Cannot create /root/.netrc: Permission denied

Drone Support
1

Hi all,

My objective is to use a util i wrote (wrapped as docker) in my pipeline.

the util is stored as docker image in ec2 container service, and when i try to use it i get the following error:

/bin/sh: 3: cannot create /root/.netrc: Permission denied

here’s my .drone.yml:

pipeline:
  build:
    image: openjdk:8
    environment:
      - MONGO_HOST=mongo
    commands:
      - ./gradlew build -x test
      - ./gradlew test
  download:
      image: fstab/aws-cli:latest
      commands:
        - aws ecr get-login | docker login -u AWS
        - docker pull myrepo/myimage
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
  publish:
      image: plugins/ecr
      access_key: my_key
      secret_key: my_secret
      repo: myrepo/myimage_1
      region: eu-central-1
      dockerfile: Dockerfile
      storage_path: /drone/docker
      tag:
      - latest
      force_tag: true

services:
  mongo:
    image: mongo

im using fstab/aws-cli:latest for pulling the image, since i saw recommendation to use some docker image with aws cli to pull images, since there’s no other way around that (at least no for non enterprise)

any one help? :slight_smile:

2

It is because fstab/aws-cli overrides the default user. This is problematic because a non-root user cannot write to docker volumes [1].

[1] https://github.com/moby/moby/issues/2259

3

10x for the quick response! :slight_smile:

the following issue inspired me to write a simple drone plugin, that enable you to access your aws -ecr and you can pull or run or what ever you need from you image in ecr.

Here’s the github - https://github.com/amaziagur/drone-ecr-puller
in case it will be handy for anyone.

drone is awesome!