Skip to content
Snippets Groups Projects

Add support for credentials store

Merged Kirill Shirinkin requested to merge (removed):master into master

What does this MR do?

With this MR runner will correctly fetch credentials store from credsStore, if it's configured.

Why was this MR needed?

In some environments, specifically in AWS, credentials are provided via credentials store, as documented here: https://docs.docker.com/engine/reference/commandline/login/#credentials-store. Currently this auth method doesn't work with gitlab runner. In case of AWS the only solution would be to re-trigger aws ecr get-login in a cron job every 12 hours to re-fetch credentials. See this Issue for more details: https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1583

With new implementation, in addition to all previous ways to provide credentials, Gitlab Runner will also use credsStore, in a similar way Docker CLI does it.

Please notice, that this MR still doesn't cover all possible use cases, specifically it doesn't cover usage of "credsHelpers" key of Docker config - I can add it in next MR, if I get more time to work on this.

In any case, even without credsHelper support, this code change simplifies usage of Gitlab Runner combined with AWS ECR or GCE GCR, making authentication simple, transparent and automated. Also see:

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1583

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading