Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
artifact registry docker image for cml runner
See original GitHub issueI’m trying out a cml runner on GCP using Gitlab. I have a working file that starts up an instance with dvcorg/cml:latest docker image.
Now I want to change the docker image for my own that adds in some helper utilities specific to my team. I’m hosting the image on artifact registry in Google cloud and I have granted the cloud-permission-set access to the container registry.
However my job fails with the error:
ERROR: Job failed: failed to pull image "us-west3-docker.pkg.dev/<myproject>/containers/cml:latest" with specified policies [always]: Error response from daemon: Head "https://us-west3-docker.pkg.dev/v2/<myproject>/containers/cml/manifests/latest": denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/<myproject>/locations/us-west3/repositories/containers" (or it may not exist) (manager.go:235:0s)
@dacbd confirmed he was able to reproduce and has a workaround for github.
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:14 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
cml runner / gitlab-ci access to private GCP registries much like AWS/ECR’s docker-credentials-login-ecr
Found my problem, I was missing the scopes on this line:
The working version is:
I thought my service account permissions would be sufficient.
Thanks for your help!