问题描述
我正在研究 buildpacks.io 标准,我想制作自己的平台。
我在将图像导出到 docker hub 时遇到问题。我还没有编写 exporter,但我正在使用 buildpacks.io 项目中的一个,如下所示。
平台是一个可执行文件,给定一个构建镜像(heroku/buildpacks)将
- 从该映像启动构建容器并设置一些环境变量
- 将源代码复制到构建容器中的预定义目录
- 执行
/cnb/lifecycle/creator
作为对 buildah 的炮击的最小实现将是这样的。
#! /usr/bin/env bash
# this script is a buildpacks.io implementation of a platform
readonly SCRIPT_NAME="$(basename "$0")"
run () {
local -r builder_image="$1"
local -r app_name="$2"
local -r new_container=$(buildah from "$builder_image")
# here we can set-up all the environment variables that are
# requested by the plaftorm API
buildah config -e CNB_PLATFORM_API="0.5" "$new_container"
# this is useful for debugging what is actually happening
# during the lifecycle
buildah config -e CNB_LOG_LEVEL="debug" "$new_container"
# I have mounted my credentials directory inside this build container
# this is where it should be found
# buildah run "$new_container" cat /home/heroku/.docker/config.json
# finally we can copy what we want built and packaged as an image
buildah copy "$new_container" '.' '/workspace'
buildah run "$new_container" /cnb/lifecycle/creator "$app_name"
# remove this build container when done
#buildah rm "$new_container"
}
run "$@"
好消息是,我到达了某个地方,我可以完成 buildpacks.io 生命周期中描述的阶段,但是当生命周期尝试将生成的图像上传到远程时出现错误。
从一个仅包含一个文件的示例目录中,我可以在运行时打印“Hello world”。
$ buildpacks docker://docker.io/heroku/buildpacks docker.io/edoput/buildpacks-example
Getting image source signatures
copying blob 9c080d283a81 skipped: already exists
...
copying blob e80fe5117c2a [--------------------------------------] 0.0b / 0.0b
copying config 451cf0ce8d done
Writing manifest to image destination
Storing signatures
container ID must be specified
ERRO exit status 125
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
CNB_USER_ID=1000
CNB_GROUP_ID=1000
STACK=heroku-18
CNB_STACK_ID=heroku-18
CNB_PLATFORM_API=0.5
CNB_LOG_LEVEL=debug
HOSTNAME=1fca0b1ec107
HOME=/home/heroku
ef90cc8f4caed8241b832e8836c81a8530dada6358e3b2f43fb865ae269352ce
Warning: Not restoring or caching layer data,no cache flag specified.
===> DETECTING
======== Output: heroku/ruby@0.0.1 ========
no
======== Results ========
err: heroku/ruby@0.0.1 (1)
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/python@0.3.1
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/scala@0.0.90
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/PHP@0.3.1
pass: heroku/procfile@0.6.2
======== Results ========
fail: heroku/go@0.3.1
pass: heroku/procfile@0.6.2
======== Results ========
pass: heroku/nodejs-engine@0.7.5
pass: heroku/nodejs-npm@0.4.5
skip: heroku/nodejs-typescript@0.2.4
fail: heroku/nodejs-function-invoker@0.1.6
Warning: Warning: buildpack heroku/jvm has a "version" key. This key is deprecated in build plan requirements in buildpack API 0.3. "Metadata.version" should be used instead
======== Output: heroku/jvm@0.1.6 ========
JVM
======== Output: heroku/maven@0.2.3 ========
Could not find a pom.xml file! Please check that it exists and is committed to Git.
======== Results ========
pass: heroku/jvm@0.1.6
fail: heroku/maven@0.2.3
fail: heroku/jvm-function-invoker@0.2.11
======== Results ========
pass: heroku/nodejs-engine@0.7.4
fail: heroku/nodejs-yarn@0.1.5
skip: heroku/nodejs-typescript@0.2.3
pass: heroku/procfile@0.6.2
======== Results ========
pass: heroku/nodejs-engine@0.7.4
pass: heroku/nodejs-npm@0.4.4
skip: heroku/nodejs-typescript@0.2.3
pass: heroku/procfile@0.6.2
Resolving plan... (try #1)
3 of 4 buildpacks participating
heroku/nodejs-engine 0.7.4
heroku/nodejs-npm 0.4.4
heroku/procfile 0.6.2
===> ANALYZING
PrevIoUs image with name "docker.io/edoput/buildpacks-example" not found
Usable cache not provided,using empty cache Metadata.
===> RESTORING
Usable cache not provided,using empty cache Metadata.
===> BUILDING
Starting build
Running build for buildpack heroku/nodejs-engine@0.7.4
Looking up buildpack
Finding plan
Running build for buildpack Node Buildpack 0.7.4
Updating buildpack plan entries
Creating plan directory
Preparing paths
Running build command
[INFO] Node.js Buildpack
[INFO] Setting NODE_ENV to production
[INFO] Installing toolBox
[INFO] - yj
[Installing Node]
[INFO] Getting Node version
[INFO] Resolving Node version
[INFO] Downloading and extracting Node v16.3.0
[Parsing package.json]
[INFO] Parsing package.json
Processing layers
Updating environment
Reading output files
Updating buildpack processes
Updating process list
Finished running build for buildpack heroku/nodejs-engine@0.7.4
Running build for buildpack heroku/nodejs-npm@0.4.4
Looking up buildpack
Finding plan
Running build for buildpack NPM Buildpack 0.4.4
Updating buildpack plan entries
Creating plan directory
Preparing paths
Running build command
[INFO] Using npm v7.15.1 from Node
[INFO] Installing node modules
up to date,audited 1 package in 778ms
found 0 vulnerabilities
npm notice
npm notice New minor version of npm available! 7.15.1 -> 7.18.1
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v7.18.1>
npm notice Run `npm install -g npm@7.18.1` to update!
npm notice
[Warning: Skip pruning because NODE_ENV is not 'production'.]
Processing layers
Updating environment
Reading output files
Updating buildpack processes
Updating process list
Finished running build for buildpack heroku/nodejs-npm@0.4.4
Running build for buildpack heroku/procfile@0.6.2
Looking up buildpack
Finding plan
Running build for buildpack procfile 0.6.2
Updating buildpack plan entries
Creating plan directory
Preparing paths
Running build command
[INFO] discovering process types
[INFO] procfile declares types -> (none)
Processing layers
Updating environment
Reading output files
Updating buildpack processes
Updating process list
Finished running build for buildpack heroku/procfile@0.6.2
Listing processes
Finished build
===> EXPORTING
no project Metadata found at path '/layers/project-Metadata.toml',project Metadata will not be exported
Reusing tarball for layer "heroku/nodejs-engine:nodejs" with SHA: sha256:22b14cf125adb65ab87e7dc2dcbfddc9e80e3d1916536be195709424b91be64d
Adding layer 'heroku/nodejs-engine:nodejs'
Layer 'heroku/nodejs-engine:nodejs' SHA: sha256:22b14cf125adb65ab87e7dc2dcbfddc9e80e3d1916536be195709424b91be64d
Layer 'slice-1' SHA: sha256:62f98a22a3bd756b22102aacc338bbc61810fac32149d4a213f74fdb7e64759d
Adding 1/1 app layer(s)
Reusing tarball for layer "launcher" with SHA: sha256:20e1cf6014bd25720eb257f028b876dae49298820951982fa57cc2f64c086e66
Adding layer 'launcher'
Layer 'launcher' SHA: sha256:20e1cf6014bd25720eb257f028b876dae49298820951982fa57cc2f64c086e66
Reusing tarball for layer "config" with SHA: sha256:c8c42576a4717d5b075ea911146c10b8843b45a1f8b59c492eb866e418522a19
Adding layer 'config'
Layer 'config' SHA: sha256:c8c42576a4717d5b075ea911146c10b8843b45a1f8b59c492eb866e418522a19
Reusing tarball for layer "process-types" with SHA: sha256:83d85471d9f8a3834b4e27cf701e3f0aef220cc816d9c173c7d32cd73909a590
Adding layer 'process-types'
Layer 'process-types' SHA: sha256:83d85471d9f8a3834b4e27cf701e3f0aef220cc816d9c173c7d32cd73909a590
Adding label 'io.buildpacks.lifecycle.Metadata'
Adding label 'io.buildpacks.build.Metadata'
Adding label 'io.buildpacks.project.Metadata'
Setting CNB_LAYERS_DIR=/layers
Setting CNB_APP_DIR=/workspace
Setting CNB_PLATFORM_API=0.5
Setting CNB_DEPRECATION_MODE=quiet
Prepending /cnb/process and /cnb/lifecycle to PATH
Setting default process type 'web'
Setting ENTRYPOINT: '/cnb/process/web'
Saving docker.io/edoput/buildpacks-example...
*** Images (sha256:30279532d29d797bc9fd61d705b6701a62ded6e857150f2cabf176b698351d20):
docker.io/edoput/buildpacks-example - POST https://index.docker.io/v2/edoput/buildpacks-example/blobs/uploads/?from=heroku%2Fpack&mount=sha256%3Ad2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:edoput/buildpacks-example Type:repository] map[Action:push Class: Name:edoput/buildpacks-example Type:repository] map[Action:pull Class: Name:heroku/pack Type:repository]]
*** Digest: sha256:30279532d29d797bc9fd61d705b6701a62ded6e857150f2cabf176b698351d20
*** Manifest Size: 2209
ERROR: Failed to export: Failed to write image to the following tags: [docker.io/edoput/buildpacks-example: POST https://index.docker.io/v2/edoput/buildpacks-example/blobs/uploads/?from=heroku%2Fpack&mount=sha256%3Ad2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:edoput/buildpacks-example Type:repository] map[Action:push Class: Name:edoput/buildpacks-example Type:repository] map[Action:pull Class: Name:heroku/pack Type:repository]]]
error while running runtime: exit status 246
ERRO exit status 246
container ID must be specified
ERRO exit status 125
正如日志所指出的,我缺少拉/推到我设置的遥控器的授权,并且是 publicly accessible。
我提供了一个令牌作为访问凭证,它在构建容器中作为安装在 /home/heroku/.docker/config.json
的文件可用,运行 creator 进程的用户可以读取该文件。 >
配置看起来像这样,带有 base64 编码的“$user:$password”值。
{
"auths": {
"docker.io": {
"auth": "REDACTED"
}
}
}
导出命令规范描述为 here 和 authentication for registries。
如何调试导出过程而不必使用自定义生命周期实现打包我自己的图像?
我已在另一个图像存储库上按如下方式测试了我的凭据的使用情况,并且身份验证按 docker 注册表的预期进行。
$ skopeo copy docker://docker.io/heroku/buildpacks docker://docker.io/edoput/buildpacks --debug --authfile .docker/config.json
DEBU[0000] Returning credentials from .docker/config.json
DEBU[0000] Using registries.d directory /etc/containers/registries.d for sigstore configuration
DEBU[0000] No signature storage configuration found for docker.io/edoput/buildpacks:latest,using built-in default file:///home/edoput/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/docker.io
DEBU[0000] Loading registries configuration "/home/edoput/.config/containers/registries.conf"
DEBU[0000] Trying to access "docker.io/heroku/buildpacks:latest"
DEBU[0000] Trying to access "docker.io/heroku/buildpacks:latest"
DEBU[0000] Returning credentials from .docker/config.json
DEBU[0000] Using registries.d directory /etc/containers/registries.d for sigstore configuration
DEBU[0000] No signature storage configuration found for docker.io/heroku/buildpacks:latest,using built-in default file:///home/edoput/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/docker.io
DEBU[0000] GET https://registry-1.docker.io/v2/
DEBU[0000] Ping https://registry-1.docker.io/v2/ status 401
DEBU[0000] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aheroku%2Fbuildpacks%3Apull&service=registry.docker.io
DEBU[0001] GET https://registry-1.docker.io/v2/heroku/buildpacks/manifests/latest
DEBU[0001] Content-Type from manifest GET is "application/vnd.docker.distribution.manifest.v2+json"
DEBU[0001] Using blob info cache at /home/edoput/.local/share/containers/cache/blob-info-cache-v1.boltdb
DEBU[0001] IsRunningImageAllowed for image docker:docker.io/heroku/buildpacks:latest
DEBU[0001] Using default policy section
DEBU[0001] Requirement 0: allowed
DEBU[0001] Overall: allowed
Getting image source signatures
DEBU[0001] Reading /home/edoput/.local/share/containers/sigstore/heroku/buildpacks@sha256=e30ff30cbabe53acd6e55fb43e831dd0274b318247d681215ec24bf341241ef7/signature-1
DEBU[0001] Manifest has MIME type application/vnd.docker.distribution.manifest.v2+json,ordered candidate list [application/vnd.docker.distribution.manifest.v2+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.oci.image.manifest.v1+json,application/vnd.oci.image.index.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.docker.distribution.manifest.v1+json]
DEBU[0001] ... will first try using the original manifest unmodified
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:9c080d283a816b19233adfe7339c4666d4ad207cc1d88b6523d233c73dfb0240
DEBU[0001] GET https://registry-1.docker.io/v2/
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:889a7173dcfeb409f9d88054a97ab2445f5a799a823f719a5573365ee3662b6f
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:d839a7ccb751206cf9d53204ad13da59c9a271f3bb725b632d38b938d97ea961
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:4bbfd2c87b7524455f144a03bf387c88b6d4200e5e0df9139a9d5e79110f89ca
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:d2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726
DEBU[0001] Checking /v2/edoput/buildpacks/blobs/sha256:1fb371fdf5afa4bc49d73dc64613efa9276525cbb8f95cbfbe94815726089124
DEBU[0002] Ping https://registry-1.docker.io/v2/ status 401
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2cpush&service=registry.docker.io
DEBU[0002] GET https://auth.docker.io/token?account=edoput&scope=repository%3Aedoput%2Fbuildpacks%3Apull%2cpush&service=registry.docker.io
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:1fb371fdf5afa4bc49d73dc64613efa9276525cbb8f95cbfbe94815726089124
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:9c080d283a816b19233adfe7339c4666d4ad207cc1d88b6523d233c73dfb0240
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:d839a7ccb751206cf9d53204ad13da59c9a271f3bb725b632d38b938d97ea961
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:4bbfd2c87b7524455f144a03bf387c88b6d4200e5e0df9139a9d5e79110f89ca
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:889a7173dcfeb409f9d88054a97ab2445f5a799a823f719a5573365ee3662b6f
DEBU[0002] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:d2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726
DEBU[0003] ... already exists
DEBU[0003] ... already exists
DEBU[0003] Skipping blob sha256:d2e110be24e168b42c1a2ddbc4a476a217b73cccdba69cdcb212b812a88f5726 (already present):
copying blob d2e110be24e1 skipped: already exists
...
DEBU[0003] Checking /v2/edoput/buildpacks/blobs/sha256:5da6b0533d17399a58d377f0eaf0e6d6ecd24d0d3a222b483f45fb1cc612774b
DEBU[0003] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:5da6b0533d17399a58d377f0eaf0e6d6ecd24d0d3a222b483f45fb1cc612774b
copying blob d2e110be24e1 skipped: already exists
...
DEBU[0003] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:0427fe92c4f9f6578c1ad74d625c1e411d2421e674e4b9c77a01f53d9dd9c834
DEBU[0003] ... already exists
DEBU[0003] ... already exists
DEBU[0003] Skipping blob sha256:1fb371fdf5afa4bc49d73dc64613efa9276525cbb8f95cbfbe94815726089124 (already present):
copying blob d2e110be24e1 skipped: already exists
...
DEBU[0005] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:f18d74887f79510e979837ddd7330678832b0b7e99e9c8bb59de423a5d400f76
copying blob d2e110be24e1 skipped: already exists
...
copying blob 4f4fb700ef54 [--------------------------------------] 0.0b / 0.0b
DEBU[0006] Downloading /v2/heroku/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
DEBU[0006] GET https://registry-1.docker.io/v2/heroku/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
DEBU[0007] No compression detected
DEBU[0007] Using original blob without modification
DEBU[0007] Checking /v2/edoput/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
DEBU[0007] HEAD https://registry-1.docker.io/v2/edoput/buildpacks/blobs/sha256:1b0fecc52ded060857a931d07ec4e5b629cd6ce293d981846093cebacfe159d6
copying config 1b0fecc52d [--------------------------------------] 0.0b / 15.7KiB
DEBU[0007] ... already exists
Writing manifest to image destination
DEBU[0007] PUT https://registry-1.docker.io/v2/edoput/buildpacks/manifests/latest
Storing signatures
解决方法
您可以尝试将配置中的 docker.io
更新为 https://index.docker.io/v1/
。您可以使用相同的 config.json docker push
到远程吗?