This patch contains improvements that avoid hitting DockerHub download
rate limits. Add logic to login to DockerHub at various stages in the
build.
* New config option DOCKER_CONFIG specifies a directory with docker CLI
configuration files and defaults to $HOME/.docker. This env var is
recognized by docker CLI and is used whenever Jenkins scripts in this
repo access docker on the host, eg when running rsync within a
container.
* Old config option DOCKER_CONFIG_FILE is now deprecated in favor of
$DOCKER_CONFIG/config.json ; but still supported with a warning. If
specified, it will be used only to authenticate app container builds.
* New sub-job: docker-host-login: execute "docker login" before doing
anything else. This makes sure host docker daemon and subsequent
"docker build" etc are authenticated. This step, and all subsequent
docket operations, used configuration specified by $DOCKER_CONFIG.
Builds using different credentials will not interfere with each
other.
* Rename DOCKER_REGISTRY_PUSH_LOGIN_LIST => DOCKER_REGISTRY_LOGIN_LIST
Old name is still supported with a warning. Always login to these
registries within the builder container, rather than only before
pushing app containers. The intent is for this parameter to contain
"docker.io" in most situations; otherwise we will use anonymous access
to DockerHub, which may hit the download rate limit more frequently.
* If DOCKER_REGISTRY_LOGIN_LIST contains "docker.io", add
"--dockerhub-login" when calling "stx-init-env". This makes sure we
additionally authenticate minikube's embedded docker daemon used
to build/pull builder images in that environment.
LIMITATIONS
=================
K8s itself may pull images anonymously from docker hub. This can happen
only with the images that we don't build ourselves, used for running
some of the builder containers, ie "nginx" and "docker" images, and only
if they are not already in the local docker's cache.
TESTING
=================
Set DOCKER_CONFIG to a custom directory with a config.json file.
Set DOCKER_REGISTRY_LOGIN_LIST="docker.io SOME_OTHER_REPO". Run a build
and make sure docker credentials are copied and applied inside the build
container.
Story: 2010055
Task: 48436
Change-Id: I23bf9817cce3ed833fa605d6448f9ef600e056b0
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
8078abccbc