Registry

The default registry is Docker Hub, but you can change it using registry/server and credentials.

A reference to a secret (e.g. DOCKER_REGISTRY_TOKEN) will look up the secret in the local environment.

registry:
  server: registry.digitalocean.com
  username:
    - <username>
  password:
    - DOCKER_REGISTRY_TOKEN

Using AWS ECR as the container registry

You will need to have the aws CLI installed locally for this to work.

AWS ECR’s access token is only valid for 12hrs.

export AWS_REPOSITORY_PASSWORD=$(aws ecr get-login-password)

registry:
server: <your aws account id>.dkr.ecr.<your aws region id>.amazonaws.com
username: AWS
password: AWS_REPOSITORY_PASSWORD

Using GCP Artifact Registry as the container registry

To sign into Artifact Registry, you would need to create a service account and set up roles and permissions.

Normally, assigning a roles/artifactregistry.writer role should be sufficient.

Once the service account is ready, you need to generate and download a JSON key, base64 encode it and add to .deploy4j/secrets:

echo "DEPLOY4J_REGISTRY_PASSWORD=$(base64 -i /path/to/key.json)" | tr -d "\\n"  >> .deploy4j/secrets

Use the env variable as password along with _json_key_base64 as username.

Here’s the final configuration:

registry:
server: <your registry region>-docker.pkg.dev
username: _json_key_base64
password:
  - DEPLOY4J_REGISTRY_PASSWORD

Validating the configuration

You can validate the configuration by running:

deploy4j registry login