I have a project named my-docker-app that contains a single Dockerfile and I have setup CI so that when I push a tag, it should build the image and deploy it to gitlab’s container registry. There will be multiple such projects that will be part of the same group (docker-group). Therefore, I have setup a group deploy token with the correct scope and I am trying to docker login with that in order to push the image.
(see .gitlab-ci.yml below for details)
However, when I try to push I get:
denied: requested access to the resource is denied
I am using gitlab.com
image: docker:stable services: - docker:dind variables: DOCKER_HOST: tcp://docker:2375 DOCKER_DRIVER: overlay2 DOCKER_GROUP_NAME: docker-group before_script: - echo $CI_REGISTRY_DEPLOY_TOKEN | docker login -u $CI_REGISTRY_DEPLOY_USER --password-stdin $CI_REGISTRY_IMAGE build_image: tags: - docker - shared script: - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG . - docker run $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG - docker image push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG only: - tags
I have tried logging with the group deploy token in the root folder registry.gitlab.com, in the group folder (registry.gitlab.com/docker-group), even in the project’s folder (registry.gitlab.com/docker-group/my-docker-app) but to no avail. In all these cases docker login returns
Login succeeded but then when you try to push the image I get the error message above.
The only thing that has worked is to push the image registry.gitlab.com/docker-group:$CI_COMMIT_TAG which is not what I want.