Dockercfg generator for GCR / Artifact Registry
This container allows you to generate a temporary dockercfg using your Google API credentials and writes it to a specified filename. Typical usage of this image would be to run it with a volume attached, and write the dockercfg to that volume. Note that this generator only works if you have a local Docker host available. Using a remote Docker host (Docker Machine with AWS, etc) will result in an error because the generator writes to your local file system.
Note, Google deprecated Container Registry in favor of Artifact Registry. You will need to migrate to Artifact Registry to continue using this.
$ cat gcr_creds.env
GOOGLE_AUTH_EMAIL=gcloud-user@myapp-130450.iam.gserviceaccount.com
GOOGLE_PROJECT_ID=myapp-130450
GOOGLE_AUTH_JSON=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
GOOGLE_LOCATION=us-central1
$ docker run -it -v /home/myuser/data:/opt/data --env-file=gcr_creds.env codeship/gcr-dockercfg-generator /opt/data/gcr.dockercfg
Logging into Google GCR
Activated service account credentials for: [gcloud-user@myapp-130450.iam.gserviceaccount.com]
Updates are available for some Cloud SDK components. To install them,
please run:
$ gcloud components update
Syncing GCR credentials
Loading user based configuration file: [/.config/gcloud/properties].
User based configuration files are deprecated and will not be read in a future gcloud release.
ls
Short-lived access for ['gcr.io', 'us.gcr.io', 'eu.gcr.io', 'asia.gcr.io', 'b.gcr.io', 'bucket.gcr.io', 'appengine.gcr.io'] configured.
Writing Docker creds to /opt/data/gcr.dockercfg
$ cat /home/myuser/data/gcr.dockercfg # file is available locally
Codeship supports using custom images to generate dockercfg files during the build process. To use this image to integrate with Google GCR, simply define a entry in your services file for this image, and reference it from any steps or services which need to interact with GCR repositories with the dockercfg_service field. You'll also need to provide the following environment variables using an encrypted env file:
- GOOGLE_AUTH_EMAIL - The email associated with the Google API credentials
- GOOGLE_PROJECT_ID - The ID associated with the project
- GOOGLE_AUTH_JSON - The API credential JSON file, merged onto a single line
- GOOGLE_LOCATION - The regional location of the repository where the image is stored
Here is an example of using a GCR Dockercfg generator to authenticate pushing an image.
# codeship-services.yml
app:
build:
image: gcr.io/project-id/myapp
dockerfile_path: ./Dockerfile
gcr_dockercfg:
image: codeship/gcr-dockercfg-generator
add_docker: true
encrypted_env_file: gcr.env.encrypted
- service: app
type: push
tag: master
image_name: gcr.io/project-id/myapp
registry: https://gcr.io
dockercfg_service: gcr_dockercfg
You can also use this authentication to pull images, or use with caching, by defining the dockercfg_service field on groups of steps, or each individual step that pulls or pushes an image, or by adding the field to specific services.