You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 18, 2020. It is now read-only.
Given that I am able to docker push to both Dockerhub and a second registry (eg, GCR)
When I run pack build gcr.io/example/image/reference --path path/to/app/ --publish
Then I see that my image is built and published to GCR.
Observed behaviour
An error like this one is seen:
[exporter] 2019/01/24 15:34:01 Error: connect to repo store 'packs/run:v3alpha2': notoken in bearer response:
[exporter] {"details":"incorrect username or password"}
This error is not observed when the pack build image parameter is pushed to Dockerhub.
Description
Project riff consumes pack as a library, but the path through the pack and lifecycle code is the same as the CLI recreation above.
We currently believe that this is because pack authenticates to the registry where the application image belongs and collects a bearer token usable in Authorization headers. This token is injected into lifecycle containers via a PACK_REGISTRY_AUTH environment variable. But when the application image is intended for one registry (eg, GCR) and the run image is found in a different registry (eg, Dockerhub), this scheme won't work, as the second registry will reject the token provided by the first registry.
The text was updated successfully, but these errors were encountered:
* CNB_REGISTRY_AUTH provides a json map of registry to auth header
* PACK_REGISTRY_AUTH provides a single auth header (deprecated)
[buildpacks/roadmap#42]
Signed-off-by: Emily Casey <ecasey@pivotal.io>
Signed-off-by: Matthew McNew <mmcnew@pivotal.io>
* CNB_REGISTRY_AUTH provides a json map of registry to auth header
* PACK_REGISTRY_AUTH provides a single auth header (deprecated)
[buildpacks/roadmap#42]
Signed-off-by: Matthew McNew <mmcnew@pivotal.io>
Signed-off-by: Emily Casey <ecasey@pivotal.io>
+ This allows the runImage to be in a different registry than the app image
[buildpacks/roadmap#42]
Signed-off-by: Emily Casey <ecasey@pivotal.io>
Signed-off-by: Matthew McNew <mmcnew@pivotal.io>
Originally reported by @scothis on behalf of @projectriff.
Expected behaviour
Given that I am able to
docker push
to both Dockerhub and a second registry (eg, GCR)When I run
pack build gcr.io/example/image/reference --path path/to/app/ --publish
Then I see that my image is built and published to GCR.
Observed behaviour
An error like this one is seen:
This error is not observed when the
pack build
image parameter is pushed to Dockerhub.Description
Project riff consumes
pack
as a library, but the path through thepack
andlifecycle
code is the same as the CLI recreation above.We currently believe that this is because
pack
authenticates to the registry where the application image belongs and collects a bearer token usable inAuthorization
headers. This token is injected into lifecycle containers via aPACK_REGISTRY_AUTH
environment variable. But when the application image is intended for one registry (eg, GCR) and therun
image is found in a different registry (eg, Dockerhub), this scheme won't work, as the second registry will reject the token provided by the first registry.The text was updated successfully, but these errors were encountered: