Docker and singularity login at runtime #725
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
Right now
miniwdl
requires that the login to the docker registry will be done before the start of the workflow, in case it uses private images, and the image is pulled at runtime, if not already present locally.In case the login is done with short-lived credentials, they could expire before the workflow get to the task and then fail.
Approach
After the changes in the PR the workflow will:
Right now GCP Artifact Registry, GCP Docker Registry, and AWS Elastic Container Registry are supported.
Only for docker swarm and singularity backends.
Checklist
make pretty
to reformat the code with blackmake check
to statically check the code using Pyre and PylintI don't know how to add tests for this, it will require to create private repositories and pass credentials to the CI.