feat(mirror): add support for DOCKER_REGISTRY_MIRROR_USER/PASSWORD vars

76c9d169 · Mark Gibson · Pierre Smeyers · 0773bdd9 · 76c9d169 · 76c9d169
Commit 76c9d169 authored 7 months ago by Mark Gibson Committed by Pierre Smeyers 7 months ago
--- a/README.md
+++ b/README.md
@@ -136,6 +136,16 @@ If you use **different registries** for snapshot and release images, you shall u
 | :lock: `DOCKER_REGISTRY_RELEASE_USER`      | Docker registry username for release image registry  |
 | :lock: `DOCKER_REGISTRY_RELEASE_PASSWORD`  | Docker registry password for release image registry  |
+#### Using a registry mirror during image builds
+You can provide a URL for a mirror registry of `https://index.docker.io` for use during image builds (:warning: `kaniko` and `dind` options only), and optionally with credentials for the mirror, using the following variables:
+| Input / Variable                             | Description                                      |
+| -------------------------------------------- | ------------------------------------------------ |
+| `registry-mirror` / `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use           |
+| :lock: `DOCKER_REGISTRY_MIRROR_USER`         | Docker registry username for the mirror registry |
+| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD`     | Docker registry password for the mirror registry |
 #### Setting your own Docker configuration file (advanced)
 There might be cases where you need to provide the complete [Docker configuration file](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files):
@@ -163,6 +173,8 @@ In addition to you own defined variables, you may use the following variables (p
 - `${docker_snapshot_registry_host}`: the snapshot registry host (based on the configured `DOCKER_SNAPSHOT_IMAGE` variable)
 - `${docker_release_authent_token}`: the authentication token required by the release registry (computed from configured `DOCKER_REGISTRY_RELEASE_USER` / `DOCKER_REGISTRY_RELEASE_PASSWORD` variables)
 - `${docker_release_registry_host}`: the release registry host (based on the configured `DOCKER_RELEASE_IMAGE` variable)
+- `${docker_mirror_authent_token}`: the authentication token required by the mirror registry (computed from configured `DOCKER_REGISTRY_MIRROR_USER` / `DOCKER_REGISTRY_MIRROR_PASSWORD` variables)
+- `${docker_mirror_registry_host}`: the mirror registry host (based on the configured `DOCKER_REGISTRY_MIRROR` variable)
 Example 1: Docker configuration file inlined in the project repository (`.docker/config.json`) with **dynamic variables replacement**:
@@ -301,6 +313,8 @@ It is bound to the `package-build` stage, and uses the following variables:
 |-------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|
 | `build-args` / `DOCKER_BUILD_ARGS`                                      | Additional `docker/kaniko/buildah` `build` arguments                                                                                                                                                                                                                              | _(none)_                       |
 | `registry-mirror` / `DOCKER_REGISTRY_MIRROR`                            | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) <br>:warning: Used by the `kaniko` and `dind` options only                                                                                                           | _(none)_                       |
+| :lock: `DOCKER_REGISTRY_MIRROR_USER`                                    | Docker registry username for the mirror registry | _(none)_ |
+| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD`                                | Docker registry password for the mirror registry | _(none)_ |
 | `container-registries-config-file` / `CONTAINER_REGISTRIES_CONFIG_FILE` | The [`registries.conf`](https://www.redhat.com/sysadmin/manage-container-registries) configuration to be used<br>:warning: Used by the `buildah` build only                                                                                                                       | _(none)_                       |
 | `metadata` / `DOCKER_METADATA`                                          | Additional `docker build`/`kaniko` arguments to set label                                                                                                                                                                                                                         | OCI Image Format Specification |
 | `kaniko-snapshot-image-cache` / `KANIKO_SNAPSHOT_IMAGE_CACHE`           | Snapshot image repository that will be used to store cached layers (leave empty to use default: snapshot image repository + `/cache`)<br>:warning: Used by the `kaniko` build only                                                                                                | _none_ (default cache path)    |

--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -565,8 +565,19 @@ stages:
    export docker_release_authent_token
    export docker_release_registry_host
-    docker_snapshot_config_json=$(echo -n "{\"auths\":{\"$docker_snapshot_registry_host\":{\"auth\":\"$docker_snapshot_authent_token\"},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}}")
+    if [[ -n "$DOCKER_REGISTRY_MIRROR" && -n "$DOCKER_REGISTRY_MIRROR_USER" ]]
-    docker_release_config_json=$(echo -n "{\"auths\":{\"$docker_release_registry_host\":{\"auth\":\"$docker_release_authent_token\"},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}}")
+    then
+      docker_mirror_authent_token=$(echo -n "$DOCKER_REGISTRY_MIRROR_USER:$DOCKER_REGISTRY_MIRROR_PASSWORD" | base64 | tr -d '\n')
+      # shellcheck disable=SC2001
+      docker_mirror_registry_host=$(echo "$DOCKER_REGISTRY_MIRROR" | sed "s|^https*://||" | cut -d/ -f1)
+      export docker_mirror_authent_token
+      export docker_mirror_registry_host
+      docker_mirror_config_json="\"$docker_mirror_registry_host\":{\"auth\":\"$docker_mirror_authent_token\"},"
+    fi
+    docker_snapshot_config_json=$(echo -n "{\"auths\":{$docker_mirror_config_json\"$docker_snapshot_registry_host\":{\"auth\":\"$docker_snapshot_authent_token\"}},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}")
+    docker_release_config_json=$(echo -n "{\"auths\":{$docker_mirror_config_json\"$docker_release_registry_host\":{\"auth\":\"$docker_release_authent_token\"}},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}")
    # Create the configuration file for Docker and Kaniko
    BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME}