在Azure管道中的docker任务中使用build和push命令时是否必须注销

时间:2020-05-14 19:59:03

标签: azure-devops yaml azure-pipelines 

steps:
- task: Docker@2
  displayName: Build and Push
  inputs:
    command: buildAndPush
    containerRegistry: dockerRegistryServiceConnection1
    repository: contosoRepository
    tags: |
      tag1

一个名为buildAndPush的便捷命令允许在单个命令中将图像生成和推送到容器注册表。参见上面的代码段

问题:

是否需要通过添加以下任务从容器注册表中注销?

- task: Docker@2
  displayName: Logout of ACR
  inputs:
    command: logout
    containerRegistry: dockerRegistryServiceConnection1

1 个答案:

答案 0 :(得分:2)

我认为无需登录或注销。

您甚至可以在documentation中找到一个示例,而无需登录或注销:

- stage: Build
  displayName: Build and push stage
  jobs:  
  - job: Build
    displayName: Build job
    pool:
      vmImage: $(vmImageName)
    steps:
    - task: Docker@2
      displayName: Build and push an image to container registry
      inputs:
        command: buildAndPush
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)

所以您可能想知道实际的登录功能是什么。如果检查源代码,您会发现它实际上已设置DOCKER_CONFIG(客户端配置文件的位置。)

export function run(connection: ContainerConnection): any {
    var defer = Q.defer<any>();
    connection.setDockerConfigEnvVariable();   
    defer.resolve(null);
    return defer.promise;
}

以及logout的作用;)

export function run(connection: ContainerConnection): any {
    // logging out is being handled in connection.close() method, called after the command execution.
    var defer = Q.defer<any>();
    defer.resolve(null);
    return <Q.Promise<any>>defer.promise;
}

那它如何工作?

// Connect to any specified container registry
let connection = new ContainerConnection();
connection.open(null, registryAuthenticationToken, true, isLogout);

let dockerCommandMap = {
    "buildandpush": "./dockerbuildandpush",
    "build": "./dockerbuild",
    "push": "./dockerpush",
    "login": "./dockerlogin",
    "logout": "./dockerlogout"
}

let telemetry = {
    command: command,
    jobId: tl.getVariable('SYSTEM_JOBID')
};

console.log("##vso[telemetry.publish area=%s;feature=%s]%s",
    "TaskEndpointId",
    "DockerV2",
    JSON.stringify(telemetry));

/* tslint:disable:no-var-requires */
let commandImplementation = require("./dockercommand");
if (command in dockerCommandMap) {
    commandImplementation = require(dockerCommandMap[command]);
}

let resultPaths = "";
commandImplementation.run(connection, (pathToResult) => {
    resultPaths += pathToResult;    
})
/* tslint:enable:no-var-requires */
.fin(function cleanup() {
    if (command !== "login") {
        connection.close(true, command);
    }
})

开始build命令

  • 连接到容器注册表
  • 运行命令
  • 关闭连接(如果这不是登录命令)

这就是紧密连接的作用:

如果存在注册表信息,则仅删除该注册表的auth。 (这对于任何命令都可能发生-构建,推送,注销等) 否则,删除所有身份验证数据。 (这只会在注销命令的情况下发生。对于其他命令,不会调用注销。)

回答您的问题,您无需登录和注销命令即可生活。

相关问题
最新问题