目标: 为 Spring Boot 应用程序构建持续集成管道,该应用程序运行 JUnit 测试、打包、构建 docker 映像,最后将该映像推送到 Amazon Elastic Container Registry。
我构建的管道能够运行maven测试阶段,运行maven包,但在执行构建docker镜像的任务时出现抱怨。
下面是管道的屏幕截图。
如您所见,构建和推送作业部分失败。下面是构建和推送作业中包含的任务的屏幕截图。
我们看到错误 上一步中缺少版本。
我的管道看起来像这样
resources:
- name: session-management-service-repo
type: git
icon: github
source:
branch: develop
uri: ((source_url))
username: ((myusername))
password: ((mypassowrd)
- name: ecr-docker-reg
type: registry-image
icon: docker
source:
aws_access_key_id: ((access_key_id))
aws_secret_access_key: ((secret_access_key))
aws_region: ((region))
repository: srm-session-management-service
tag: latest
resource_types:
- name: registry-image
type: docker-image
source:
repository: registry:5000/srm/registry-image-resource
insecure_registries:
- registry:5000
jobs:
- name: test
public: true
plan:
- get: session-management-service-repo
trigger: true
- task: mvn-test-task
file: session-management-service-repo/ci/tasks/maven-test.yml
- name: build-and-push
public: true
serial: true
plan:
- get: session-management-service-repo
trigger: true
passed: [test]
- task: mvn-package-task
file: session-management-service-repo/ci/tasks/maven-package.yml
- task: build-image-task
privileged: true # oci-build-task must run in a privileged container
file: session-management-service-repo/ci/tasks/build-image.yml
- put: ecr-docker-reg
params: {image: image/image.tar}
在这里,我构建了一个从 concourse/registry-image-resource 扩展的自定义资源类型。基本上,我想在资源中包含一些证书,这样当我在代理后面运行时将图像上传到 ECR 时就不会遇到任何问题。因此,此自定义资源的 docker 文件如下所示。我从这个 dockerfile 构建图像,并将该图像推送到运行大厅的同一台服务器上,从而在私有 docker 注册表中运行。稍后在管道中,如您所见,我从自定义 docker 注册表中提取此资源类型...检查资源部分中的 ecr-docker-reg。 (这就是我正在努力做的。)
FROM concourse/registry-image-resource
ARG HTTP_PROXY=http://username:password@myhost:port
ARG HTTPS_PROXY=http://username:password@myhost:port
ARG NO_PROXY=localhost,*.myhost.com,127.0.0.1,.myhost.com
ENV http_proxy=${HTTP_PROXY}
ENV https_proxy=${HTTPS_PROXY}
ENV no_proxy=${NO_PROXY}
ENV HTTP_PROXY=${HTTP_PROXY}
ENV HTTPS_PROXY=${HTTPS_PROXY}
ENV NO_PROXY=${NO_PROXY}
COPY certificates/Cert-CA-bundle.crt /etc/pki/tls/certs/ca-bundle.crt
#RUN apk update && apk add --no-cache curl
maven 打包任务和附带的脚本如下所示
---
platform: linux
image_resource:
type: docker-image
source:
repository: maven
inputs:
- name: session-management-service-repo
run:
path: /bin/sh
args: ["./session-management-service-repo/ci/scripts/maven-package.sh"]
outputs:
- name: session-management-service-repo-out
maven打包脚本
#!/bin/bash
set -e
mvn -version
cd session-management-service-repo
cp -f ci/assets/maven/settings.xml /usr/share/maven/conf/settings.xml
mvn clean package -DskipTests=true
cp -a * ../session-management-service-repo-out
构建图像任务看起来像这样
---
platform: linux
image_resource:
type: registry-image
source:
repository: concourse/oci-build-task
inputs:
- name: session-management-service-repo-out
outputs:
- name: image
params:
CONTEXT: session-management-service-repo-out
run:
path: build
注: 这里需要注意的一件事是,当我使用自定义资源类型时,我开始出现此错误。在使用我的自定义资源类型之前,我没有遇到这个 “上一步中缺少版本” 错误,而是类似于下面的内容,我只在推送 docker 映像时得到,而不是在构建映像时得到,所以我成功地能够来构建形象。但正如您所看到的,这是证书错误,因此我决定使用包含所需证书的自定义资源类型。
selected worker: 1b0fd33bcd2b
WARN[0000] ECR integration is experimental and untested
ERRO[0000] failed to authenticate to ECR: RequestError: send request failed
caused by: Post "https://api.ecr.eu-central-1.amazonaws.com/": x509: certificate signed by unknown authority
ERRO[0000] cannot authenticate with ECR
使用自定义资源类型之前我的管道几乎相似,只是它不包含resource_types部分
resources:
- name: session-management-service-repo
type: git
icon: github
source:
branch: develop
uri: ((source_url))
username: ((myusername))
password: ((mypassword))
- name: ecr-docker-reg
type: registry-image
icon: docker
source:
aws_access_key_id: ((access_key))
aws_secret_access_key: ((secret_access_key))
aws_region: ((region))
repository: srm-session-management-service
tag: latest
jobs:
- name: test
public: true
plan:
- get: session-management-service-repo
trigger: true
- task: mvn-test-task
file: session-management-service-repo/ci/tasks/maven-test.yml
- name: build-and-push
public: true
serial: true
plan:
- get: session-management-service-repo
trigger: true
passed: [test]
- task: mvn-package-task
file: session-management-service-repo/ci/tasks/maven-package.yml
- task: build-image-task
privileged: true # oci-build-task must run in a privileged container
file: session-management-service-repo/ci/tasks/build-image.yml
- put: ecr-docker-reg
params: {image: image/image.tar}
我无法弄清楚我错过了什么或者哪里出了问题。任何建议将不胜感激。 谢谢
仔细检查您的资源类型并确保它们具有正确的图像和标签,您可以拉动它们,大厅也可以拉动它们
尝试在此处使用
version
属性而不是 tag
:
- name: ecr-docker-reg
type: registry-image
icon: docker
source:
aws_access_key_id: ((access_key_id))
aws_secret_access_key: ((secret_access_key))
aws_region: ((region))
repository: srm-session-management-service
**version: latest**