Ниже показан конвейер: -
#!groovy
String version
String awsRegion = "us-east-1"
String appName = "abcde"
String dockerFilePath = "."
def featureEnv = env.BRANCH_NAME != 'master'
String branchName = env.BRANCH_NAME
String env = (env.BRANCH_NAME == 'master') ? 'release' : 'develop'
String ecrRepo = featureEnv ? "123456789012.dkr.ecr.${awsRegion}.amazonaws.com/abcde_${env}" : "987654321098.dkr.ecr.${awsRegion}.amazonaws.com/abcde_master"
String terraformPath = "terraform/dev"
println "Feature Environment=${featureEnv}"
pipeline {
agent none
options {
buildDiscarder(logRotator(numToKeepStr: '30'))
disableConcurrentBuilds()
timeout(time: 6, unit: 'HOURS')
ansiColor('xterm')
}
stages {
stage('version build'){
agent { label 'linux' }
steps {
script {
version = VersionNumber(
versionNumberString: '1.0.${BUILD_NUMBER, X}',
skipFailedBuilds: false)
currentBuild.displayName = version
println "Pipeline Version='${version}'"
}
}
}
stage('Build') {
when {
anyOf { branch 'develop'; branch 'release'; branch 'master' }
}
agent { label 'linux' }
steps {
checkout scm
unstash name: "${appName}-docker"
dir(dockerFilePath) {
sh("""
while IFS= read -r line; do
build_args+=" --build-arg \$line"
done < "env_vars.txt"
#echo \$build_args
docker build -t ${ecrRepo}:${version} \$build_args --no-cache=true .
eval \$(aws ecr get-login --no-include-email --region ${awsRegion})
docker push ${ecrRepo}:${version}
docker rmi ${ecrRepo}:${version}
""")
}
}
}
}
}
Я использую многоотраслевые конвейеры для выполнения задания Jenkins, но для master ветка docker push относится к непроизводственной AWS учетной записи 123456789012 скорее 987654321098 prod account.
Вот консольный вывод Jenkins: -
https://123456789012.dkr.ecr.us-east-1.amazonaws.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /home/jenkins/.docker/config.json.
Configure a credential helper to remove this warning.
Login Succeeded
+ docker push 987654321098.dkr.ecr.us-east-1.amazonaws.com/abcde_master:1.0.3
The push refers to repository [987654321098.dkr.ecr.us-east-1.amazonaws.com/abcde_master]
67fd951a79e2: Preparing
67fd951a79e2: Preparing
f790557d0705: Waiting
5219a8696018: Waiting
denied: Your authorization token has expired. Reauthenticate and try again.
Итак, я добавил отдельный этап в Jenkinsfile только для Prod. Как я могу избежать того же в одном этап, сообщая docker, что учетная запись Prod и pu sh успешно передаются AWS ECR репо, когда ветвь равна master.