CODEWITHSUNDEEP
amazon-web-servicesdockeraws-cdkaws-codebuild
Gary Holiday
Gary Holiday

Reputation: 3582

How to provide Docker Credentials for AWS CodeBuild automatic image pull

I have a CodeBuild project that pulls an image from a public Docker repository. I'm running into the known issue of too many pulls, so I want to login to Docker and pull the image because I have a valid Docker license.

However, I can't seem to find any documentation on how to set my credentials in CodeBuild. The only examples I see, are logging in via the buildspec.yml and then pulling the docker image. This does not work for me because I'm setting the docker image in the CodeBuild configuration.

I'm using CDK and this is my current CodeBuild configuration:

const myCodeBuild = new codeBuild.Project(this, 'myCodeBuild', {
  source: githubsrc,
  secondarySources: [ githubsrc2 ],
  role: new BuildRole(this, 'myCodeBuildRole').role,
  buildSpec: codeBuild.BuildSpec.fromObject(buildSpec),
  environment: {
    buildImage: codeBuild.LinuxBuildImage.fromDockerRegistry('salesforce/salesforcedx:latest-rc-full'
  },
});

This creates a CodeBuild project that will automatically use the provided Docker Image. There is never a chance to login before it is pulled.

Upvotes: 0

Views: 878

Answers (1)

gshpychka
gshpychka

Reputation: 11588

fromDockerRegistry supports authentication. To use it, create a Secrets Manager secret that contains the username and password fields with your Docker Hub credentials and pass it to the function. (Documentation reference for the secret format)

Using the example from the docs:

environment: {
  buildImage: codebuild.LinuxBuildImage.fromDockerRegistry('my-registry/my-repo', {
    secretsManagerCredentials: secrets,
  }),
},

secrets is your Secrets Manager secret here.

Upvotes: 1

Related Questions