We’ve got some integration tests that run inside the docker plugin. Those integration tests want to pull down some docker images for their own purposes. I’d like to pull them from ECR - the same ECR that the ECR plugin has already authenticated to, but I’ve kind of reached a deadend. (We’re on AWS Stack, instance is x86 Linux, agent is v3.43.1)
plugins: - ecr#v2.7.0: login: true account_ids: - "d" - "p" region: us-west-2 no-include-email: true - docker#v5.3.0: image: "d.dkr.ecr.us-west-2.amazonaws.com/imagename" command: "./run-integration-tests.sh" expand-volume-vars: true volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "$BUILDKITE_DOCKER_CONFIG_TEMP_DIRECTORY/.docker/config.json:/root/.docker/config.json" propagate-environment: true ... environment: - "BUILDKITE_DOCKER_CONFIG_TEMP_DIRECTORY"
On the instance,
BUILDKITE_DOCKER_CONFIG_TEMP_DIRECTORY correctly points to a
/tmp/tmp.XXX/ dir with a
config.json in it. Infact, if I run
env as part of my integration test, the
BUILDKITE_DOCKER_CONFIG_TEMP_DIRECTORY brought in through
environment: has the correct
/tmp/tmp.XXX path, however, the resolved value used in the
volumes: stanza is a different
Is this the correct way to give the
docker command, running inside the docker plugin, access to private ECR repositories (as previously authenticated via the ECR plugin)?