Unable to authenticate against private registry for docker pull codeclimate engines
There are multiple docker in docker levels occuring when running codequality in a gitlab pipeline and it is currently impossible to mount a config.json
deep enough for authentication to docker pull codeclimate engines:
VM - runs gitlab-runner
|
|
`docker:stable` - docker run for each gitlab pipeline steps
|
|
`codequality:0.85.26` - docker run at the codequality step in the pipeline via `run.sh`: https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/run.sh
|
|
`codeclimate/codeclimate:0.85.26` - docker runs engines:install etc. **<- we are failing here**
I can mount --volume /root/.docker/config.json:/root/.docker/config.json:ro
with the --volume /var/run/docker.sock:/var/run/docker.sock
for docker:stable
and codequality:0.85.26
levels this allows me to pull level 4: codeclimate/codeclimate:0.85.26
from a private repo.
However, I cannot mount config.json
into the docker run codeclimate/codeclimate:0.85.26 engines:install
step within run.sh
of codequality:0.85.26
. This will attempt to pull myregistry.com/codeclimate/codeclimate-structure
and will fail.
...
$ docker run --rm \ # collapsed multi-line command
Error response from daemon: pull access denied for myregistry.com/codeclimate/codeclimate-structure, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
error: (CC::CLI::Engines::Install::ImagePullFailure) unable to pull image myregistry.com/codeclimate/codeclimate-structure
I cannot add a docker login
step into the run.sh
of codequality:0.85.26
and I cannot mount config.json
so how can we authenticate against a private registry to docker pull codeclimate engine images?