I have a project named my-docker-app that contains a single Dockerfile and I have setup CI so that when I push a tag, it should build the image and deploy it to gitlab’s container registry. There will be multiple such projects that will be part of the same group (docker-group). Therefore, I have setup a group deploy token with the correct scope and I am trying to docker login with that in order to push the image.
(see .gitlab-ci.yml below for details)
However, when I try to push I get:
denied: requested access to the resource is denied
I am using gitlab.com
.gitlab-ci.yml
image: docker:stable
services:
- docker:dind
variables:
DOCKER_HOST: tcp://docker:2375
DOCKER_DRIVER: overlay2
DOCKER_GROUP_NAME: docker-group
before_script:
- echo $CI_REGISTRY_DEPLOY_TOKEN | docker login -u $CI_REGISTRY_DEPLOY_USER --password-stdin $CI_REGISTRY_IMAGE
build_image:
tags:
- docker
- shared
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG .
- docker run $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker image push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
only:
- tags
I have tried logging with the group deploy token in the root folder registry.gitlab.com, in the group folder (registry.gitlab.com/docker-group), even in the project’s folder (registry.gitlab.com/docker-group/my-docker-app) but to no avail. In all these cases docker login returns Login succeeded but then when you try to push the image I get the error message above.
The only thing that has worked is to push the image registry.gitlab.com/docker-group:$CI_COMMIT_TAG which is not what I want.