How to build and push docker image from Azure DevOps pipeline to GitLab container registry?

Question

I'm trying to figure out how to set up a service connection to our company's gitlab instance in order to build and push some docker images on the gitlab container registry

I've created a service connection of type docker registry like this:

• Docker registry: https://our_company_registry/project_name
• Docker ID: my gitlab username
• Docker password: my gitlab token with read_registry and write_registry permissions
• Service name: Gitlab_Registry

my azure pipeline is

trigger:
- test

resources:
- repo: self

variables:
  tag: '$(Build.BuildId)'

name: $(Date:yyyyMMdd)$(Rev:.r)

stages:
- stage: Build
  displayName: Build image
  jobs:  
  - job: Build
    displayName: Build
    pool:
      vmImage: 'ubuntu-latest'
    steps:
    - task: Docker@2
      displayName: Login to Gitlab_Registry
      inputs:
        command: login
        containerRegistry: 'Gitlab_Registry'
        
        
    - task: Docker@2
      displayName: Build and push MyProject
      inputs:
        command: buildAndPush
        repository: 'myproject'
        containerRegistry: 'Gitlab_Registry'
        dockerfile: '$(Build.SourcesDirectory)/src/MyProject/Dockerfile'
        buildContext: '$(Build.SourcesDirectory)'
        tags: '$(Build.BuildNumber)'

(I'm not even so sure about the login step...)

In devops, the build is successful but I got this error when is time to push the image

denied: requested access to the resource is denied
##[error]denied: requested access to the resource is denied
##[error]The process '/usr/bin/docker' failed with exit code 1

What am I missing?

Answer 1

If the gitlab container registry is hosted on your company's gitlab instance, and it cannot be accessed from the public network. Then it will not be accessible from the cloud hosted agents.

You were using the cloud hosted agent ubuntu-latest in above pipeline. So you would see above error, since your gitlab container registry cannot be reached from microsoft network.

In this case, You will need to create self-hosted agents on the your company's machines that can access to the gitlab container registry within your company's network. And then you can specify the pipeline to run the self-hosted agents by targeting the pool to your private agent pool.

stages:
- stage: Build
  displayName: Build image
  jobs:  
  - job: Build
    displayName: Build
   
    #Targeting your private agent pool eg. default
    pool: default
  

Please check out the detailed steps here to create self-hosted agents.

Update:

If the gitlab container registry can be accessed from public network. Please check if the registry url and password are all correctly setup.

Please try changing the Docker registry in the ADO service connection to https://our_company_registry. eg. https://gitlab.example.com

If all the settings are correctly setup. But the error still occurs. Please have a try building and pushing your image using docker commands in a script task. see below:

Note: Variables REGISTRY_USER, REGISTRY_URL need to be defined in your pipeline. Variable Password needs to be defined as secret variable.

- bash: |
   docker login -u $(REGISTRY_USER) -p $REGISTRY_PASSWORD $(REGISTRY_URL)
   docker build -t $(REGISTRY_URL)/group/project/image:latest .
   docker push $(REGISTRY_URL)/group/project/image:latest
   
  displayName: 'Bash Script'
  env:
    REGISTRY_PASSWORD: $(Password)