I created my own paketo buildpack and I am trying to use it with spring-boot-maven-plugin.
I wrote
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<image>
<buildpacks>
<buildpack>paketo-buildpacks/java</buildpack>
<buildpack>gitlab.company.com:5000/my-buildpack</buildpack>
</buildpacks>
</image>
</configuration>
</plugin>
If I use this configuration spring is downloading docker.io/paketobuildpacks/builder:base etc just fine, but of course it can not download the buildpack from the private registry. As stated here I have to add credentials for the private registry.
But when I add
<configuration>
<docker>
<builderRegistry>
<url>gitlab.company.com:5000</url>
<username>myuser</username>
<password>mypassword</password>
</builderRegistry>
</docker>
...
<configuration>
I am suddenly getting this error
[INFO] > Pulling builder image 'docker.io/paketobuildpacks/builder:base' 100%
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 33.957 s
[INFO] Finished at: 2022-06-23T14:39:27+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.6.8:build-image (default-cli) on project usermanagement: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.6.8:build-image failed:
Docker API call to 'localhost/v1.24/images/create?fromImage=docker.io%2Fpaketobuildpacks%2Fbuilder%3Abase' failed with status code 500 "Internal Server Error"
and message "Head "https://registry-1.docker.io/v2/paketobuildpacks/builder/manifests/base": unauthorized: please use personal access token to login" -> [Help 1]
It seems as if the maven plugin is trying to apply my credentials for the private registry to docker.io, too.
Is this a bug in the plugin, or is it impossible to mix multiple private and public docker registries for buildpacks?
At the moment, if you provide credentials as you are doing then the plugin expects to pull your builder and buildpack images all from the same registry, the one that you've indicated in the <url> block.
<configuration>
<docker>
<builderRegistry>
<url>gitlab.company.com:5000</url>
<username>myuser</username>
<password>mypassword</password>
</builderRegistry>
</docker>
...
<configuration>
The reason it's failing is that you have a mix, you've got the builder in the Paketo public registry and your custom buildpack in the private registry.
You can work around this in a few ways:
You can relocate the public builder into your private registry. Then pull from that registry. If you do this, you'll want to have some sort of automated job that fetches and relocates the builder when new builders are released through the Paketo public registry, that way you are getting updates.
You can create your own builder and publish it to your private registry. This is a little more work, but ultimately requires a custom builder.toml and running pack builder create using that config. The nice thing is that you can streamline your builder and remove things you're not using which reduces the size of the builder and makes builds a little faster. See instructions here and the Paketo base builder.toml file. Again, you'd want to automate this so you are generating new builders when buildpacks are updated.
You could use the pack cli instead. You can run pack build to generate your images. The pack cli is capable of pulling from multiple registries.
For future reference, you can also track this issue which is a discussion on the topic and potential changes to the Spring Boot plugin.