mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-30 12:20:33 +00:00
Support Docker credential helpers (#1075)
* support docker credential and add docker-credential-ecr-login into alpine image * Remove ecr from docker and add docs * Update docs/docs/30-administration/22-backends/10-docker.md Co-authored-by: WeStone <xuecanlong@qq.com> Co-authored-by: Anbraten <anton@ju60.de>
This commit is contained in:
parent
b7957c53aa
commit
bed3ef104c
2 changed files with 19 additions and 0 deletions
|
@ -14,6 +14,18 @@ Set to the name of an existing network which will be attached to all your pipeli
|
||||||
|
|
||||||
Enable IPv6 for the networks used by pipeline containers (steps). Make sure you configured your docker daemon to support IPv6.
|
Enable IPv6 for the networks used by pipeline containers (steps). Make sure you configured your docker daemon to support IPv6.
|
||||||
|
|
||||||
|
## Docker credentials
|
||||||
|
|
||||||
|
Woodpecker supports [Docker credentials](https://github.com/docker/docker-credential-helpers) to securely store registry credentials. Install your corresponding credential helper and configure it in your Docker config file passed via [`WOODPECKER_DOCKER_CONFIG`](/docs/administration/server-config#woodpecker_docker_config).
|
||||||
|
|
||||||
|
To add your credential helper to the Woodpecker server container you could use the following code to build a custom image:
|
||||||
|
|
||||||
|
```dockerfile
|
||||||
|
FROM woodpeckerci/woodpecker-server:latest-alpine
|
||||||
|
|
||||||
|
RUN apk add -U --no-cache docker-credential-ecr-login
|
||||||
|
```
|
||||||
|
|
||||||
## Podman support
|
## Podman support
|
||||||
|
|
||||||
While the agent was developped with Docker/Moby, Podman can also be used by setting the environment variable `DOCKER_SOCK` to point to the podman socket. In order to work without workarounds, Podman 4.0 (or above) is required.
|
While the agent was developped with Docker/Moby, Podman can also be used by setting the environment variable `DOCKER_SOCK` to point to the podman socket. In order to work without workarounds, Podman 4.0 (or above) is required.
|
||||||
|
|
|
@ -40,6 +40,13 @@ func parseDockerConfig(path string) ([]*model.Registry, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for registryHostname := range configFile.CredentialHelpers {
|
||||||
|
newAuth, err := configFile.GetAuthConfig(registryHostname)
|
||||||
|
if err == nil {
|
||||||
|
configFile.AuthConfigs[registryHostname] = newAuth
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for addr, ac := range configFile.AuthConfigs {
|
for addr, ac := range configFile.AuthConfigs {
|
||||||
if ac.Auth != "" {
|
if ac.Auth != "" {
|
||||||
ac.Username, ac.Password, err = decodeAuth(ac.Auth)
|
ac.Username, ac.Password, err = decodeAuth(ac.Auth)
|
||||||
|
|
Loading…
Reference in a new issue