https://github.com/spring-projects/spring-boot/issues/22836
spring-boot-maven-plugin 2.3.x version support build layers docker image.
but use custom builder image or run image with private docker registry it can't works
like this:
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>build-info</goal>
</goals>
</execution>
</executions>
<configuration>
<layers>
<enabled>true</enabled>
</layers>
<image>
<builder>xxxxx.dkr.ecr.cn-north-1.amazonaws.com.cn/paketo-buildpacks-builder:base-platform-api-0.3</builder>
</image>
</configuration>
</plugin>
then run ./mvnw spring-boot:build-image will throw
Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.3.2.RELEASE:build-image (default-cli) on project athena-marketing-server-start: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.3.2.RELEASE:build-image failed: Docker API call to 'localhost/v1.24/images/create?fromImage=882440569488.dkr.ecr.cn-north-1.amazonaws.com.cn%2Fpaketo-buildpacks-builder%3Abase-platform-api-0.3' failed with status code 500 "Internal Server Error" and message "Get https://xxxxx.dkr.ecr.cn-north-1.amazonaws.com.cn/v2/paketo-buildpacks-builder/manifests/base-platform-api-0.3: no basic auth credentials" -> [Help 1]
the docker registry xxxxx.dkr.ecr.cn-north-1.amazonaws.com.cn is private and authentication to pull docker images.
spring boot maven plugin call docker api does't have any auth params
https://github.com/spring-projects/spring-boot/blob/4933b2688fd2114c75f8f4835d9f27bbd08165c9/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/transport/HttpClientTransport.java#L126
docker engine api provide X-Registry-Auth Header to authentication https://docs.docker.com/engine/api/v1.39/#section/Authentication
Authentication
Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as POST /images/(name)/push. These are sent as X-Registry-Auth header as a base64url encoded (JSON) string with the following structure:
{
"username": "string",
"password": "string",
"email": "string",
"serveraddress": "string"
}
looks like spring boot maven plugin need support config X-Registry-Auth header or docker registry auth params to configure it.
Comment From: liuguofaa
im agree
Comment From: philwebb
Thanks for the PR @wmz7year. Are you able to also look at adding some tests for this change?
Comment From: maxjiang153
Hi @philwebb, I'm added tests for create RemoteHttpClientTransport.
but not sure how to create mock docker engine response with http request or check http client X-Registry-Auth header.
Do you have any suggestions?
Comment From: philwebb
@wmz7year Mocking Docker is quite a pain. We'll take a look when we merge the PR. Thanks for your efforts.
Comment From: scottfrederick
After some discussion with @philwebb, we've decided to look at a different approach to solving this problem.
We added support for the environment variables DOCKER_HOST, DOCKER_TLS_VERIFY, and DOCKER_CERT_PATH to configure access to the local Docker daemon because these variables are set automatically by tools like minikube (e.g using eval $(minikube docker-env)). Configuring authentication from the local Docker daemon to a remote registry is different from configuring access to the local daemon, and tools like minikube will not configure this authentication.
Using environment variables to configure the Spring Boot Maven and Gradle plugins in this manner is not typical - configuration in a Maven pom.xml or Gradle build.gradle is preferred.
For these reasons, implementing additional configuration options like authentication using environment variables is not the right approach. I'll close this PR and re-open the associated issue to discuss what we want to do.