The Woodpecker CI pipeline is failing with authentication errors when trying to push to the Nexus Docker registry:
Logging in with username '********' to registry 'docker-push.acn.fr'
ERR execution failed error="error authenticating: exit status 1"
The GitHub Actions workflow uses uppercase secret names:
NEXUS_USERNAMENEXUS_PASSWORD
While Woodpecker configuration uses lowercase:
nexus_usernamenexus_password
Solution: Ensure secrets are configured in Woodpecker with the exact same names used in the pipeline.
Secrets need to be properly configured in Woodpecker either:
- Repository secrets: Add via Woodpecker UI under repository settings
- Organization secrets: Add at organization level if using shared credentials
- Global secrets: Configure in Woodpecker server for all repositories
To add secrets in Woodpecker UI:
- Go to your repository in Woodpecker
- Click on Settings → Secrets
- Add new secrets:
- Name:
nexus_username(orNEXUS_USERNAME) - Value: Your Nexus username
- Name:
nexus_password(orNEXUS_PASSWORD) - Value: Your Nexus password
- Name:
The woodpeckerci/plugin-docker-buildx plugin might have issues with certain authentication methods.
Alternative approaches provided:
Use this to test secret availability and manual Docker login:
# Rename to .woodpecker.yml to test
mv .woodpecker-debug.yml .woodpecker.ymlUses Docker commands directly instead of the plugin:
# Rename to .woodpecker.yml to use
mv .woodpecker-alt.yml .woodpecker.ymlEnsure the registry URL is correct:
- Push URL:
docker-push.acn.fr - Pull URL:
docker.acn.fr
The repository must be marked as "Trusted" in Woodpecker to use privileged mode required for Docker builds.
-
Test secret availability:
# Use the debug configuration cp .woodpecker-debug.yml .woodpecker.yml git commit -m "test: debug authentication" git push
-
Check Woodpecker logs:
- Look for the "test-secrets" step output
- Verify secrets are being passed (non-zero length)
-
Try manual authentication:
- The "test-docker-login" step will test direct Docker login
- This helps identify if it's a plugin issue or credential issue
-
Use alternative configuration: If the plugin continues to fail, use the alternative configuration that bypasses the plugin.
The GitHub Actions workflow (.github/workflows/docker-build.yml) successfully authenticates using:
- name: Log in to Nexus Registry
uses: docker/login-action@v3
with:
registry: docker-push.acn.fr
username: ${{ secrets.NEXUS_USERNAME }}
password: ${{ secrets.NEXUS_PASSWORD }}- First, ensure secrets are properly configured in Woodpecker UI
- Try the debug configuration to verify secrets are accessible
- If plugin authentication fails, switch to the alternative configuration
- Once working, optimize the configuration as needed
- The plugin might require specific versions or configurations
- Consider using Woodpecker's native Docker plugin if available
- Check Woodpecker server logs for more detailed error messages
- Verify network connectivity from Woodpecker runner to Nexus registry