HI all, I have a repo that gets updated automatically from a bash script, and uses a group access token. .gitlab-ci.yml is set to pull an image using CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX (have also tried CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX). The group access token role is Developer (have also tried Owner ) and scopes are read_repository, write_repository, read_registry, write_registry . The pipeline kicks off fine when a normal user commits, but when the group access token commits, the CD job fails with the following. If I remove the dependency proxy prefix, it runs fine for the access token. What am I doing wrong? I’m basing my assumption on Dependency Proxy | GitLab. I previously was told I needed to use a group access token instead of a project token, but I’m only now getting a chance to revisit this. Any guidance would be appreciated.
WARNING: Failed to pull image with policy "always": Error response from daemon: unauthorized: authentication required (manager.go:237:0s)
ERROR: Job failed: failed to pull image "fqdn:443/group/dependency_proxy/containers/alpine:latest" with specified policies [always]: Error response from daemon: unauthorized: authentication required (manager.go:237:0s)
.gitlab-ci.yml:
image:
name: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine:latest
before_script:
# some ssh setup stuff
- foo
- bar
deploy_production:
stage: deploy
script:
- ssh somebody@fqdn /some/script.sh
Using GitLab Enterprise 15.8.1-ee