Documentation on using dependency proxy on gitlab.com seems lacking or not clear
Problem to solve
I wanted to set up using a dependency proxy in .gitlab-ci.yml using Kaniko. The first piece of documentation that I found seemed to point out how to do it with a private registry. I found some information on the gitlab.com way to do it, but that wasn't working.
So I tried:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- echo "{\"auths\":{\"$CI_DEPENDENCY_PROXY_SERVER\":{\"username\":\"$CI_DEPENDENCY_PROXY_USER\",\"password\":\"$CI_DEPENDENCY_PROXY_PASSWORD\"}}}" > /kaniko/.docker/config.json
https://docs.gitlab.com/ee/ci/docker/using_kaniko.html#building-a-docker-image-with-kaniko
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"},\"$CI_DEPENDENCY_PROXY_SERVER\":{\"auth\":\"$(printf "%s:%s" ${CI_DEPENDENCY_PROXY_USER} "${CI_DEPENDENCY_PROXY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
I finally used
- echo "{\"auths\":{\"gitlab.com\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
I can't use registry.gitlab.com when using the dependency proxy or gitlab.com:443. I have to use gitlab.com otherwise, it fails with this error:
error building image: GET https://gitlab.com/jwt/auth?scope=repository%3AMY_GROUP%2Fdependency_proxy%2Fcontainers%2Fpython%3Apull&service=dependency_proxy: unexpected status code 403 Forbidden: {"message":"access forbidden","status":"error","http_status":403}
Used the documentation here:
https://docs.gitlab.com/ee/development/packages/dependency_proxy.html https://docs.gitlab.com/ee/user/packages/dependency_proxy/
Maybe I misread some information, but I couldn't find a way to do it while on gitlab.com. I pretty much doubt that writing gitlab.com
here is correct, and I should've use a variable, probably something like $CI_SERVER_HOST, but that isn't written anywhere in the documentation that I could find.