Trying to use secure files in CI/CD but once I add syntax for it, I get new error: access denied

GitLab CI/CD
, , ,
1

Problem to solve

I’m trying to run a Python script using Gitlab’s CI/CD feature and am also utilizing the secure files feature to store an authentication file. I’m running into some issues and would love help. Unfortunately I can’t share a reproducible example due to confidential information, but I’ll try to explain as much as I can.

So after adding a secure file and relevant commands in the yaml file, I was able to get the secure file name to show up in the pipeline output by following the instructions here Project-level Secure Files | GitLab.

When I first implemented this, I ran into pipeline errors saying that curl and bash could not be found. After adding the following, those errors went away:

before_script:
    - apk add --update curl && rm -rf /var/cache/apk/* 
    - apk add --no-cache --upgrade bash
  script:
    - docker stop "$CONTAINER_NAME" || true && docker rm "$CONTAINER_NAME" || true
    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash

However, I’m now getting a new error that is saying:

docker: Error response from daemon: Get https://registry.gitlab.com/v2/project_path/manifests/main-latest: denied: access forbidden.

I am passing GitLab variables through my Docker run command, but this was not an issue before I added the secure files methodology. What might be the issue here?

Configuration

Here is a comprehensive snippet of my yaml file, and the error seems to be occurring at the docker run line:

testing:
  stage: test
  except:
    - pipelines
    - schedules
  variables:
    SECURE_FILES_DOWNLOAD_PATH: 'test-folder'
  before_script:
    - apk add --update curl && rm -rf /var/cache/apk/* 
    - apk add --no-cache --upgrade bash
  script:
    - docker stop "$CONTAINER_NAME" || true && docker rm "$CONTAINER_NAME" || true
    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
    - ls -lah test-folder/
    # Start the container
    - docker run -d --rm
      --name $CONTAINER_NAME 
      --env ENV="prod"
      --env USER="$USER"
      --env PASSWD="$PASSWD"
      "$IMAGE"
      tail -f /dev/null
    - docker exec 
      $CONTAINER_NAME
      python scripts/test.py
    - docker stop $CONTAINER_NAME

Any help or advice would be much appreciated – thanks!