diff options
author | Brad Warren <bmw@users.noreply.github.com> | 2022-07-28 23:28:36 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-28 23:28:36 +0300 |
commit | e9e7a69c7bb5cdac8215692d4bda9a661c0189c1 (patch) | |
tree | 72ec7b0eda24f28f48bbd83bfea7d334086eaea3 | |
parent | 495b97aafe3d4b2f7c9f7919df401cc20bd4ba50 (diff) |
Update Azure Docker docs (#9363)
* describe docker access token
more
* Remove extra spaces
Co-authored-by: ohemorange <ebportnoy@gmail.com>
Co-authored-by: ohemorange <ebportnoy@gmail.com>
-rw-r--r-- | .azure-pipelines/templates/stages/deploy-stage.yml | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/.azure-pipelines/templates/stages/deploy-stage.yml b/.azure-pipelines/templates/stages/deploy-stage.yml index 88aeab60e..424ffed10 100644 --- a/.azure-pipelines/templates/stages/deploy-stage.yml +++ b/.azure-pipelines/templates/stages/deploy-stage.yml @@ -96,11 +96,16 @@ stages: # which was created by following the instructions at # https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#sep-docreg. # The name given to this service account must match the value - # given to containerRegistry below. "Grant access to all - # pipelines" should also be checked. To revoke these - # credentials, we can change the password on the certbotbot - # Docker Hub account or remove the account from the - # Certbot organization on Docker Hub. + # given to containerRegistry below. The authentication used when + # creating this service account was a personal access token + # rather than a password to bypass 2FA. When Brad set this up, + # Azure Pipelines failed to verify the credentials with an error + # like "access is forbidden with a JWT issued from a personal + # access token", but after saving them without verification, the + # access token worked when the pipeline actually ran. "Grant + # access to all pipelines" should also be checked on the service + # account. The access token can be deleted on Docker Hub if + # these credentials need to be revoked. containerRegistry: docker-hub displayName: Login to Docker Hub - bash: set -e && tools/docker/deploy.sh $(dockerTag) $DOCKER_ARCH |