Gitlab CI Dynamic Child Job login to gitlab registry
Hi Gitlab users! I have been experimenting with Dynamic Child pipelines and have stumbled across a weird issue:
I have a requirement for a child job in my GitLab pipeline to authenticate to the gitlab registry.
When the parent job runs it logins to the registry with:
docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
This works perfectly on the parent job and I can successfully push the built docker image.
However, I have another image that I need to push from the child pipeline (which runs in the same repository BTW) but I get access denied
error when trying to login with the same command.
From what I see on the gitlab ci/cd pipeline documentation, the child job should also run in the same security context of the user on that repository (just like a normal job) but it doesn’t seem to be the
case?
Has anyone experienced this issue before? Or am I missing something?
What I have done to bypass this issue. (This isn’t a long term and preferred workaround. I don’t recommend this on prod env).
- To bypass this issue, I have had to create a personal access token and use that as env var to login from the child pipeline.