The docker registry artifact plugin provides a way to push and pull docker images on GoCD
- GoCD Server 18.7+
- Docker registry
- Docker daemon
- Download the right version of the plugin from the Releases page. The direct link to the latest released version is: https://github.com/gocd/docker-registry-artifact-plugin/releases/latest
- Copy the file
build/libs/docker-registry-artifact-plugin-VERSION.jar
to the GoCD server under${GO_SERVER_DIR}/plugins/external
and restart the server. * TheGO_SERVER_DIR
is usually/var/lib/go-server
on Linux andC:\Program Files\Go Server
on Windows.
There are three levels of configuration needed in order for publishing and fetching a docker image as an artifact.
-
Login to GoCD server as admin and navigate to Admin > Artifact Stores
-
Click on
Add
to add the store details for the plugin.- Specify the store id
- Choose the docker registry artifact plugin
- Specify the
Docker Registry Url
- Specify the
Registry Type
- Specify registry details
If
Registry Type
isecr
:If
Registry Type
isother
:
Properties | Description | Mandatory |
---|---|---|
RegistryType |
Can be either ecr or other |
yes |
If RegistryType
is ecr
:
Properties | Description | Mandatory |
---|---|---|
RegistryID |
ECR registry id to push and pull images | yes |
AWSRegion |
The aws region key to execute ecr get authorization token request | yes |
AWSAccessKeyId |
The aws access key id to execute ecr get authorization token request | no |
AWSSecretAccessKey |
The aws secret access key to execute ecr get authorization token request | no |
Note: If the AWSAccessKeyId and AWSSecretAccessKey are not provided, the following configurations are checked:
- Environment Variables
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
- System Properties
aws.accessKeyId
andaws.secretKey
- Credential profiles file at the default location (~/.aws/credentials)
- Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable
- Instance profile credentials delivered through the Amazon EC2 metadata service
If RegistryType
is other
Properties | Description | Mandatory |
---|---|---|
RegistryURL |
Registry to push and pull images | yes |
Username |
Username to authenticate with the docker registry. | yes |
Password |
Password to authenticate with the docker registry. | yes |
-
Navigate to the
Artifacts
tab under Stage > Job -
Choose artifact type
External
- Specify the
artifact id
. - Specify the
store id
of an existing artifact store
- Specify the
-
Configure the build specific artifact details.
- Optionally specify the
Image
andTag
. Usually, theTag
can be an environment variable that changes for every build. For example, theGO_PIPELINE_LABEL
can be used to publish a versioned docker image. - Optionally specify the
BuildFile
. Specify a json file name. The format of the file should be{"image": "name", "tag": "tag pattern"}
. TheBuildFile
option can be used if theTag
option cannot be specified for the tag pattern you want to use. The generation of this json file must be handled within the GoCD job. - A private registry has to be part of the image name, like
RegistryURL/Image
.
- Optionally specify the
Although the artifact store contains the registry url or the registry ID (in case of ECR), the image that needs to be published to the registry still needs to be tagged appropriately with the registry information. Otherwise, the docker client will be unable to push the image to the registry.
Specify the image as shown in the examples below for various container registries:
-
DockerHub:
<DOCKERHUB_USERNAME>/image
-
Quay:
quay.io/<username>/image
-
GCR:
gcr.io/<username>/image
-
ECR:
<registry_id>.dkr.ecr.<aws_region>.amazonaws.com/image
To pull an image from an upstream pipeline or stage, the following information is required:
-
Specify a
Pipeline Dependency
material if you have an upstream pipeline you want to pull the docker image. -
Navigate to
Tasks
tab under Stage > Job -
Add a
Fetch Artifact
task- Choose artifact origin type
External
- Specify the pipeline, stage and job name.
- Specify the artifact id of the external artifact that belongs to the upstream job
- Choose artifact origin type
Edit the file wrapper-properties.conf
on your GoCD server and add the following options. The location of the wrapper-properties.conf
can be found in the installation documentation of the GoCD server.
# We recommend that you begin with the index `100` and increment the index for each system property
wrapper.java.additional.100=-Dplugin.cd.go.artifact.docker.registry.log.level=debug
If you're running with GoCD server 19.6 and above on docker using one of the supported GoCD server images, set the environment variable GOCD_SERVER_JVM_OPTIONS
:
docker run -e "GOCD_SERVER_JVM_OPTIONS=-Dplugin.cd.go.artifact.docker.registry.log.level=debug" ...
-
On Linux:
Enabling debug level logging can help you troubleshoot an issue with this plugin. To enable debug level logs, edit the file
/etc/default/go-server
(for Linux) to add:export GO_SERVER_SYSTEM_PROPERTIES="$GO_SERVER_SYSTEM_PROPERTIES -Dplugin.cd.go.artifact.docker.registry.log.level=debug"
If you're running the server via
./server.sh
script:$ GO_SERVER_SYSTEM_PROPERTIES="-Dplugin.cd.go.artifact.docker.registry.log.level=debug" ./server.sh
-
On windows:
Edit the file
config/wrapper-properties.conf
inside the GoCD Server installation directory (typicallyC:\Program Files\Go Server
):# config/wrapper-properties.conf # since the last "wrapper.java.additional" index is 15, we use the next available index. wrapper.java.additional.16=-Dplugin.cd.go.artifact.docker.registry.log.level=debug
To build the jar, run ./gradlew clean test assemble
Copyright 2022 Thoughtworks, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
The code in this repository is licensed under the Apache 2.0 license. The license itself specifies the terms under which derivative works may be distributed (the license also defines derivative works). The Apache 2.0 license is a permissive open source license that has minimal requirements for downstream licensors/licensees to comply with.
This does not prevent your plugin from being licensed under a different license as long as you comply with the relevant clauses of the Apache 2.0 license (especially section 4). Typically, you clone this repository and keep the existing copyright notices. You are free to add your own license and copyright notice to any modifications.
This is not legal advice. Please contact your lawyers if needed.