我已经设置了
gitlab-ci.yaml
将 docker 镜像推送到 ECR。以下是脚本文件定义。
image:
name: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
entrypoint:
- '/usr/bin/env'
stages:
- build
- deploy
services:
- docker:dind
before_script:
- >
STS=($(aws sts assume-role-with-web-identity
--role-arn arn:aws:iam::831955480324:role/gitlab-aws-access-role
--role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
--web-identity-token $CI_JOB_JWT_V2
--duration-seconds 3600
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
--output text))
- export AWS_ACCESS_KEY_ID="${STS[0]}"
- export AWS_SECRET_ACCESS_KEY="${STS[1]}"
- export AWS_SESSION_TOKEN="${STS[2]}"
- TOKEN=$(base64 <<< $CI_JOB_JWT_V2)
- echo $TOKEN
- echo ${AWS_SESSION_TOKEN}
- aws sts get-caller-identity
- aws s3 ls
Build:
stage: build
services:
- docker:dind
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- >
docker build
--pull
--cache-from $CI_REGISTRY_IMAGE:latest
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
--label "org.opencontainers.image.url=$CI_PROJECT_URL"
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
.
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
Deploy:
variables:
GIT_STRATEGY: none
stage: deploy
only:
- master
script:
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
- docker push $CI_REGISTRY_IMAGE:latest
aws s3
命令工作正常,但 docker 命令不起作用。我收到以下错误:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
我需要同时使用 docker 和 aws 镜像。一个用于构建 docker 镜像,另一个用于将镜像推送到 ECR。正确的方法是什么?我哪里出错了?
如果您想使用 Docker-in-Docker,则必须始终在 Docker 容器中使用privileged = true。