no basic auth credentials - error pushing docker image to ECR
0
I'm struggling pushing a docker image to amazon registry (ECR) through my aws codepipeline. Despite I'm able to successfully login into the registry docker push fails with error no basic auth credentials
Here the buildspec.yml used by my codepipeline
version: 0.2
phases:
install:
runtime-versions:
java: corretto8
pre_build:
commands:
- echo -e "[INFO] \t\t In the pre_build phase..."
- echo -e "[INFO] \t\t Logging in to Amazon ECR..."
- aws --version
- aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com
- cat ~/.docker/config.json
- REPOSITORY_URI=<ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library
build:
commands:
- echo -e "[INFO] \t\t In the build phase..."
- echo -e "[INFO] \t\t Listing build folder directory..."
- ls -lrtha
- which docker
- ./build_script.sh
- docker build --build-arg JAR_FILE=build/libs/*.jar -t javaapp-aws:0.0.1 .
- docker tag <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1
post_build:
commands:
- echo -e "[INFO] \t\t In the post_build phase..."
- echo -e "[INFO] \t\t Build completed"
- docker images
- docker push <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1
- printf '{"ImageURI":"%s"}' <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1 > imagedefinitions.json
artifacts:
files: imagedefinitions.json
Here the logs from the build phase
[Container] 2022/10/28 21:08:38 going inside waitForAgent
[Container] 2022/10/28 21:08:38 Waiting for agent ping
[Container] 2022/10/28 21:08:41 Waiting for DOWNLOAD_SOURCE
[Container] 2022/10/28 21:08:41 Phase is DOWNLOAD_SOURCE
[Container] 2022/10/28 21:08:41 finished waitForAgent
[Container] 2022/10/28 21:08:41 inside CopySrc
[Container] 2022/10/28 21:08:41 CODEBUILD_SRC_DIR=/codebuild/output/src628607031/src
[Container] 2022/10/28 21:08:41 finished CopySrc
[Container] 2022/10/28 21:08:41 YAML location is /codebuild/readonly/buildspec.yml
[Container] 2022/10/28 21:08:41 No commands found for phase name: install
[Container] 2022/10/28 21:08:41 Setting HTTP client timeout to higher timeout for S3 source
[Container] 2022/10/28 21:08:41 Processing environment variables
[Container] 2022/10/28 21:08:41 Selecting 'java' runtime version 'corretto8' based on manual selections...
[Container] 2022/10/28 21:08:41 Running command echo "Installing corretto(OpenJDK) version 8 ..."
Installing corretto(OpenJDK) version 8 ...
[Container] 2022/10/28 21:08:41 Running command export JAVA_HOME="$JAVA_8_HOME"
[Container] 2022/10/28 21:08:41 Running command export JRE_HOME="$JRE_8_HOME"
[Container] 2022/10/28 21:08:41 Running command export JDK_HOME="$JDK_8_HOME"
[Container] 2022/10/28 21:08:41 Running command for tool_path in "$JAVA_8_HOME"/bin/* "$JRE_8_HOME"/bin/*;
do tool=`basename "$tool_path"`;
if [ $tool != 'java-rmi.cgi' ];
then
rm -f /usr/bin/$tool /var/lib/alternatives/$tool \
&& update-alternatives --install /usr/bin/$tool $tool $tool_path 20000;
fi;
done
[Container] 2022/10/28 21:08:44 Moving to directory /codebuild/output/src628607031/src
[Container] 2022/10/28 21:08:44 Configuring ssm agent with target id: codebuild:e2e7f1b3-7716-4764-90cf-8ca556103f3a
[Container] 2022/10/28 21:08:44 Successfully updated ssm agent configuration
[Container] 2022/10/28 21:08:44 Registering with agent
[Container] 2022/10/28 21:08:44 Phases found in YAML: 4
[Container] 2022/10/28 21:08:44 INSTALL: 0 commands
[Container] 2022/10/28 21:08:44 PRE_BUILD: 6 commands
[Container] 2022/10/28 21:08:44 BUILD: 8 commands
[Container] 2022/10/28 21:08:44 POST_BUILD: 5 commands
[Container] 2022/10/28 21:08:44 Phase complete: DOWNLOAD_SOURCE State: SUCCEEDED
[Container] 2022/10/28 21:08:44 Phase context status code: Message:
[Container] 2022/10/28 21:08:44 Entering execCommands
[Container] 2022/10/28 21:08:44 Entering phase INSTALL
[Container] 2022/10/28 21:08:44 Phase complete: INSTALL State: SUCCEEDED
[Container] 2022/10/28 21:08:44 Phase context status code: Message:
[Container] 2022/10/28 21:08:44 Entering phase PRE_BUILD
[Container] 2022/10/28 21:08:44 Running command echo -e "[INFO] \t\t In the pre_build phase..."
[INFO] In the pre_build phase...
[Container] 2022/10/28 21:08:44 Running command echo -e "[INFO] \t\t Logging in to Amazon ECR..."
[INFO] Logging in to Amazon ECR...
[Container] 2022/10/28 21:08:44 Running command aws --version
aws-cli/1.25.1 Python/3.8.10 Linux/4.14.281-212.502.amzn2.x86_64 exec-env/AWS_ECS_EC2 botocore/1.27.1
[Container] 2022/10/28 21:08:44 Running command aws ecr get-login-password --region <ACCOUNTID> | docker login --username AWS --password-stdin <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[Container] 2022/10/28 21:08:45 Running command cat ~/.docker/config.json
{
"auths": {
"<ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com": {
"auth": "HEREISSTOREDTHELONGAUTHTOCKEN"
}
}
}
[Container] 2022/10/28 21:08:45 Running command REPOSITORY_URI=<ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library
[Container] 2022/10/28 21:08:45 Phase complete: PRE_BUILD State: SUCCEEDED
[Container] 2022/10/28 21:08:45 Phase context status code: Message:
[Container] 2022/10/28 21:08:45 Entering phase BUILD
[Container] 2022/10/28 21:08:45 Running command echo -e "[INFO] \t\t In the build phase..."
[INFO] In the build phase...
[Container] 2022/10/28 21:08:45 Running command echo -e "[INFO] \t\t Listing build folder directory..."
[INFO] Listing build folder directory...
[Container] 2022/10/28 21:08:45 Running command ls -lrtha
total 52K
-rw-rw-r-- 1 root root 14 Oct 28 09:06 version.txt
-rw-rw-r-- 1 root root 34 Oct 28 09:06 settings.gradle
-rwxrwxr-x 1 root root 1.2K Oct 28 09:06 release.sh
-rw-rw-r-- 1 root root 25 Oct 28 09:06 info.txt
-rw-rw-r-- 1 root root 2.7K Oct 28 09:06 gradlew.bat
-rwxrwxr-x 1 root root 5.7K Oct 28 09:06 gradlew
-rwxrwxr-x 1 root root 120 Oct 28 09:06 get_tag.sh
-rwxrwxr-x 1 root root 920 Oct 28 09:06 build_script.sh
-rw-rw-r-- 1 root root 912 Oct 28 09:06 build.gradle
-rw-rw-r-- 1 root root 0 Oct 28 09:06 application.yml
-rw-rw-r-- 1 root root 692 Oct 28 09:06 README.md
-rw-rw-r-- 1 root root 113 Oct 28 09:06 Dockerfile
-rw-rw-r-- 1 root root 293 Oct 28 09:06 .gitignore
drwxr-xr-x 3 root root 18 Oct 28 21:08 src
drwxr-xr-x 3 root root 21 Oct 28 21:08 gradle
drwxr-xr-x 4 root root 278 Oct 28 21:08 .
drwxr-xr-x 3 root root 17 Oct 28 21:08 ..
[Container] 2022/10/28 21:08:45 Running command which docker
/usr/local/bin/docker
[Container] 2022/10/28 21:08:45 Running command ./build_script.sh
[INFO] Building component image for javaapp-aws, version 0.0.1
[INFO] Building java...
Downloading https://services.gradle.org/distributions/gradle-7.2-bin.zip
..........10%...........20%...........30%...........40%...........50%...........60%...........70%...........80%...........90%...........100%
Welcome to Gradle 7.2!
Here are the highlights of this release:
- Toolchain support for Scala
- More cache hits when Java source files have platform-specific line endings
- More resilient remote HTTP build cache behavior
For more details see https://docs.gradle.org/7.2/release-notes.html
Starting a Gradle Daemon (subsequent builds will be faster)
> Task :compileJava
> Task :processResources NO-SOURCE
> Task :classes
> Task :bootJarMainClassName
> Task :bootJar
> Task :jar SKIPPED
> Task :assemble
> Task :compileTestJava NO-SOURCE
> Task :processTestResources NO-SOURCE
> Task :testClasses UP-TO-DATE
> Task :test NO-SOURCE
> Task :check UP-TO-DATE
> Task :build
BUILD SUCCESSFUL in 1m 3s
3 actionable tasks: 3 executed
[Container] 2022/10/28 21:09:49 Running command docker build --build-arg JAR_FILE=build/libs/*.jar -t javaapp-aws:0.0.1 .
Sending build context to Docker daemon 38.05MB
Step 1/5 : FROM openjdk:8-jdk-alpine
8-jdk-alpine: Pulling from library/openjdk
e7c96db7181b: Pulling fs layer
f910a506b6cb: Pulling fs layer
c2274a1a0e27: Pulling fs layer
f910a506b6cb: Verifying Checksum
f910a506b6cb: Download complete
e7c96db7181b: Verifying Checksum
e7c96db7181b: Download complete
e7c96db7181b: Pull complete
f910a506b6cb: Pull complete
c2274a1a0e27: Verifying Checksum
c2274a1a0e27: Download complete
c2274a1a0e27: Pull complete
Digest: sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3
Status: Downloaded newer image for openjdk:8-jdk-alpine
---> a3562aa0b991
Step 2/5 : ARG JAR_FILE
---> Running in 5f2f64973a5f
Removing intermediate container 5f2f64973a5f
---> 3323b6a04548
Step 3/5 : COPY ${JAR_FILE} app.jar
---> 5f2e1367eabe
Step 4/5 : ENTRYPOINT ["java","-jar","/app.jar"]
---> Running in d75a0dcd812b
Removing intermediate container d75a0dcd812b
---> 69e20eacbcbe
Step 5/5 : EXPOSE 8080
---> Running in acb0e7e5dcae
Removing intermediate container acb0e7e5dcae
---> 275d152d55fc
Successfully built 275d152d55fc
Successfully tagged javaapp-aws:0.0.1
[Container] 2022/10/28 21:09:55 Running command docker tag javaapp-aws:0.0.1 <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1
[Container] 2022/10/28 21:09:55 Phase complete: BUILD State: SUCCEEDED
[Container] 2022/10/28 21:09:55 Phase context status code: Message:
[Container] 2022/10/28 21:09:55 Entering phase POST_BUILD
[Container] 2022/10/28 21:09:55 Running command echo -e "[INFO] \t\t In the post_build phase..."
[INFO] In the post_build phase...
[Container] 2022/10/28 21:09:55 Running command echo -e "[INFO] \t\t Build completed"
[INFO] Build completed
[Container] 2022/10/28 21:09:55 Running command docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws 0.0.1 275d152d55fc Less than a second ago 142MB
javaapp-aws 0.0.1 275d152d55fc Less than a second ago 142MB
openjdk 8-jdk-alpine a3562aa0b991 3 years ago 105MB
[Container] 2022/10/28 21:09:55 Running command docker push <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1
The push refers to repository [<ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws]
5c8eac8a352b: Preparing
ceaf9e1ebef5: Preparing
9b9b7f3d56a0: Preparing
f1b5933fe4b5: Preparing
no basic auth credentials
[Container] 2022/10/28 21:09:55 Command did not exit successfully docker push <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1 exit status 1
[Container] 2022/10/28 21:09:55 Phase complete: POST_BUILD State: FAILED
[Container] 2022/10/28 21:09:55 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: docker push <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1. Reason: exit status 1
[Container] 2022/10/28 21:09:55 exiting execCommands
[Container] 2022/10/28 21:09:55 Expanding base directory path: .
[Container] 2022/10/28 21:09:55 Assembling file list
[Container] 2022/10/28 21:09:55 Expanding .
[Container] 2022/10/28 21:09:55 Expanding file paths for base directory .
[Container] 2022/10/28 21:09:55 Assembling file list
[Container] 2022/10/28 21:09:55 Expanding imagedefinitions.json
[Container] 2022/10/28 21:09:55 Skipping invalid file path imagedefinitions.json
[Container] 2022/10/28 21:09:55 Phase complete: UPLOAD_ARTIFACTS State: FAILED
[Container] 2022/10/28 21:09:55 Phase context status code: CLIENT_ERROR Message: no matching artifact paths found
What is strage is that the login command works as per above log. Paste here a snipped to focus on
[Container] 2022/10/28 21:08:44 Running command aws --version
aws-cli/1.25.1 Python/3.8.10 Linux/4.14.281-212.502.amzn2.x86_64 exec-env/AWS_ECS_EC2 botocore/1.27.1
[Container] 2022/10/28 21:08:44 Running command aws ecr get-login-password --region <ACCOUNTID> | docker login --username AWS --password-stdin <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
but at the end get error
[Container] 2022/10/28 21:09:55 Running command docker push <ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws:0.0.1 The push refers to repository [<ACCOUNTID>.dkr.ecr.<AWSREGION>.amazonaws.com/library/javaapp-aws] 5c8eac8a352b: Preparing ceaf9e1ebef5: Preparing 9b9b7f3d56a0: Preparing f1b5933fe4b5: Preparing no basic auth credentials
any suggestion?
tks
I've also tried locally on my laptop but got the same issue I'm experiencing within the pipeline.
Attached to codebuild there are the following policies
EC2InstanceProfileForImageBuilderECRContainerBuilds
AmazonEC2ContainerRegistryPowerUser
Language
English
asked a year ago2687 viewslg...
1 Answer
- Newest
- Most votes
- Most comments
Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.
0
Your logs indicate this log output:
[Container] 2022/10/28 21:08:44 Running command aws ecr get-login-password --region <ACCOUNTID>
I would expect the region here, not the <ACCOUNTID>. Also, for that version of the AWS CLI, I use the aws ecr get-login command. While it says it is deprecated, I am still using it with that AWS CLI version. I also send the output to /dev/null to hide the output of the command in the logs.
$(aws ecr get-login --no-include-email --region ${AWS_DEFAULT_REGION}) > /dev/null 2>&1
answered a year agolg...
Relevant content
- asked 2 years agolg...
- asked 2 years agolg...
- Accepted Answerasked 2 years agolg...
- asked a year agolg...
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
