cloud Storage...
[deploy-to-deis:L2:3s]
[deploy-to-deis:L3:3s] deis is now available in your current directory.
[deploy-to-deis:L4:3s]
[deploy-to-deis:L5:3s] To learn more about deis, execute:
[deploy-to-deis:L6:3s]
[deploy-to-deis:L7:3s] $ ./deis --help
[deploy-to-deis:L8:3s]
[deploy-to-deis:L9:3s] + ln -fs $PWD/deis /usr/local/bin/deis
[deploy-to-deis:L10:3s] + deis auth:login https://deis.xxxx.xx --username xxxx --password xxxx
[deploy-to-deis:L11:4s] Logged in as xxxx
[deploy-to-deis:L12:4s] Configuration file written to /root/.deis/client.json
[deploy-to-deis:L13:4s] + deis ps -a api-testing
[deploy-to-deis:L14:4s] === api-testing Processes
[deploy-to-deis:L15:4s] --- cmd:
[deploy-to-deis:L16:4s] api-testing-cmd-4162569793-mmukv up (v30)
[deploy-to-deis:L17:4s] api-testing-cmd-4162569793-v4qgm up (v30)
[deploy-to-deis] exit code 0

I'm running Drone at commit a9c84d26e11ffeb97311a1b549c48589dac95292 right now.

Before the latest drone-docker container push, our bundle install calls worked as expected.

Now, we get a bunch of Gem::RemoteFetcher::UnknownHostError: timed out (...) messages before our build fails.

Running docker exec -it <container id> /bin/sh onto the actual docker plugin container and then attempting to curl rubygems.org shows that the host can't be found. Calls to other sites such as https://google.com/ work. Is this anything to do with the new dind base image?

I've created a minimal repository showing this behaviour:
https://github.com/sondinhinfectious/drone-docker-gems

Here are the verbose logs:
https://gist.github.com/sondinhinfectious/f2d8ad289e320dc31a11be06b96d50bf

Docker info:

Containers: 110
Images: 212
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 1014
 Dirperm1 Supported: true
Execution Driver: native-0.2
Kernel Version: 3.19.0-61-generic
Operating System: Ubuntu 14.04.4 LTS
CPUs: 2
Total Memory: 7.305 GiB
Name: drone-1
ID: SOXP:RKX2:MR5P:PDFH:QVJZ:4MKI:MGX2:LIYN:RGFP:GXOZ:3QJY:UVT5
WARNING: No swap limit support

$ uname --all
Linux drone-1 3.19.0-61-generic #69~14.04.1-Ubuntu SMP Thu Jun 9 09:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Hi all!
I can't seem to tag my docker images with the SHA and commits.

I've tried both and $$DRONE_COMMIT and $DRONE_COMMIT but to no avail.

The error I get is:

$ /usr/bin/docker tag lab.54hrs.com/leaplines/apps:latest lab.54hrs.com/leaplines/apps:$$DRONE_COMMIT
Error response from daemon: Illegal tag name ($$DRONE_COMMIT): only [A-Za-z0-9_.-] are allowed ('.' and '-' are NOT allowed in the initial), minimum 1, maximum 128 in length
[info] build failed (exit code 1)

publish:
  docker:
    registry: lab.54hrs.com
    email: [email protected]
    username: registry
    password: $$REGISTRY_PASSWORD
    repo: XX
    tag:
      - latest
      - $$DRONE_COMMIT

It seems that the variables are not interpolated. Is this correct? I would love it if i can tag my images with the SHA and branch and optionally the latest.

Currently been doing some testing with the plugin, from what i can tell it does not work with out a remote repository ?

I found the --dry-run option from the code which looks like it should do what i need, however I have found that the image is not available for the next step in my builds.

Is there a way to achieve this and if not what's stopping it from working ? a quick look at the codes makes me think it should.

Add support for building Windows containers.

Is there a reason the docs don't show the secrets that are needed for the plugin to work without using clear text username and password?

In the past it instructed you to use: DOCKER_USERNAME, DOCKER_PASSWORD, DOCKER_EMAIL as secrets.

Hi,when i use drone to build docker images, i got the error:

[info] Pulling image plugins/drone-git:latest
Drone Git Plugin built from 43dcd64
$ git init
Initialized empty Git repository in /drone/src/114.55.23.12/strahe/drone_test/.git/
$ git remote add origin http://114.55.23.12:30080/strahe/drone_test.git
$ git fetch --no-tags origin +refs/heads/master:
From http://114.55.23.12:30080/strahe/drone_test
* branch            master     -> FETCH_HEAD
* [new branch]      master     -> origin/master
$ git reset --hard -q 050be0ea7cfd60713756d030b1dcb5b7c16ba94b
[info] Pulling image plugins/drone-docker:latest
time="2016-09-19T03:58:46Z" level=fatal msg="no such file or directory" 
[info] build failed (exit code 1)

any ideas?

The problem lies here:
https://github.com/drone-plugins/drone-docker/blob/master/main.go#L41

I have custom private registry with urls like: my.registry/image-name:tag, so when I enter as repo:

• image-name I get image-name:tag
• registry.host/image-name I get registry.host/registry.host/image-name:tag

I am trying add tag to docker

pipeline:
  test:
    image: mhart/alpine-node:6.3.1
    commands:
      - echo hihi
  docker:
    repo: project/repo
    environment:
      - DOCKER_LAUNCH_DEBUG=true
    tag:
      - latest
      - "$${TAG}"
    when:
      event: tag

But i got these error message
Is it a bug ?

Error parsing reference: "project/repo:$${TAG}" is not a valid repository/tag
exit status 1

time="2016-02-12T19:47:21.836933519Z" level=error msg="Couldn't run auplink before unmount: exec: \"auplink\": executable file not found in $PATH" 
time="2016-02-12T19:47:21.880847240Z" level=error msg="Couldn't run auplink before unmount: exec: \"auplink\": executable file not found in $PATH

during the deploy

Drone 1.9 added the ability to specify arguments on the command line for stuff like proxy values when building behind a proxy.

Would be great to have something like

publish:
  docker:
    use_proxy: true

Which would check the plugin for the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY values. If any of those it and its lowercase equivalent would be added to the --build-arg in the docker build command generated by Drone.