Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39684

Use docker images from private registry

    XMLWordPrintable

Details

    Description

      When using an agent directive in Declarative Pipeline there is no way to specify the Docker Registry to use. In Scripted Pipline this is available via the withRegistry wrapper

      docker.withRegistry('https://docker.mycorp.com/', 'docker-login') {
        git '…'
        docker.build('myapp').push('latest')
      }
      

      For Declarative we should allow admins to create a default registry to be used by all Pipelines at the master level or the folder level. We should also allow a specific registry setting in the language itself via the agent directive.

      Attachments

        Issue Links

          Activity

            hrmpw Patrick Wolf created issue -
            hrmpw Patrick Wolf added a comment -

            michaelneale jamesdumay

            Do you guys have any suggestions for the syntax?

            hrmpw Patrick Wolf added a comment - michaelneale jamesdumay Do you guys have any suggestions for the syntax?
            michaelneale Michael Neale added a comment -

            hrmpw abayer I think the agent syntax was made flexible enough to cater for this.

            agent docker:"foo" registry:

            {... config for registry}

            would something like that work? or the docker item take a block in that case with all the config needed? (Andrew would be able to comment on what is best)

            michaelneale Michael Neale added a comment - hrmpw abayer I think the agent syntax was made flexible enough to cater for this. agent docker:"foo" registry: {... config for registry} would something like that work? or the docker item take a block in that case with all the config needed? (Andrew would be able to comment on what is best)
            abayer Andrew Bayer added a comment -

            Hrm. I don't like the idea of mixing closures with string values in the agent config. That ship has already sailed, I think. I'll play around with it, but I don't think it'll work well. Most likely, we'll need straight key/value pairings.

            abayer Andrew Bayer added a comment - Hrm. I don't like the idea of mixing closures with string values in the agent config. That ship has already sailed, I think. I'll play around with it, but I don't think it'll work well. Most likely, we'll need straight key/value pairings.
            abayer Andrew Bayer added a comment -

            Ok, turns out it's technically possible, but I'm really unsure about the syntactic feel.

            abayer Andrew Bayer added a comment - Ok, turns out it's technically possible, but I'm really unsure about the syntactic feel.
            abayer Andrew Bayer added a comment - - edited

            I tell a lie - there's no viable way to fit closure agent values into the AST. Grr. We could do maps, though. So I'd lean towards this syntax:

            agent docker:'foo', registry:[url:'http://...', username:'...', password:'...']
            

            Still need to think how we'd fit credentials into that, though.

            abayer Andrew Bayer added a comment - - edited I tell a lie - there's no viable way to fit closure agent values into the AST. Grr. We could do maps, though. So I'd lean towards this syntax: agent docker: 'foo' , registry:[url: 'http: //...' , username: '...' , password: '...' ] Still need to think how we'd fit credentials into that, though.
            michaelneale Michael Neale added a comment -

            that looks reasonable. I am not aware how registry works today with withCredentials, but perhaps its a matter of takign a credentialId as an option?

            michaelneale Michael Neale added a comment - that looks reasonable. I am not aware how registry works today with withCredentials, but perhaps its a matter of takign a credentialId as an option?

            Current syntax looks like this withDockerRegistry([credentialsId: 'foo', url: 'https://docker.foo.com']).
            Tried to add it as wrapper but obviously that didn't work out.

            pleibiger Peter Leibiger added a comment - Current syntax looks like this withDockerRegistry( [credentialsId: 'foo', url: 'https://docker.foo.com'] ) . Tried to add it as wrapper but obviously that didn't work out.

            Maybe the agent syntax always needs to be a closure, away from strings.
            In the future there might be a lot of parameters for different kinds of agents.

            pleibiger Peter Leibiger added a comment - Maybe the agent syntax always needs to be a closure, away from strings. In the future there might be a lot of parameters for different kinds of agents.
            michaelneale Michael Neale added a comment -

            pleibiger I know abayer was looking at making the agent syntax more extensible: https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/73 - so perhaps that is the place to add in registry support?

            michaelneale Michael Neale added a comment - pleibiger I know abayer was looking at making the agent syntax more extensible: https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/73 - so perhaps that is the place to add in registry support?
            pleibiger Peter Leibiger added a comment - michaelneale I already commented on that PR regarding this issue: https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/73#issuecomment-267946020
            abayer Andrew Bayer made changes -
            Field Original Value New Value
            Link This issue depends on JENKINS-40524 [ JENKINS-40524 ]
            abayer Andrew Bayer made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            abayer Andrew Bayer made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            abayer Andrew Bayer added a comment - Preliminary PR up at https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/86
            abayer Andrew Bayer made changes -
            Remote Link This issue links to "PR #86 (Web Link)" [ 15219 ]

            I can probably test this sometime this week.

            pleibiger Peter Leibiger added a comment - I can probably test this sometime this week.

            Code changed in jenkins
            User: Andrew Bayer
            Path:
            pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipeline.java
            pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipelineFromDockerfile.java
            pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipelineFromDockerfileScript.groovy
            pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipelineScript.groovy
            http://jenkins-ci.org/commit/pipeline-model-definition-plugin/d76175b8b7d302fe46cccfda2bca36eb9f857974
            Log:
            [FIXED JENKINS-39684] Add registryUrl and registryCredentialsId

            Added to both docker and dockerfile agent types. Not sure how to test
            this, honestly.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipeline.java pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipelineFromDockerfile.java pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipelineFromDockerfileScript.groovy pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/agent/impl/DockerPipelineScript.groovy http://jenkins-ci.org/commit/pipeline-model-definition-plugin/d76175b8b7d302fe46cccfda2bca36eb9f857974 Log: [FIXED JENKINS-39684] Add registryUrl and registryCredentialsId Added to both docker and dockerfile agent types. Not sure how to test this, honestly.
            abayer Andrew Bayer made changes -
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]

            Works for me.

            pleibiger Peter Leibiger added a comment - Works for me.
            niecore Nico Mueller made changes -
            Comment [ What is the used syntax now? Can't find a documentation. ]
            rocketeer125 Tom Bamford added a comment - - edited

            For the benefit of anyone else who discovers this in future wondering what the syntax should actually look like altogether, example given below:

             

            agent {
              docker {
                label 'docker'
                image 'myregistry.com/node:7.10.0'
                registryUrl 'https://myregistry.com/'
                registryCredentialsId 'myPredefinedCredentialsInJenkins'
              }
            }
            
            rocketeer125 Tom Bamford added a comment - - edited For the benefit of anyone else who discovers this in future wondering what the syntax should actually look like altogether, example given below:   agent {   docker {     label 'docker'     image 'myregistry.com/node:7.10.0'     registryUrl 'https: //myregistry.com/'     registryCredentialsId 'myPredefinedCredentialsInJenkins'   } }
            jouve Cyril Jouve added a comment - Hello, this is a great feature but I could not find documentation/exemple. I looked here: https://github.com/jenkinsci/pipeline-model-definition-plugin/wiki https://jenkins.io/doc/ https://www.google.fr/search?q=jenkins+pipeline+additionalBuildArgs  
            jouve Cyril Jouve made changes -
            Resolution Fixed [ 1 ]
            Status Resolved [ 5 ] Reopened [ 4 ]
            jraub_switch Jordan Raub added a comment - - edited

            The resolved dependent issue (JENKINS-40524) does add the registryUrl and registryCredentialsId, but what is the mechanism to push a tag into the registry upon success?

            jraub_switch Jordan Raub added a comment - - edited The resolved dependent issue ( JENKINS-40524 ) does add the registryUrl and registryCredentialsId, but what is the mechanism to push a tag into the registry upon success?
            abayer Andrew Bayer added a comment -

            jraub_switch Feel free to open a new issue for that.

            abayer Andrew Bayer added a comment - jraub_switch Feel free to open a new issue for that.
            abayer Andrew Bayer made changes -
            Resolution Fixed [ 1 ]
            Status Reopened [ 4 ] Resolved [ 5 ]
            bitwiseman Liam Newman added a comment -

            Bulk closing resolved issues.

            bitwiseman Liam Newman added a comment - Bulk closing resolved issues.
            bitwiseman Liam Newman made changes -
            Status Resolved [ 5 ] Closed [ 6 ]

            People

              abayer Andrew Bayer
              hrmpw Patrick Wolf
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: