Docker login is not working for pipeline

Hello,

I am running pipelines for automatically building Docker images on push to latest and whenever the repo is tagged. Here is my gitlab-ci.yml file:

# Build & push latest image
docker-build-push:
  image: docker:cli
  stage: build
  services:
    - docker:dind
  before_script:
    - docker login -u sofiapipeline -p "$CI_REGISTRY_PASSWORD"
  script:
    - docker build --pull -t docker.io/sofiapipeline/sofia2:latest .
    - docker push docker.io/sofiapipeline/sofia2
  rules:
    - if: $CI_COMMIT_BRANCH && $CI_PROJECT_NAMESPACE == "SoFiA-Admin"
      exists:
        - Dockerfile

# Build & push tagged image on tag
docker-build-tag:
  image: docker:cli
  stage: build
  services:
    - docker:dind
  before_script:
    - docker login -u sofiapipeline -p "$CI_REGISTRY_PASSWORD"
  script:
    - docker build --pull -t docker.io/sofiapipeline/sofia2:$CI_COMMIT_TAG .
    - docker push docker.io/sofiapipeline/sofia2:$CI_COMMIT_TAG
  rules:
    - if: $CI_COMMIT_TAG =~ /^v[0-9].[0-9].[0-9]/ && $CI_PROJECT_NAMESPACE == "SoFiA-Admin"
      when: always

I am having the strange issue where the docker-build-push pipelines are working each time but the docker-build-tag pipelines are failing at the login step. In a most recent run I get the following error message:

$ docker login -u sofiapipeline -p "$CI_REGISTRY_PASSWORD"
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: exit code 1

A docker-build-latest pipeline that is triggered at the same time is able to complete even though the before_script command is exactly the same. The secrets that are stored are obviously the same for both runs.

Does anybody know why this might be the case?

Why are you using CI_REGISTRY_PASSWORD for an external registry (docker.io)? This is a pre-defined variable to be used to authenticate with GitLab’s built-in registry.

I’d suggest you to create a new variable with your password to authenticate with DockerHub and then use this one in your pipeline.

2 Likes