我有一个Jenkins流水线,需要登录两个不同的Docker仓库。我知道如何使用以下命令对一个仓库进行身份验证:
docker.withRegistry('https://registry.example.com', 'credentials-id')
但是不知道如何对超过1个代码库执行此操作?
我有一个Jenkins流水线,需要登录两个不同的Docker仓库。我知道如何使用以下命令对一个仓库进行身份验证:
docker.withRegistry('https://registry.example.com', 'credentials-id')
但是不知道如何对超过1个代码库执行此操作?
docker.withRegistry
调用实际上可以按预期工作。每次调用都会添加提供的凭据到 /home/jenkins/.dockercfg
文件中。// Empty registry ('') means default Docker Hub `https://index.docker.io/v1/`
docker.withRegistry('', 'dockerhub-credentials-id') {
docker.withRegistry('https://private-registry.example.com', 'private-credentials-id') {
// your build steps ...
}
}
这使您可以在使用提供的凭据时从Docker Hub拉取基础镜像以避免最近引入的拉取限制,并将结果推送到另一个Docker注册表。
agent {
docker {
image 'myregistry.com/node'
label 'my-defined-label'
registryUrl 'https://myregistry.com/'
registryCredentialsId 'myPredefinedCredentialsInJenkins'
}
}
使用源代码库中的Dockerfile构建一个容器,执行Pipeline或阶段。要使用此选项,Jenkinsfile必须从多分支Pipeline或SCM Pipeline中加载。
dockerfile还可以选择接受registryUrl和registryCredentialsId参数,用于指定要使用的Docker Registry及其凭据。例如:
agent {
dockerfile {
filename 'Dockerfile.build'
dir 'build'
label 'my-defined-label'
registryUrl 'https://myregistry.com/'
registryCredentialsId 'myPredefinedCredentialsInJenkins'
}
}
pipeline {
stages {
stage('First') {
agent {
docker {
... // First registry
}
}
steps {
...
}
}
stage('Second') {
agent {
docker {
... // Second registry
}
}
steps {
...
}
}
}
}
script
块将声明性语法与脚本语法结合使用,其中可以使用脚本语法。例如:pipeline {
agent {
docker {
image 'myregistry.com/node'
registryUrl 'https://myregistry.com/'
registryCredentialsId 'myPredefinedCredentialsInJenkins'
}
}
stages {
stage("Build") {
steps {
script {
echo 'Using custom registry https://myregistry2.com/'
docker.withRegistry('https://myregistry2.com/', 'myPredefinedCredentialsInJenkins2') {
// Use the second registry here
}
}
}
}
}
}
def call(String registry, String credentialsId, Closure body) {
println "Log in to ${registry}"
withCredentials([usernamePassword(credentialsId: 'credentialsId', usernameVariable: 'DOCKER_USERNAME', passwordVariable: 'DOCKER_PASSWORD')]) {
sh "docker login -u \$DOCKER_USERNAME -p \$DOCKER_PASSWORD ${registry}"
}
try {
body()
}
finally {
println "Log out from ${registry}"
sh "docker logout ${registry}" // clean up the session
}
}
library "myLib"
pipeline {
agent any
stages {
stage('Single Registry') {
steps {
useDockerRegistry('https://myregistry.com/', 'registryCredentials') {
... // code using myregistry
}
}
}
stage('Multiple Registries') {
steps {
useDockerRegistry('https://myregistry.com/', 'registryCredentials') {
useDockerRegistry('https://myregistry2.com/', 'registry2Credentials') {
... // code using myregistry & myregistry2
}
}
}
}
}
}
当您正在使用两个注册表但只需要一个注册表的凭据时,可以使用此部分答案。您可以嵌套调用,因为它们基本上只执行保持活动状态的docker登录,并将注册表域名添加到docker推送等操作中。
在脚本化的Jenkins pipeline或声明性Jenkins pipeline的脚本{ }部分中使用此代码:
docker.withRegistry('https://registry.example1.com') { // no credentials here
docker.withRegistry('https://registry.example2.com', 'credentials-id') { // credentials needed
def container = docker.build('myImage')
container.inside() {
sh "ls -al" // example to run on the newly built
}
}
}
pipeline {
agent any
environment {
DOCKER_REGISTRY_1 = 'https://first.registry.com'
DOCKER_REGISTRY_2 = 'https://second.registry.com'
CREDENTIALS_ID_1 = 'credentials-id-1'
CREDENTIALS_ID_2 = 'credentials-id-2'
}
stages {
stage('Build and Push Image to Registry 1') {
steps {
script {
// Authenticate with the first Docker registry
docker.withRegistry(DOCKER_REGISTRY_1, CREDENTIALS_ID_1) {
// Build and push your Docker image to the first registry
docker.build('your-image-name:tag').push()
}
}
}
}
stage('Build and Push Image to Registry 2') {
steps {
script {
// Authenticate with the second Docker registry
docker.withRegistry(DOCKER_REGISTRY_2, CREDENTIALS_ID_2) {
// Build and push your Docker image to the second registry
docker.build('your-image-name:tag').push()
}
}
}
}
// Add more stages if required
}
}