Hey there,
we’ve recently adopted the dependency proxy stuff for our gitlab instance and are now running into problems with Bot accounts/Project/Group Access Tokens not being able to run pipelines anymore.
The scenario is like this:
We create a new commit and MR using the API and a Project/Group Access Token. That starts the commit pipeline, but fails because the bot user is apparently not allowed to access the dependency proxy.
All our normal users need to be at least Reporters on the Group Level to successfully run the Pipelines, but the Access Tokens fail regardless of the permissions or access level we grant them.
We tried different access levels / permissions and using both Group and Project tokens to no avail. It’s always returning an unauthorized error when the Pipeline is triggered by one of the Access Token bot accounts.
WARNING: Failed to pull image with policy "": image pull failed: rpc error: code = Unknown desc = Error response from daemon: unauthorized: authentication required ERROR: Job failed: prepare environment: waiting for pod running: pulling image "gitlab.xyzabc.com:443/zentek/dependency_proxy/containers/node:14": image pull failed: rpc error: code = Unknown desc = Error response from daemon: unauthorized: authentication required. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
What are we missing here?
Thanks in advance
- Benedikt