Skip to content

Commit

Permalink
Log in to buildkite packages right before pushing images
Browse files Browse the repository at this point in the history
  • Loading branch information
@moskyb
moskyb committed Jul 18, 2024
1 parent a41ccf2 commit 0e812ea
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
7 changes: 7 additions & 0 deletions .buildkite/steps/publish-docker-image.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,13 @@ release_image() {
dry_run skopeo copy --multi-arch all "docker://${source_image}" "docker://docker.io/buildkite/${target_image}:${tag}"
echo "--- :github: Copying ${target_image}:${tag} to GHCR"
dry_run skopeo copy --multi-arch all "docker://${source_image}" "docker://ghcr.io/buildkite/${target_image}:${tag}"

# OIDC tokens only last 5 minutes, and issuing them is cheap, so log in as close as possible to the push
buildkite-agent oidc request-token \
--audience "https://packages.buildkite.com/buildkite/agent-docker" \
--lifetime 300 \
| docker login packages.buildkite.com/buildkite/agent-docker --username=buildkite --password-stdin

echo "--- :buildkite: Copying ${target_image}:${tag} to Buildkite Packages"
dry_run skopeo copy --multi-arch all "docker://${source_image}" "docker://packages.buildkite.com/buildkite/agent-docker/${target_image}:${tag}"
}
Expand Down
5 changes: 0 additions & 5 deletions .buildkite/steps/publish-docker-images.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,6 @@ aws ssm get-parameter \

echo "--- docker login to Buildkite Packages"

buildkite-agent oidc request-token \
--audience "https://packages.buildkite.com/buildkite/agent-docker" \
--lifetime 300 \
| docker login packages.buildkite.com/buildkite/agent-docker --username=buildkite --password-stdin

version=$(buildkite-agent meta-data get "agent-version")
build=$(buildkite-agent meta-data get "agent-version-build")

Expand Down

0 comments on commit 0e812ea

Please sign in to comment.