I already have several pipelines that use OIDC to pull a private Docker image from AWS ECR in a specific step. However, I haven't been able to make it work for the pipeline as a whole.
In other words, if I use image: maven:3.6.3 at the top of the pipeline file and I need a different, private image for one specific step, it works:
image: maven:3.6.3
...
- step: &do-something
name: Example step
image:
name: 123456789.dkr.ecr.ca-central-1.amazonaws.com/my-private-image
aws:
oidc-role: $OIDC_ECR_ROLE
oidc: true
script:
- #Do something with the image
But if I want to use my-private-image as the default image for the whole pipeline, what is the syntax? Just copying the same
image:
name: 123456789.dkr.ecr.ca-central-1.amazonaws.com/my-private-image
aws:
oidc-role: $OIDC_ECR_ROLE
oidc: true
at the top of Bitbucket-pipeline.yml does not work.
Hi François,
I don't think that oidc: true is going to work if it's at the top-level config.
What kind of error do you get with this configuration and where exactly does this error show?
Can you specify the image only at the top of bitbucket-pipelines.yml file and then add oidc: true to every step? If this also doesn't work, please let me know what kind of errors you see and where.
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.