-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[image-builder] Fix ignoring of user-passed authentication #19745
Conversation
@iQQBot Could you review this PR, and see if it makes sense? |
aa58596
to
0434908
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works well!
I tested the following:
- Previously built workspace images that are dependent on private registries in a custom dockerfile are able to start workspaces w/o building or being dependent on having GITPOD_IMAGE_AUTH set on the repo.
- A change to the private image in a custom dockerfile dependent on a private registry fails the build with a 502 if the GITPOD_IMAGE_AUTH is not set (image-builder-bob needs a credential).
- Building on the previous test, once the GITPOD_IMAGE_AUTH is set in the repo, a workspace image is built, and a workspace started. It can also be restarted.
- I can also use the same private image directly (so no custom docker file). It restarts fine, and if I delete the workspace-image it gets rebuilt.
I did not test private ECR. Let's plan to do against dogfood Thursday, and follow-up if needed? It's easier to land main-gha changes in Dedicated.
Before removing the hold, let's assert the problem can be recreated in a gen113 preview. That'll help us increase confidence that this resolves the issue. I'll do that now.
Got the following on workspace start for this context, an image ref: This was regardless of whether GITPOD_IMAGE_AUTH was defined for the repo (even when defined we got the error). Interestly, starting from this context, a docker file (a customer dockerfile) worked w/o issue. This other docker file also worked fine. |
Awesome, thank you for your thorough testing 🧡 |
/unhold |
Whoa, blocked by needing ✔️ from an old EXP team member... 😬 |
Thx @AlexTugarev for the unblock 🙇 |
Description
With #19474 a bug was introduced that ignores two registry authentication special cases:
GITPOD_IMAGE_AUTH
variable)Related Issue(s)
Fixes ENT-72
How to test
GITPOD_IMAGE_AUTH
)Documentation
Preview status
Gitpod was successfully deployed to your preview environment.
Build Options
Build
Run the build with werft instead of GHA
Run Leeway with
--dont-test
Publish
Installer
Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
If enabled this will build
install/preview
If enabled this will create the environment on GCE infra
Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
Valid options are
all
,workspace
,webapp
,ide
,jetbrains
,vscode
,ssh
. If enabled,with-preview
andwith-large-vm
will be enabled./hold