Below you can find two examples of using a private Docker container as the box in a pipeline.
In order to pull in a private container you specify your repository via the
id parameter. Here we fetch the repository python belonging to the user
guido. You can provide a
$PASSWORD for the Docker registry via environment variables specified through the Wercker web interface.
build: box: id: guido/python username: $USERNAME password: $PASSWORD tag: latest steps: - script: name: echo
registry parameter is not necessary (see the next example) for images obtained from Docker Hub as it is the default registry that we fetch from.
You can pull a Docker image from a private registry as follows.:
build: box: id: quay.io/knuth/golang username: $USERNAME password: $PASSWORD tag: beta registry: quay.io steps: - script: name: echo code: echo "hello world!"
The username in this case is
knuth and the repository is
golang. Again the
$USERNAME/$PASSWORD combination is passed along through environment variables that you either have exported or defined in the Wercker web interface.
The domain name for the private registry (in this case
quay.io) is defined before the
username/repo combination when using a custom registry.
Note that as opposed to the services section, which is a list of items, the box section contains a singular item and as such is not preceded by a
Pulling private images from an Amazon ECR instance requires a few more paramaters.
Below is an example of pulling an image called
alpine from ECR using a set of environment variables.
Note that the
aws-registry-id is the numerical value that is provided by AWS once you crate an ECR instance. E.g.:
box: id: alpine cmd: /bin/sh aws-access-key: $AWS_ACCESS_KEY_ID aws-secret-key: $AWS_SECRET_ACCESS_KEY aws-region: us-east-1 aws-registry-id: $AWS_REGISTRY_ID build: (...)
When pulling a private image from the Google Container Registry (also known as gcr.io) you need to authenticate by using a JSON key file associated with a Google service account.
Note that the username must be set to
_json_key; otherwise the authentication will fail. You can store the contents of the JSON file in an environment variable called
The contents of the JSON file must not contain newlines when they are added as an environment variable.
box: id: gcr.io/<MY-PROJECT-ID>/<MY-IMAGE> username: _json_key password: $GCR_JSON_KEY_FILE registry: https://gcr.io tag: <MY-IMAGE-TAG>