Runner pushes image to registry: "unauthorized: authentication required"

Hi all,

I implemented the following setup for gitlab-ci, in my gitlab community environment

I am using version: 8.12.0

I have a “build” stage in which I build a docker image and pushes it to gitlab registry
and I have a “test” stage after the build stage in which I pull the image (I built in previous stage) and test it.

I am using this setup for a while, but recently I started to have some problems, on the build stage I keep getting unauthorized: authentication required for pushing and the push itself takes a very long time.

My gut feeling is telling me that the reason I am getting the unauthorized: authentication required is because push takes a lot of time, and the ci-token is getting invalidated.

The push job looks like this:

    stage: build
        - "docker build --pull -t $CONTAINER_REF_IMAGE ."
        - "docker push $CONTAINER_REF_IMAGE"

I had to solve it, so I started to:

  1. delete images from the registry
  2. restart gitlab
  3. use new runers

I don’t know which of the above helped, if any.

Actually I am kind of lost here,

  1. Am I doing something wrong? pushing so many images? (we re practicing CD)
  2. How do I delete old images without using the UI maybe as part of a “cleanup” stage in the gitlab-ci.yml
  3. And important of all, why am I getting this error

Any help will be appreciated.


1 Like

I think you should login first.
run: docker login -u <username> -p <password>
before docker push

There is ofcourse a login in a before_script

      - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $registry

I’m having the same issue, any solution?

At the moment, I started using a different image registry (ECR) and since then I don’t have problems,

I know it is a workaround but I had no choices

nice, although not a solution for me as I am not free to change the company registry :slight_smile:

I had this issue because the login token expired. As the admin user, click on the gear icon and choose Settings. Then scroll down to the Container Registry section and change the timeout. The default is 5 minutes, but it can be increased to accommodate your builds. This sets the lifetime of the token, and it sounds like you might be exceeding it, so it acts as if you are no longer logged in to the registry.

Hope that helps!

1 Like