happy-pizza-30507
11/17/2021, 8:00 AMpants publish
returned an error "_denied: requested access to the resource is denied_" from docker-cli. Meanwhile a plain docker push
worked just fine. My Jenkinsfile wraps the pants publish
step inside withDockerRegistry. The urls specified in withDockerRegistry and in [docker.registry.private_name].address
are identical (though Pipeline plugin requires a protocol prefix whereas pants doesn't). In our Pipeline, we use a separate credentials to login and push the image and that account is different from the pipeline runner, i.e. $USER
. The last thing worth mentioning is that the docker images were built prior to entering withDockerRegistry, meaning that they were built under the name of $USER
. Am I doing something wrong perhaps?curved-television-6568
11/17/2021, 8:09 AM~/.docker/config.json
properly. This may very well be a bug in our docker backend. I’ll investigate further, but it’ll be some time..docker
client, ./pants publish <docker-image>
works when running from the command line. (with properly setup here, I refer to there being a successfully issued docker login
for the registry you want to push to.)
I’ve not had the opportunity to test running a Jenkins pipeline with the docker plugin you mention, but it feels like it could be in proximity there abouts. It should not matter which user built the image, however.Meanwhile a plainÂWas this also executed from within the worked just fine.docker push
withDockerRegistry
step?happy-pizza-30507
11/18/2021, 7:57 AMcurved-television-6568
11/18/2021, 1:45 PMhappy-pizza-30507
11/18/2021, 3:09 PMcurved-television-6568
11/18/2021, 3:20 PMdocker publish
but it should be (that was my intention, overlooked). Will fix, sorry for the trouble.PANTS_SHA
for a commit from main
, after it’s been merged)happy-pizza-30507
11/18/2021, 8:47 PMcurved-television-6568
11/19/2021, 6:16 AMhappy-pizza-30507
11/21/2021, 10:12 AMcurved-television-6568
11/21/2021, 10:53 AM