https://pantsbuild.org/ logo
Join Slack
Powered by
Hello, does anyone have a working configuration fo...
# general
v
Hello, does anyone have a working configuration for publishing a Docker images to Google Cloud Artifact Registry? I have the registry address set to use 
gcloud
authentication but it seems no authentication info is being passed since I'm getting this error: 
error from registry: Unauthenticated request. Unauthenticated requests do not have permission "artifactregistry.repositories.uploadArtifacts" on resource
docker push
is working for me but trying to push from the Docker Desktop GUI has the exact same error. My config looks like this: ~/.docker/config.json
Copy code
{
  "credHelpers": {
    "us-docker.pkg.dev": "gcloud"
  }
}
pants.toml
Copy code
[docker]
env_vars = [
  "DOCKER_CONFIG=~/.docker/config.json",
]
tools = [
  "docker-credential-gcloud",
  "dirname",
  "readlink",
  "python3",
  # These may be necessary if using Pyenv-installed Python.
  "cut",
  "sed",
  "bash",
]
So far I've found out: 1. Adding "`PATH`" to env_vars seems to fix the issue but isn't ideal 2. Trying to run the credential helper within the isolated sandbox like the docs suggest is working so I'm not sure why running pants publish doesn't work
Copy code
➜  _binary_shims_ed4ce265af0b793bfc2088baf325ab478909bac1d54a915786987c5970b96c3e echo us-docker.pkg.dev | env -i ./docker-credential-gcloud get
{
  "Secret":
Looking at the logs, perhaps the PATH isn't being constructed correctly using 
chroot
?
Copy code
Execute InteractiveProcess(process=Process(argv=('/usr/local/bin/docker', 'push', '[image]'), description='Pushing docker image [image]', level=<LogLevel.INFO: 'info'>, input_digest=Digest('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 0), immutable_input_digests=FrozenDict({'_binary_shims_ed4ce265af0b793bfc2088baf325ab478909bac1d54a915786987c5970b96c3e': Digest('ed4ce265af0b793bfc2088baf325ab478909bac1d54a915786987c5970b96c3e', 689)}), use_nailgun=(), working_directory=None, env=FrozenDict({'PATH': '{chroot}/_binary_shims_ed4ce265af0b793bfc2088baf325ab478909bac1d54a915786987c5970b96c3e', 'DOCKER_CONFIG': '$HOME/config.json', 'HOME': '/Users/mfairley'}), append_only_caches=FrozenDict({}), output_files=(), output_directories=(), timeout_seconds=-1, jdk_home=None, execution_slot_variable=None, concurrency_available=0, cache_scope=<ProcessCacheScope.SUCCESSFUL: 'successful'>, remote_cache_speculation_delay_millis=0, attempt=0), run_in_workspace=False, forward_signals_to_process=True, restartable=False, keep_sandboxes=<KeepSandboxes.never: 'never'>)
I noticed I used the wrong syntax for DOCKER_CONFIG. But even after changing it to 
DOCKER_CONFIG=%(homedir)s/.docker
I'm getting another problem of the publish step hanging forever unless I pass through 
PATH
I finally figured this out. Hopefully it's useful to someone: gcloud relies on Python but it was installed using a different version of Python that the one I'm using in my Pants repo. So I had to change:
Copy code
tools = [
...
python
...
]
to
Copy code
tools = [
...
/usr/local/bin/python3.12
...
]
b
oh I hit this too! I stuck with 
PATH
in the env_vars, but this is really good to know
4 Views
Open in Slack
PreviousNext
Powered by