2023年2月16日 06:08:26go评论48阅读模式

英文:

Can't push docker image to Gitlab registry from pipeline: "denied: access forbidden"

问题

我使用[Gitlab][1]（不是自托管）进行CI/CD，但在流水线中无法将Docker镜像推送到Gitlab的容器注册表。虽然登录和构建镜像似乎运行正常，但推送时出现错误：denied: access forbidden。我不明白为什么访问被禁止。

我的 .gitlab-ci.yml 文件如下：

Deploy backend:
    before_script:
        - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    image: docker:latest
    script:
      - docker build -t registry.gitlab.com/profilename/projectname/backend .
      - docker push registry.gitlab.com/profilename/projectname/backend
    services:
      - docker:dind
    stage: deploy

这是作业的日志：

[0KRunning with gitlab-runner 15.9.0~beta.115.g598a7c91 (598a7c91)[0;m
[0K  on blue-5.shared.runners-manager.gitlab.com/default -AzERasQ, system ID: s_8a38c517a741[0;m
section_start:1676491269:prepare_executor
[0K[0K[36;1mPreparing the "docker+machine" executor[0;m[0;m
[0KUsing Docker executor with image docker:latest ...[0;m
[0KStarting service docker:dind ...[0;m
[0KPulling docker image docker:dind ...[0;m
[0KUsing docker image sha256:1278207f64426065791cb1a0a8967c69327c962f83273e57b63da0c55eb045ce for docker:dind with digest docker@sha256:44cd33fb5235eb32c853f17b6ae6dea3cc3fb9239b83f2e732c7de6f94829a72 ...[0;m
[0KWaiting for services to be up and running (timeout 30 seconds)...[0;m
[0KPulling docker image docker:latest ...[0;m
[0KUsing docker image sha256:1278207f64426065791cb1a0a8967c69327c962f83273e57b63da0c55eb045ce for docker:latest with digest docker@sha256:44cd33fb5235eb32c853f17b6ae6dea3cc3fb9239b83f2e732c7de6f94829a72 ...[0;m
section_end:1676491303:prepare_executor
[0Ksection_start:1676491303:prepare_script
[0K[0K[36;1mPreparing environment[0;m[0;m
Running on runner--azerasq-project-42230322-concurrent-0 via runner-azerasq-shared-1676491230-d30ae835...
section_end:1676491304:prepare_script
[0Ksection_start:1676491304:get_sources
[0K[0K[36;1mGetting source from Git repository[0;m[0;m
[32;1m$ eval "$CI_PRE_CLONE_SCRIPT"[0;m
[32;1mFetching changes with git depth set to 20...[0;m
Initialized empty Git repository in /builds/profilename/projectname/.git/
[32;1mCreated fresh repository.[0;m
[32;1mChecking out a693f85a as detached HEAD (ref is 1-remove-login-barrier)...[0;m
[32;1mSkipping Git submodules setup[0;m
section_end:1676491307:get_sources
[0Ksection_start:1676491307:download_artifacts
[0K[0K[36;1mDownloading artifacts[0;m[0;m
[32;1mDownloading artifacts for Build backend (3778290090)...[0;m
Downloading artifacts from coordinator... ok      [0;m  host[0;m=storage.googleapis.com id[0;m=3778290090 responseStatus[0;m=200 OK token[0;m=64_EXTxB
section_end:1676491309:download_artifacts
[0Ksection_start:1676491309:step_script
[0K[0K[36;1mExecuting "step_script" stage of the job script[0;m[0;m
[0KUsing docker image sha256:1278207f64426065791cb1a0a8967c69327c962f83273e57b63da0c55eb045ce for docker:latest with digest docker@sha256:44cd33fb5235eb32c853f17b6ae6dea3cc3fb9239b83f2e732c7de6f94829a72 ...[0;m
[32;1m$ docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY[0;m
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[32;1m$ docker build -t registry.gitlab.com/profilename/projectname/backend .[0;m
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 121B done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 transferring context: 134B done
#2 DONE 0.0s
#3 [auth] library/golang:pull token for registry-1.docker.io
#3 DONE 0.0s
#4 [internal] load metadata for docker.io/library/golang:alpine
#4 DONE 0.5s
#5 [1/3] FROM docker.io/library/golang:alpine@sha256:48f336ef8366b9d6246293e3047259d0f614ee167db1869bdbc343d6e09aed8a
#5 resolve docker.io/library/golang:alpine@sha256:48f336ef8366b9d6246293e3047259d0f614ee167db1869bdbc343d6e09aed8a 0.0s done
#5 sha256:18da4399cedd9e383beb6b104d43aa1d48bd41167e312bb5306d72c51bd11548 1.16kB / 1.16kB done
#5 sha256:0b94e5e3eec1be96be80bab3ffc3186af109233342f79fb5051b45ba4beb6bd5 5.11kB / 5.11kB done
#5 sha256
<details>
<summary>英文:</summary>
I&#39;m using [Gitlab][1] (not self hosted) for CI/CD and fail to push a docker image to Gitlab&#39;s container registry from the pipeline. While logging in and building the image appear to work, pushing it produces an error: `denied: access forbidden`. I don&#39;t understand why the access is forbidden.
My .gitlab-ci.yml looks like this:
Deploy backend:
before_script:
- docker login -u &quot;$CI_REGISTRY_USER&quot; -p &quot;$CI_REGISTRY_PASSWORD&quot; $CI_REGISTRY
image: docker:latest
script:
- docker build -t registry.gitlab.com/profilename/projectname/backend .
- docker push registry.gitlab.com/profilename/projectname/backend
services:
- docker:dind
stage: deploy
This is the log from the job:

[0KRunning with gitlab-runner 15.9.0~beta.115.g598a7c91 (598a7c91)[0;m
[0K  on blue-5.shared.runners-manager.gitlab.com/default -AzERasQ, system ID: s_8a38c517a741[0;m
section_start:1676491269:prepare_executor
[0K[0K[36;1mPreparing the &quot;docker+machine&quot; executor[0;m[0;m
[0KUsing Docker executor with image docker:latest ...[0;m
[0KStarting service docker:dind ...[0;m
[0KPulling docker image docker:dind ...[0;m
[0KUsing docker image sha256:1278207f64426065791cb1a0a8967c69327c962f83273e57b63da0c55eb045ce for docker:dind with digest docker@sha256:44cd33fb5235eb32c853f17b6ae6dea3cc3fb9239b83f2e732c7de6f94829a72 ...[0;m
[0KWaiting for services to be up and running (timeout 30 seconds)...[0;m
[0KPulling docker image docker:latest ...[0;m
[0KUsing docker image sha256:1278207f64426065791cb1a0a8967c69327c962f83273e57b63da0c55eb045ce for docker:latest with digest docker@sha256:44cd33fb5235eb32c853f17b6ae6dea3cc3fb9239b83f2e732c7de6f94829a72 ...[0;m
section_end:1676491303:prepare_executor
[0Ksection_start:1676491303:prepare_script
[0K[0K[36;1mPreparing environment[0;m[0;m
Running on runner--azerasq-project-42230322-concurrent-0 via runner-azerasq-shared-1676491230-d30ae835...
section_end:1676491304:prepare_script
[0Ksection_start:1676491304:get_sources
[0K[0K[36;1mGetting source from Git repository[0;m[0;m
[32;1m$ eval &quot;$CI_PRE_CLONE_SCRIPT&quot;[0;m
[32;1mFetching changes with git depth set to 20...[0;m
Initialized empty Git repository in /builds/profilename/projectname/.git/
[32;1mCreated fresh repository.[0;m
[32;1mChecking out a693f85a as detached HEAD (ref is 1-remove-login-barrier)...[0;m
[32;1mSkipping Git submodules setup[0;m
section_end:1676491307:get_sources
[0Ksection_start:1676491307:download_artifacts
[0K[0K[36;1mDownloading artifacts[0;m[0;m
[32;1mDownloading artifacts for Build backend (3778290090)...[0;m
Downloading artifacts from coordinator... ok      [0;m  host[0;m=storage.googleapis.com id[0;m=3778290090 responseStatus[0;m=200 OK token[0;m=64_EXTxB
section_end:1676491309:download_artifacts
[0Ksection_start:1676491309:step_script
[0K[0K[36;1mExecuting &quot;step_script&quot; stage of the job script[0;m[0;m
[0KUsing docker image sha256:1278207f64426065791cb1a0a8967c69327c962f83273e57b63da0c55eb045ce for docker:latest with digest docker@sha256:44cd33fb5235eb32c853f17b6ae6dea3cc3fb9239b83f2e732c7de6f94829a72 ...[0;m
[32;1m$ docker login -u &quot;$CI_REGISTRY_USER&quot; -p &quot;$CI_REGISTRY_PASSWORD&quot; $CI_REGISTRY[0;m
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[32;1m$ docker build -t registry.gitlab.com/profilename/projectname/backend .[0;m
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 121B done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 transferring context: 134B done
#2 DONE 0.0s
#3 [auth] library/golang:pull token for registry-1.docker.io
#3 DONE 0.0s
#4 [internal] load metadata for docker.io/library/golang:alpine
#4 DONE 0.5s
#5 [1/3] FROM docker.io/library/golang:alpine@sha256:48f336ef8366b9d6246293e3047259d0f614ee167db1869bdbc343d6e09aed8a
#5 resolve docker.io/library/golang:alpine@sha256:48f336ef8366b9d6246293e3047259d0f614ee167db1869bdbc343d6e09aed8a 0.0s done
#5 sha256:18da4399cedd9e383beb6b104d43aa1d48bd41167e312bb5306d72c51bd11548 1.16kB / 1.16kB done
#5 sha256:0b94e5e3eec1be96be80bab3ffc3186af109233342f79fb5051b45ba4beb6bd5 5.11kB / 5.11kB done
#5 sha256:63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c 3.37MB / 3.37MB 0.2s done
#5 sha256:a2d21d5440ebff5aaaaeb115a003f7a4a3897f1866a87de95bc4a21436fc563c 284.82kB / 284.82kB 0.1s done
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 0B / 100.63MB 0.2s
#5 sha256:48f336ef8366b9d6246293e3047259d0f614ee167db1869bdbc343d6e09aed8a 1.65kB / 1.65kB done
#5 sha256:07244a03b3147bcdf5c1256e62110d50e31af7af76ef53aae3bcc9da8410dcdc 0B / 155B 0.2s
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 5.24MB / 100.63MB 0.3s
#5 sha256:07244a03b3147bcdf5c1256e62110d50e31af7af76ef53aae3bcc9da8410dcdc 155B / 155B 0.3s done
#5 extracting sha256:63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 13.41MB / 100.63MB 0.4s
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 19.92MB / 100.63MB 0.5s
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 27.26MB / 100.63MB 0.6s
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 47.19MB / 100.63MB 0.8s
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 56.62MB / 100.63MB 0.9s
#5 ...
#6 [internal] load build context
#6 transferring context: 22.68MB 1.0s done
#6 DONE 1.1s
#5 [1/3] FROM docker.io/library/golang:alpine@sha256:48f336ef8366b9d6246293e3047259d0f614ee167db1869bdbc343d6e09aed8a
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 67.11MB / 100.63MB 1.0s
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 73.40MB / 100.63MB 1.1s
#5 extracting sha256:63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c 0.9s done
#5 extracting sha256:a2d21d5440ebff5aaaaeb115a003f7a4a3897f1866a87de95bc4a21436fc563c
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 79.69MB / 100.63MB 1.2s
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 98.57MB / 100.63MB 1.4s
#5 extracting sha256:a2d21d5440ebff5aaaaeb115a003f7a4a3897f1866a87de95bc4a21436fc563c 0.2s done
#5 sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 100.63MB / 100.63MB 2.1s done
#5 extracting sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d
#5 extracting sha256:752c438cb1864d6b2151010a811031b48f0c3511c7aa49f540322590991c949d 5.1s done
#5 extracting sha256:07244a03b3147bcdf5c1256e62110d50e31af7af76ef53aae3bcc9da8410dcdc
#5 extracting sha256:07244a03b3147bcdf5c1256e62110d50e31af7af76ef53aae3bcc9da8410dcdc done
#5 DONE 7.7s
#7 [2/3] COPY ./backend .
#7 DONE 2.3s
#8 [3/3] COPY ./.env .
#8 DONE 0.0s
#9 exporting to image
#9 exporting layers
#9 exporting layers 0.1s done
#9 writing image sha256:a68871721d60f549d798eeed6b0ee2cc341363fd92dc27b02226edb35715fdcd done
#9 naming to registry.gitlab.com/profilename/projectname/backend done
#9 DONE 0.1s
WARNING: buildx: git was not found in the system. Current commit information was not captured by the build
[32;1m$ docker push registry.gitlab.com/profilename/projectname/backend[0;m
Using default tag: latest
The push refers to repository [registry.gitlab.com/profilename/projectname/backend]
c7f4a40df92d: Preparing
ee97383dd371: Preparing
3ade35e5a1f0: Preparing
c6bcad44cf36: Preparing
d270ab11cf6e: Preparing
7cd52847ad77: Preparing
7cd52847ad77: Waiting
denied: access forbidden
section_end:1676491322:step_script
[0Ksection_start:1676491322:cleanup_file_variables
[0K[0K[36;1mCleaning up project directory and file based variables[0;m[0;m
section_end:1676491322:cleanup_file_variables
[0K[31;1mERROR: Job failed: exit code 1
[0;m
Building it locally and then uploading it to the Gitlab registry works perfectly. What am I missing here?
[1]: https://gitlab.com
</details>
# 答案1
**得分**: 1
我在Gitlab中前往`设置 > CI/CD > 变量`，删除了`CI_REGISTRY_USER`和`CI_REGISTRY`。这些变量的值在我看来似乎是正确的，但显然，如果未定义，它们将自动填充为其他有效值。
<details>
<summary>英文:</summary>
I went to `Settings &gt; CI/CD &gt; Variables` in Gitlab and deleted `CI_REGISTRY_USER` and `CI_REGISTRY`. The values of those variables looked ok to me, but apparently they get auto-populated if not defined with something else that works. 
</details>

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

无法从流水线将 Docker 镜像推送到 Gitlab 注册表: “拒绝访问”

问题

Docker支持重定向HTTP吗？

连接到 MongoDB 容器版本 6.0.2 | amd64/mongo 时出现错误。

AWS ECS任务在运行后直接消失

`RUN apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 871920D1991BC93C` 返回错误。

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论