]> granicus.if.org Git - graphviz/commitdiff
Stop docker complaining about password argument
authorMark Hansen <markhansen@google.com>
Sat, 20 Feb 2021 03:50:14 +0000 (14:50 +1100)
committerMark Hansen <markhansen@google.com>
Sat, 20 Feb 2021 03:50:14 +0000 (14:50 +1100)
Fixes this warning:

```
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
```

With thanks to
https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/
for the inspiration.

.gitlab-ci.yml

index f1b1f86b21a4af3f29caefa6a12f6fc38e3bd02b..b6d19fd1abc5f3e976b9a74f0ad839caf1d8af24 100644 (file)
@@ -574,7 +574,11 @@ deployment:
   services:
     - docker:dind
   before_script:
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    # Docker prefers passwords passed on stdin rather than as arguments,
+    # presumably because stdin isn't visible to other processes.
+    # $CI_JOB_TOKEN is documented at
+    # https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html#job-token
+    - echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
   stage: build_docker_images
   # do not re-run this job for new Git tags of previously seen commits
   except: