ImageFromDockerfile does not support authenticated pulls #1799
Comments
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you believe this is a mistake, please reply to this comment to keep it open. If there isn't one already, a PR to fix or at least reproduce the problem in a test case will always help us get back on track to tackle this. |
|
This issue has been automatically closed due to inactivity. We apologise if this is still an active problem for you, and would ask you to re-open the issue if this is the case. |
|
Reopening, as this is still an annoyance. |
So that ImageFromDockerfile and Docker Compose can use images from authenticated registries when building temporary images Fixes #1799
* Pre-pull images required for Dockerfile/Compose image builds So that ImageFromDockerfile and Docker Compose can use images from authenticated registries when building temporary images Fixes #1799 * Restore wider test scope
|
Discovered a bug in 1.14.0's release of #2201. I'll follow up with a patch fix shortly. |
…tainers#2201) * Pre-pull images required for Dockerfile/Compose image builds So that ImageFromDockerfile and Docker Compose can use images from authenticated registries when building temporary images Fixes testcontainers#1799 * Restore wider test scope
|
So, the overall solution in TestContainers appears to to parse the Dockerfile and pre-pull. We have some image builds that take the base image as build arg, and the current parsing doesn't account for that. For docker configurations without credsStore, the builds still work for us (probably because something in the TestContainers global docker client injects the X-Auth-Config information to the build POST request, but we haven't actually verified that yet). I think I understand why the pre-pull route is necessary for docker-compose, but could there be an option to disable it for the normal case? Overall idea is to add an option to: 1) Disable pre-pull, 2) pass all the available credentials to the build command. The alternative, to support base-image-as-build-args, would be to parse build args. Do you think that approach would be better? |
|
what is the status of this bug ? |
ImageFromDockerfiledoesn't work if base layer(s) need to be pulled from an authenticated registry and if those images are not already pulled.For example:
will result in a failure at image build time, even if the user has working credentials available on their machine (for example, a CLI
docker pullordocker buildworks).It looks like
BuildImageCmd'swithBuildAuthConfigs(AuthConfigurations);gives us an opportunity to improve this - however we'd have to perform a lookup for credentials for each image first.I think it should be feasible to:
FROM x [--as=y]declarationsRegistryAuthLocatorand obtain an auth configuration for each registryBuildImageCmdThe main difficulty would be that we have a few different ways in which the Dockerfile flows through Testcontainers, so we'd need to make sure we capture Dockerfile content at the right time.
The text was updated successfully, but these errors were encountered: