Hi,
thanks for these patches. To keep things atomic, please also move the
documentation changes into this commit.
Shouldn't this be an either or? Only if the file is not present, check
for the gitlab env. That's at least how it is done with the
CI_JOB_TOKEN in setup_gitconfig().
> + if os.environ.get('CI_REGISTRY', False) \
> + and os.environ.get('CI_JOB_TOKEN', False) \
> + and os.environ.get('CI_REGISTRY_USER', False):
> + with open(self.tmpdirname + '/.docker/config.json',
> 'r+') as fds:
> + data = json.loads(fds.read())
> + token = os.environ['CI_JOB_TOKEN']
> + base64_token =
> base64.b64encode(token.encode()).decode()
> + auths = data.get('auths', {})
> + auths.update({os.environ['CI_REGISTRY']: {"auth":
> base64_token}})
> + data['auths'] = auths
> + fds.seek(0)
> + fds.write(json.dumps(data, indent=4))
> + fds.truncate()
As we truncate here, we likely need to open the file with 'w+', IIRC.
Felix
> +
> def _setup_aws_creds(self):
> aws_dir = self.tmpdirname + "/.aws"
> conf_file = aws_dir + "/config"
> @@ -290,6 +312,7 @@ class SetupHome(Command):
> logging.info(f'Running on {ci}')
> def_umask = os.umask(0o077)
> self._setup_netrc()
> + self._setup_registry_auth()
> self._setup_gitconfig()
> self._setup_aws_creds()
> os.umask(def_umask)
> --
> 2.34.1
>
--
Siemens AG, Technology
Linux Expert Center
>
> > +It contains credentials for the container registry login.
> > +The syntax is specified `here
> > <https://github.com/containers/image/blob/main/docs/containers-auth.json.5.md>`_.
>
> "The syntax follows the `containers-auth.json specification <url>`_,
> "here" is not a nice URL description
>
> > +The authentication file is compatible with docker, podman and skopeo.
> > +When running in the GitLab CI, the ``CI_JOB_TOKEN`` is appended to
> > +automatically grant access to the container registry.
>
> "...to automatically grant access according to the job permissions."
>
Ok. Actually copied it from the netrc section...
That was exactly what I fixed in V3. Because in case "REGISTRY_AUTH_FILE" was not set before,
open(..., 'r+') raised an "FileNotFoundError".
Changing the access mode from 'r+' to 'a+' behaves strange when I write to the file.
It discards any seek operation and continues to write at the end, so not usable even though it
creates the file if not present. If I use 'w+' then persistent content is always deleted, so I can't
load the content into my "data" variable...
What I can change here is to create the file only if it doesn't exist and if any of the CI_*
variables is set.
Like this:
if os.environ.get('CI_REGISTRY', False) \
and os.environ.get('CI_JOB_TOKEN', False) \
and os.environ.get('CI_REGISTRY_USER', False):
if not os.path.exists(self.tmpdirname + "/.docker/config.json"):
with open(self.tmpdirname + "/.docker/config.json", 'w') as fds:
fds.write("{}")
with open(...) as fds:
...
Would that be better?
Benedikt
Ok, then please also fix that there as well (in a dedicated cleanup
commit). Having the URLs in the text is anyways better, as these
otherwise are hidden in the manpage output.
Felix
--
Benedikt
> Jan
>
Benedikt
In case the URL is not super-long, I prefer inline.
Felix
--