From 7eff789fc12412b4e5d174477cf40d941db30459 Mon Sep 17 00:00:00 2001
From: Mark Hansen <markhansen@google.com>
Date: Sat, 20 Feb 2021 14:50:14 +1100
Subject: [PATCH] Stop docker complaining about password argument

Fixes this warning:

```
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
```

With thanks to
https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/
for the inspiration.
---
 .gitlab-ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f1b1f86b2..b6d19fd1a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -574,7 +574,11 @@ deployment:
   services:
     - docker:dind
   before_script:
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    # Docker prefers passwords passed on stdin rather than as arguments,
+    # presumably because stdin isn't visible to other processes.
+    # $CI_JOB_TOKEN is documented at
+    # https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html#job-token
+    - echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
   stage: build_docker_images
   # do not re-run this job for new Git tags of previously seen commits
   except:
-- 
2.40.0