Page MenuHomePhabricator
Create Task
Maniphest T310718

Gitlab pipeline not working with "docker-registry.wikimedia.org/releng/" images
Closed, DuplicatePublicBUG REPORT
Actions

Description

List of steps to reproduce (step by step, including full links if applicable):

  • Select one of the images below and try to run a Gitlab pipeline
  • Gitlab job

What happens?:
When using images like:

releng/composer
releng/composer-hhvm
releng/composer-package
releng/composer-package-hhvm
releng/composer-package-php55

in the Gitlab pipeline, the following output is produced by the job:

ERROR: The "docker-registry.wikimedia.org/releng/composer-php72:0.5.0-s6" image is not present on list of allowed images:
- docker-registry.wikimedia.org/*
- centos/*:*
- debian:*
- fedora:*
- opensuse/*:*
- ubuntu:*
- python:*
- ruby:*
- rust:*
- rustlang/rust:nightly
- registry.gitlab.com/gitlab-org/*
Please check runner's configuration:
		https://docs.gitlab.com/runner/configuration/advanced-configuration.html
		#restricting-docker-images-and-services
ERROR: Failed to remove network for build
ERROR: Preparation failed: disallowed image

Related Objects

Event Timeline

mmartorana created this task.Jun 15 2022, 3:53 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 15 2022, 3:53 PM
sbassett edited projects, added Release-Engineering-Team; removed Release-Engineering-Team (GitLab-a-thon 🦊).Jun 15 2022, 4:00 PM
sbassett added a project: GitLab.
sbassett added a comment.EditedJun 16 2022, 3:49 PM

Hey Release-Engineering-Team - guessing the releng path might need to be explicitly allow-listed as well? So: docker-registry.wikimedia.org/releng/*? And maybe docker-registry.wikimedia.org/dev/* and docker-registry.wikimedia.org/wikimedia/* as well? Assuming those are images we wish to allow within Gitlab CI.

brennen subscribed.Jun 16 2022, 3:57 PM

Bit slammed at the moment but this probably dupes T310535: GitLab runners: allowed_images patterns need to be loosened to include subdirectories.

sbassett closed this task as a duplicate of T310535: GitLab runners: allowed_images patterns need to be loosened to include subdirectories.EditedJun 16 2022, 3:59 PM
In T310718#8009379, @brennen wrote:

Bit slammed at the moment but this probably dupes T310535: GitLab runners: allowed_images patterns need to be loosened to include subdirectories.

Yes, looks like it. I just merged this task over there. Sorry about being slammed, but any idea when c805247 might get merged and deployed? Thanks.

brennen added a comment.Jun 16 2022, 6:19 PM

From other task:

@sbassett: With that patch merged, this should take effect once runners are re-registered. I can probably get to that after train.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL