Login to Google Container Registry (GCR) and Google Artifact Registry (GAR) using the docker-credential-gcr utility.
This plugin is meant to be combined with the gcp-workload-identity-federation plugin to provide short-lived credentials for accessing GCR and GAR registries.
The advantage of using this plugin is that it uses the docker-credential-gcr binary with Application Default Credentials to obtain an oauth2 access token and store it in the $DOCKER_CONFIG/config.json file. The file then contains all of the credentials necessary to access GCR and GAR registries. No additional files are needed such as the credentials.json or token.json created by the gcp-workload-identity-federation plugin. Nor is the docker-credential-gcr binary needed after the token is acquired. This simplifies certain Buildkite workflows by reducing the number of files that need to be mounted into a docker or docker-compose context.
If the docker-credential-gcr binary is already installed on the build worker and available in $PATH it will be used, otherwise a version will be downloaded into a temp dir. The temp dir and the binary will be removed after the plugin runs.
Add the following to your pipeline.yml:
steps:
- command: ./run_build.sh
plugins:
- planetscale/docker-login-gcr#v0.0.1:
registries: ["us-docker.pkg.dev", "gcr.io"] # required. One or more GAR or GCR endpoints to authUsage with the gcp-workload-identity-federation plugin:
steps:
- command: ./run_build.sh
plugins:
- gcp-workload-identity-federation#v1.1.0:
audience: "//iam.googleapis.com/projects/1234567890123/locations/global/workloadIdentityPools/buildkite/providers/buildkite"
service_account: "[email protected]"
- planetscale/docker-login-gcr#v0.0.1:
registries: ["us-docker.pkg.dev", "gcr.io"] # required. One or more GAR or GCR endpoints to authTo run the linters:
make lintTo run the tests:
make testThe release process is currently manual. Bump the tag and push to GitHub.
- Fork the repo
- Make changes
- Run the tests
- Commit and push your changes
- Send a pull request