下面是gitlab ci
脚本,它构建Docker镜像并将Docker镜像推送到Dockerhub。此脚本运行正常。
image: docker:latest
stages:
- build
- deploy
services:
- docker:dind
before_script:
- echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
Build:
stage: build
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- >
docker build
--pull
--cache-from $CI_REGISTRY_IMAGE:latest
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
--label "org.opencontainers.image.url=$CI_PROJECT_URL"
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
.
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
Deploy:
variables:
GIT_STRATEGY: none
stage: deploy
only:
- master
script:
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
- docker push $CI_REGISTRY_IMAGE:latest
字符串
我需要将图像推到ECR
,下面的脚本可以正确进行身份验证。
image:
name: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
entrypoint:
- '/usr/bin/env'
assume role:
script:
- >
STS=($(aws sts assume-role-with-web-identity
--role-arn arn:aws:iam::<account-id>:role/gitlab-aws-access-role
--role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
--web-identity-token $CI_JOB_JWT_V2
--duration-seconds 3600
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
--output text))
- export AWS_ACCESS_KEY_ID="${STS[0]}"
- export AWS_SECRET_ACCESS_KEY="${STS[1]}"
- export AWS_SESSION_TOKEN="${STS[2]}"
- TOKEN=$(base64 <<< $CI_JOB_JWT_V2)
- echo $TOKEN
- echo ${AWS_SESSION_TOKEN}
- aws sts get-caller-identity
- aws s3 ls
型
我的问题是使用上面的脚本并与第一个脚本集成,以便gitlab ci将验证并将docker镜像推送到ECR
。
1条答案
按热度按时间mwecs4sa1#
您所需要做的就是添加登录ECR的步骤,当您在映像存储库和described in the documentation here上单击“查看推送命令”时,这些步骤将显示在AWS控制台中。
字符串