I'm trying to login into CGR and use some private docker images in Gitlab-ci runner.
I have made a new project in Google Cloud and activated the Google Cloud Registry API. I also made a new Service Account (IAM) in which I gave ownership permission to the previous Cloud Registry instance. Then I produced a json key. I tested the key with the following gitlab-ci configuration and in the local machine:
image: docker:latest
services:
- docker:dind
auth:
stage: auth
script:
- docker login -u _json_key --password-stdin https://gcr.io < ./keyfile.json
It seems to be authenticated and authorised to push/pull images.
What I need to do is to have the following, I need to go to my private repository and use those images in the gitlab-ci runner. Something like this:
before_script:
- docker login -u _json_key --password-stdin https://gcr.io < ./keyfile.json
build:
stage: build
image: gcr.io/image-repo/image
script:
- gradle clean build
deploy:
stage: deploy
image: gcr.io/image-repo/image
script:
- gradle publish
only:
- master
However, I keep on getting this error:
Running with gitlab-runner 11.10.1 (1f513601) on docker-auto-scale 0277ea0f Using Docker executor with image gcr.io/image-repo/image ... Pulling docker image gcr.io/image-repo/image ... ERROR: Preparation failed: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication (executor_docker.go:168:0s) Will be retried in 3s ...
I achieved a practical solution:
One needs to use the wind service to have a reseted docker configuration and then login, for instance in their local machine using:
docker login -u _json_key --password-stdin https://gcr.io < ./keyfile.json
Then, just just copy the configuration present in ~/.docker/config.json
to the variable DOCKER_AUTH_CONFIG in Gitlab CI and you're set to go.