https://pantsbuild.org/ logo
Join Slack
Powered by
Hi! I'm having a problem similar to <https://pants...
# general
f
Hi! I'm having a problem similar to https://pantsbuild.slack.com/archives/C046T6T9U/p1673569181883479. In GitHub Actions, I can successfully log in to Azure Container Registry, then do 
docker pull
. But if 
pants test
(version 2.15.0rc2) tries to do the same, it results in:
Copy code
Exception: Failed to pull image `***<http://registry.azurecr.io/runner/ubuntu20_***|registry.azurecr.io/runner/ubuntu20_***>`: Failed to pull Docker image `***<http://registry.azurecr.io/runner/ubuntu20_***|registry.azurecr.io/runner/ubuntu20_***>`: DockerResponseServerError { status_code: 500, message: "Get \"[https://***<http://registry.azurecr.io/v2/runner/ubuntu20_***/tags/list\|registry.azurecr.io/v2/runner/ubuntu20_***/tags/list\>](https://***<http://registry.azurecr.io/v2/runner/ubuntu20_***/tags/list/|registry.azurecr.io/v2/runner/ubuntu20_***/tags/list/>)": unauthorized: authentication required, visit <https://aka.ms/acr/authorization> for more information." }
I can see that the ACR login steps yields this:
Copy code
DOCKER_CONFIG=/home/runner/work/_temp/docker_login_1675410905572
I have tried with:
Copy code
[docker]
build_args = ["GIT_SHA"]
env_vars = ["DOCKER_CONFIG"]

[test]
extra_env_vars = ["DOCKER_CONFIG"]
as well as without the 
env_vars
and 
extra_env_vars
above, but it fails either way.
c
Hi Tor, So what docker credentials plugin is being used. Is that available on the hermetic PATH provided by Pants?
f
Hi! I’ve used this GitHub Actions step:
Copy code
- name: Login to ACR
        uses: azure/docker-login@v1
        with:
          login-server: *****<http://registry.azurecr.io|registry.azurecr.io>
          username: ${{ secrets.SP_ACR_PULL_ID }}
          password: ${{ secrets.SP_ACR_PULL_PASSWORD }}
This yields a 
DOCKER_CONFIG
, which makes sure that a step like this is successful:
Copy code
- name: Test pulling from ACR
        run: docker pull *****<http://registry.azurecr.io/runner/ubuntu20_*****|registry.azurecr.io/runner/ubuntu20_*****>
c
huh, yea that seems like it should be enough to just forward the 
DOCKER_CONFIG
env var in that case, fwict from the action. 🤔
quick question though, is this a 
docker_image
target that it is failing for, or a 
docker_environment
?
if this comes from Pants:
DockerResponseServerError …
it doesn’t look like a 
docker_image
in which case I guess it is for a 
docker_environment
in which case we need to rope in @witty-crayon-22786 or @fast-nail-55400 as I’m not familiar with the Docker support in the engine itself.
f
Yes, this is 
pants test
asking for an image that is defined like this:
Copy code
docker_environment(
    name="docker-env-ubuntu20-*****",
    platform="linux_x86_64",
    image="*****<http://registry.azurecr.io/runner/ubuntu20_*****|registry.azurecr.io/runner/ubuntu20_*****>",
    python_bootstrap_search_path=["<PATH>"],
)
✔️ 1
c
ok, in that case, the 
[docker]
config section doesn’t apply, I think.. sorry for the confusion.
👍 1
or I may be wrong… seems like it uses some options as default from that section, at least according to https://www.pantsbuild.org/v2.15/docs/reference-docker_environment#codedocker_env_varscode … ?
maybe try providing the env var directly on the 
docker_environment
target..
f
So I added this:
Copy code
docker_environment(
    name="docker-env-ubuntu20-*****",
    platform="linux_x86_64",
    image="*****<http://registry.azurecr.io/runner/ubuntu20_*****|registry.azurecr.io/runner/ubuntu20_*****>",
    python_bootstrap_search_path=["<PATH>"],
    docker_env_vars=["DOCKER_CONFIG"],
)
Unfortunately, it didn’t help.
But this is without 
docker.env_vars
and 
test.extra_env_vars
. Not sure if they should be there or not. The thread I linked at the top seemed to indicate they shouldn’t:
removing DOCKER_CONFIG from env_vars fixed it /shrug
c
yea, you shouldn’t read too much into that, as that was for publishing an image, i.e. using a 
docker_image
target.. so it’s completely different implementations between these two targets, as 
docker_environment
is implemented in the Pants’s rust engine talking directly with the Docker daemon API (using some rust crate for it), where as 
docker_image
is a backend plugin written in Python shell-ing out to the 
docker
CLI client.
👍 1
f
I actually did originally have it on 
docker_environment
as well, but took it out when testing taking it out from those two others.
w
can you file as issue describing the setup for this one? sorry for the trouble.
👍 1
f
w
@curved-television-6568: if you wouldn’t mind commenting on that issue with an explanation of how auth like this works in the docker plugin, i can take a stab at porting it to the environments backend
c
@witty-crayon-22786 there’s nothing special in the docker plugin wrgt auth, only the generic env support.
w
ok: so folks explicitly configure the env var to pass through, got it.
👍 1
f
I'm running into this same issue with Pants 2.22. It looks like there was a patch to pass 
DOCKER_HOST
and 
DOCKER_CONFIG
through without stating them explicitly in the 
docker_environment
. So, I must be confused on the workaround here. Any pointers?
11 Views
Open in Slack
PreviousNext
Powered by