diff options
| author | Elizabeth Hunt <me@liz.coffee> | 2025-07-01 13:40:50 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <me@liz.coffee> | 2025-07-01 13:40:50 -0700 |
| commit | b2327674c851c9942e8eb2f94b1b5f1524521a19 (patch) | |
| tree | 52c4d7c4988645ae1fd328c8757e68d107b9f1fa | |
| parent | 62673ce6960a3443310af3fd1dabb7dee7dd5a86 (diff) | |
| download | ci-b2327674c851c9942e8eb2f94b1b5f1524521a19.tar.gz ci-b2327674c851c9942e8eb2f94b1b5f1524521a19.zip | |
Log into registry to pull image before executing pipeline
| -rwxr-xr-x | worker/scripts/checkout_ci.ts | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/worker/scripts/checkout_ci.ts b/worker/scripts/checkout_ci.ts index f2c87a0..f1627c9 100755 --- a/worker/scripts/checkout_ci.ts +++ b/worker/scripts/checkout_ci.ts @@ -26,6 +26,9 @@ export function isCiWorkflow(t: unknown): t is CiWorkflow { } const CI_WORKFLOW_FILE = '.ci/ci.json'; +const OCI_REGISTRY = 'oci.liz.coffee'; +const PIPELINE_IMAGE = OCI_REGISTRY + '/img/ci-worker:release'; +const READONLY_CREDENTIALS = { username: 'readonly', password: 'readonly' }; const run = Date.now().toString(); const eitherJob = getRequiredEnvVars(['remote', 'refname', 'rev']).mapRight( @@ -96,6 +99,9 @@ await LogMetricTraceable.ofLogTraceable(_logJob) }); }) .map(async (tEitherPipelineGenerationCommand) => { + tEitherPipelineGenerationCommand.move(getDockerLoginReadonlyCommand()); + }) + .map(async (tEitherPipelineGenerationCommand) => { const eitherJobCommand = await tEitherPipelineGenerationCommand.get(); const eitherPipeline = await eitherJobCommand.flatMapAsync((jobCommand) => tEitherPipelineGenerationCommand.move(jobCommand.cmd).map(getStdout).get(), @@ -143,11 +149,15 @@ function getSrcDirectoryForCiJob(job: CheckoutCiJob) { return `${job.arguments.returnPath}/${job.arguments.run}/src`; } +function getDockerLoginReadonlyCommand(credentials = READONLY_CREDENTIALS, registry = OCI_REGISTRY): Command { + return `docker login --username ${credentials.username} --password ${credentials.password} ${registry}`.split(' '); +} + function getPipelineGenerationCommand( job: CheckoutCiJob, pipelineGeneratorPath: string, - image = 'oci.liz.coffee/img/ci-worker:release', - runFlags = ('--rm --network none --cap-drop ALL --security-opt no-new-privileges').split(' '), + image = PIPELINE_IMAGE, + runFlags = '--rm --network none --cap-drop ALL --security-opt no-new-privileges'.split(' '), ): Command { return [ 'docker', |