From e9e7a69c7bb5cdac8215692d4bda9a661c0189c1 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 28 Jul 2022 13:28:36 -0700 Subject: [PATCH] Update Azure Docker docs (#9363) * describe docker access token more * Remove extra spaces Co-authored-by: ohemorange Co-authored-by: ohemorange --- .../templates/stages/deploy-stage.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.azure-pipelines/templates/stages/deploy-stage.yml b/.azure-pipelines/templates/stages/deploy-stage.yml index 88aeab60e..424ffed10 100644 --- a/.azure-pipelines/templates/stages/deploy-stage.yml +++ b/.azure-pipelines/templates/stages/deploy-stage.yml @@ -96,11 +96,16 @@ stages: # which was created by following the instructions at # https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#sep-docreg. # The name given to this service account must match the value - # given to containerRegistry below. "Grant access to all - # pipelines" should also be checked. To revoke these - # credentials, we can change the password on the certbotbot - # Docker Hub account or remove the account from the - # Certbot organization on Docker Hub. + # given to containerRegistry below. The authentication used when + # creating this service account was a personal access token + # rather than a password to bypass 2FA. When Brad set this up, + # Azure Pipelines failed to verify the credentials with an error + # like "access is forbidden with a JWT issued from a personal + # access token", but after saving them without verification, the + # access token worked when the pipeline actually ran. "Grant + # access to all pipelines" should also be checked on the service + # account. The access token can be deleted on Docker Hub if + # these credentials need to be revoked. containerRegistry: docker-hub displayName: Login to Docker Hub - bash: set -e && tools/docker/deploy.sh $(dockerTag) $DOCKER_ARCH