[tahoe-lafs-trac-stream] [Tahoe-LAFS] #3541: CircleCI cannot find context "dockerhub-auth"

Tahoe-LAFS trac at tahoe-lafs.org
Mon Dec 9 22:32:15 UTC 2024 

#3541: CircleCI cannot find context "dockerhub-auth"
------------------------------------+-----------------------
     Reporter:  sajith              |      Owner:
         Type:  defect              |     Status:  closed
     Priority:  normal              |  Milestone:  undecided
    Component:  dev-infrastructure  |    Version:  n/a
   Resolution:  wontfix             |   Keywords:
Launchpad Bug:                      |
------------------------------------+-----------------------
Changes (by btlogy):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 Looking at the latest PRs made from forks, I'm not sure if this is still
 an active problem.

 For instance, here are the logs of a typical "Spin up environment" step
 from the fork of [https://app.circleci.com/pipelines/github/LeastAuthority
 /tahoe-lafs/1219/workflows/cfb5c23f-504b-479d-bce0-2298f6249876/jobs/14881
 LeastAuthority]:

 {{{
 Starting container tahoelafsci/ubuntu:22.04-py3.10
 Warning: No authentication provided, using CircleCI credentials for pulls
 from Docker Hub.
   image cache not found on this host, downloading
 tahoelafsci/ubuntu:22.04-py3.10
 22.04-py3.10: Pulling from tahoelafsci/ubuntu
 29202e855b20: Pull complete
 6b6333d5c00a: Pull complete
 ff1afc76ab31: Pull complete
 95d8bf2f10c1: Pull complete Digest:
 sha256:cef80d0eb6b1aecfc79bb809955e183c87bae357bfbda304dfce37343bea6964
 Status: Downloaded newer image for tahoelafsci/ubuntu:22.04-py3.10
 }}}

 After having looked closer at the org/settings/context on CircleCI, I've
 discovered that LeastAuthority also has a context named `dockerhub-auth`
 (created before the one of Thaoe-LAFS).
 This explain why the above works.

 Also, the `dockerhub-auth` context of Tahoe-LAFS org. seems to be allowed
 to `All members, Tahoe Committers`, which could explain why forks from
 individual members of Tahoe-LAFS also works.

 I tend to agree with the earlier analysis: there is no apparent way for us
 to implement a logic where the authentication would be skipped if the
 context was not accessible (in "forking orgs." settings or non-member
 contributor).

 Though this could change if we decide to switch to an other CI (e.g.: GH),
 I'm closing this issue unfortunately as wontfix.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3541#comment:2>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list