Skip to content

Add support for credentials store

Kirill Shirinkin requested to merge (removed):master into master

What does this MR do?

With this MR runner will correctly fetch credentials store from credsStore, if it's configured.

Why was this MR needed?

In some environments, specifically in AWS, credentials are provided via credentials store, as documented here: https://docs.docker.com/engine/reference/commandline/login/#credentials-store. Currently this auth method doesn't work with gitlab runner. In case of AWS the only solution would be to re-trigger aws ecr get-login in a cron job every 12 hours to re-fetch credentials. See this Issue for more details: https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1583

With new implementation, in addition to all previous ways to provide credentials, Gitlab Runner will also use credsStore, in a similar way Docker CLI does it.

Please notice, that this MR still doesn't cover all possible use cases, specifically it doesn't cover usage of "credsHelpers" key of Docker config - I can add it in next MR, if I get more time to work on this.

In any case, even without credsHelper support, this code change simplifies usage of Gitlab Runner combined with AWS ECR or GCE GCR, making authentication simple, transparent and automated. Also see:

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1583

Merge request reports

Loading