Jenkins Pipeline Build with Docker, Google Registry, and Google Auth Plugin

Question

I'm building a Docker image using a Jenkins pipeline (using a pipeline script that was auto-generated by JHipster). I want to push my final docker image to the Google Container Registry.

Here's what I've done:

1. I've installed both the CloudBees Docker Custom Build Environment Plugin and the Google Container Registry Auth Plugin.
2. I've set up Google auth credentials in Jenkins following instructions over here
3. I've configured my build step to use the Google Registry tag format, like so: docker.build('us.gcr.io/[my-project-id]/[my-artifact-id]', 'target/docker')
4. I've referenced the id of my Google Auth credentials in my push step:

(Hm. Needs extra text line after bullets to format properly)

docker.withRegistry('https://us.gcr.io', '[my-credential-id]') {
    dockerImage.push 'latest'
}

But the build fails with:

ERROR: Could not find credentials matching [my-credential-id] 
Finished: FAILURE

I'm basically at the point of believing that these plugins don't work in a pipelines world, but I thought I'd ask if anyone has accomplished this and could give me some pointers.

Answer 1

Try prefixing your credentials id by "gcr:".

Your credential id would look like "gcr:[my-credential-id]".

Complete working example:

stage('Build image') {
  app = docker.build("[id-of-your-project-as-in-google-url]/[name-of-the-artifact]")
}
stage('Push image') {
  docker.withRegistry('https://eu.gcr.io', 'gcr:[credentials-id]') {
    app.push("${env.BUILD_NUMBER}")
    app.push("latest")
  }
}

Please note the name of the image. I was struggling with pushing of the image even with working credentials until I've named the image wit [id-of-your-project-as-in-google-url]/[name-of-the-artifact] notation.

When you get a message that you need to enable the Google....... API, you probably got your [id-of-your-project-as-in-google-url] wrong.

Images can now be successfully used with url of eu.gcr.io/[id-of-your-project-as-in-google-url]/[name-of-the-artifact]:47.

LZ

Answer 2

The previous answers didn't seem to work for me anymore. This is the syntax that works for me:

stage('Push Image') {
        steps {
            script {
                docker.withRegistry('https://gcr.io', 'gcr:my-credential-id') {
                    dockerImage.push()
                }
            }
        }
    }

Answer 3

Other way of setting up Google cloud registry can be as below where you use withCredentials plugin and use file credential type.

withCredentials([file(credentialsId: 'gcr-private-repo-reader', variable: 'GC_KEY')]){
                sh '''
                    chmod 600 $GC_KEY
                    cat $GC_KEY | docker login -u _json_key --password-stdin https://eu.gcr.io

                    docker ps
                    docker pull eu.gcr.io/<reponame>/<image>
                '''
                }

Answer 4

check if you have https://plugins.jenkins.io/google-container-registry-auth/ plugin installed.

After plugin installed use gcr:credential-id synthax

Answer 5

The below answer didn't completely work before, and is apparently now deprecated. I'm leaving the text here for historical reasons.

I've ultimately bypassed the problem by using a gcloud script stage in place of a docker pipeline stage, like so:

stage('publish gcloud') {
    sh "gcloud docker -- push us.gcr.io/[my-project-id]/[my-artifact-id]"
}

The gcloud command is able to find the auth credentials that are set up using a gcloud init on the command line of the Jenkins server.