3

I am using Maven Jib plugin to deploy my application to Gitlab docker registry. If I use docker login registry.gitlab.com and enter username and password I can log in to the gitlab registry successfully. I can see that ~/.docker/config.json contains the following information:

{
        "auths": {
                "https://registry.gitlab.com": {},
                "registry.gitlab.com": {}
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/19.03.2 (darwin)"
        },
        "credsStore": "desktop",
        "stackOrchestrator": "swarm"
}

Now if I try to run mvn -Djib.to.auth.username=${username} -Djib.to.auth.password=${password} compile jib:build it fails with the 401 Unauthorized exception. The reason I need to pass the username and password is I would like to run this command in my CICD pipeline and it is required to pass the username and password somehow. I have tested other approaches like setting credentials in the .m2/settings.xml or pom.xml. None of them works.

Ali
  • 1,759
  • 2
  • 32
  • 69
  • If you've done a `docker login` then you don't need to specify the username or password as jib will use the docker credentials. Note that Jib must be explicitly configured to send passwords over unencrypted connections with `-DsendCredentialsOverHttp` (sending passwords across open connections is not recommended). – Brian de Alwis Sep 20 '19 at 15:48
  • Did you add `-Djib.to.image=my-image:latest` to your `mvn` command? Also, Gitlab offers the possiblity to save secrets in order to avoid keeping your registry credentials in your .gitlab-ci.yml. See [my answer to this post](https://stackoverflow.com/a/58032954/9731186). Another solution is to use `$CI_JOB_TOKEN` to authenticate: `mvn compile jib:build -Djib.to.image=$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME -Djib.to.auth.username=$CI_REGISTRY_USER -Djib.to.auth.password=$CI_JOB_TOKEN`. See [Job token](https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html#job-token) – charlycou Oct 02 '19 at 13:02
  • After hours of struggle I found the [solution](https://stackoverflow.com/a/76695342/5465632) and have added here. – Ram Jul 15 '23 at 19:07

1 Answers1

0

You can have the credential in the jib plugin section as follows

 <build>
    <plugins>
        <plugin>
            <groupId>com.google.cloud.tools</groupId>
            <artifactId>jib-maven-plugin</artifactId>
            <version>1.0.0</version>
            <configuration>
                <from>
                    <image>openjdk:8u171-alpine</image>
                </from>
                <to>
                    <image>registry.gitlab.com/${project.build.finalName}:${project.version}</image>
                    <auth>
                        <username>${jib.username}</username>
                        <password>${jib.password}</password>
                    </auth>
                </to>
            </configuration>
        </plugin>
    <plugins>            
 <build>

Have the jib.username and jib.password as properties in settings.xml.

Note: Adjust the from image as to you need.

seenukarthi
  • 8,241
  • 10
  • 47
  • 68
  • Thanks for the solution. As it was mentioned in the question, I have already tested this approach and it didn't work for me. – Ali Sep 09 '19 at 11:57
  • Run the maven command with `-X` switch this will print debug information and check. – seenukarthi Sep 09 '19 at 12:05
  • It doesn't give much useful information rather than the same 401 unauthorized exception. – Ali Sep 09 '19 at 12:12