Support using Docker credentials when available

Closes #22

manifest.yml

@@ -21,6 +21,8 @@ applications:
       # See gitlab-runner register --help for available vars
       CI_SERVER_TOKEN: ((ci_server_token))
       CI_SERVER_URL: ((ci_server_url))
+      DOCKER_HUB_USER: ((docker_hub_user))
+      DOCKER_HUB_TOKEN: ((docker_hub_token))
       RUNNER_EXECUTOR: ((runner_executor))
       RUNNER_NAME: ((runner_name))
       # Remaining runner configuration is generally static. In order to surface

runner/cf-driver/base.sh

@@ -13,5 +13,10 @@ if [ -z "$DEFAULT_JOB_IMAGE" ]; then
     echo "WARNING: DEFAULT_JOB_IMAGE not set! Falling back to ${DEFAULT_JOB_IMAGE}"
 fi
 
+# Complain if no Docker Hub credentials so we aren't bad neighbors
+if [ -z "$DOCKER_HUB_USER" ] || [ -z "$DOCKER_HUB_TOKEN" ]; then
+    echo "WARNING: Docker Hub credentials not set! Falling back to public access which could result in rate limiting."
+fi
+
 # Use a custom image if provided, else fallback to configured default
 CUSTOM_ENV_CI_JOB_IMAGE="${CUSTOM_ENV_CI_JOB_IMAGE:=$DEFAULT_JOB_IMAGE}"

runner/cf-driver/prepare.sh

@@ -28,16 +28,44 @@ create_temporary_varfile () {
     echo "[cf-driver] [DEBUG] Added $(wc -l "$TMPVARFILE") lines to $TMPVARFILE"
 }
 
+get_registry_credentials () {
+    image_name="$1"
+
+    if echo "$image_name" | grep -q "registry.gitlab.com"; then
+        echo "$CUSTOM_ENV_CI_REGISTRY_USER" "$CUSTOM_ENV_CI_REGISTRY_PASSWORD"
+    elif echo "$image_name" | grep -q -P '^(?!registry-\d+.docker.io)[\w-]+(?:\.[\w-]+)+'; then
+        return 0
+    elif [ -n "$DOCKER_HUB_TOKEN" ] && [ -n "$DOCKER_HUB_USER" ]; then
+        echo "$DOCKER_HUB_USER" "$DOCKER_HUB_TOKEN"
+    fi
+}
+
 start_container () {
     container_id="$1"
+    image_name="$CUSTOM_ENV_CI_JOB_IMAGE"
+
     if cf app --guid "$container_id" >/dev/null 2>/dev/null ; then
         echo '[cf-driver] Found old instance of runner executor, deleting'
         cf delete -f "$container_id"
     fi
 
-    cf push "$container_id" -f "${currentDir}/worker-manifest.yml" \
-       --docker-image "$CUSTOM_ENV_CI_JOB_IMAGE" -m "$WORKER_MEMORY" \
+    push_args=(
+       "$container_id"
+       -f "${currentDir}/worker-manifest.yml"
+       -m "$WORKER_MEMORY"
        --vars-file "$TMPVARFILE"
+       --docker-image "$image_name"
+    )
+
+    local docker_user docker_pass
+    read -r docker_user docker_pass <<< "$(get_registry_credentials "$image_name")"
+
+    if [ -n "$docker_user" ] && [ -n "$docker_pass" ]; then
+        push_args+=('--docker-username' "${docker_user}")
+        local -x CF_DOCKER_PASSWORD="${docker_pass}"
+    fi
+
+    cf push "${push_args[@]}"
 }
 
 start_service () {
@@ -69,9 +97,12 @@ start_service () {
         push_args+=('-c' "${container_entrypoint[@]}" "${container_command[@]}")
     fi
 
-    if echo "$image_name" | grep "registry.gitlab.com"; then
-        declare -x CF_DOCKER_PASSWORD=$CUSTOM_ENV_CI_REGISTRY_PASSWORD
-        push_args+=('--docker-username' "$CUSTOM_ENV_CI_REGISTRY_USER")
+    local docker_user docker_pass
+    read -r docker_user docker_pass <<< "$(get_registry_credentials "$image_name")"
+
+    if [ -n "$docker_user" ] && [ -n "$docker_pass" ]; then
+        push_args+=('--docker-username' "${docker_user}")
+        local -x CF_DOCKER_PASSWORD="${docker_pass}"
     fi
 
     # TODO - Figure out how to handle non-global memory definition

vars.yml-example

@@ -10,3 +10,5 @@ runner_memory: 512M
 worker_memory: 512M
 service_account_instance: my-service-account
 object_store_instance: my-brokered-bucket
+docker_hub_user: my-docker-user
+docker_hub_token: my-docker-token