Π‘ΠΏΠΈΡΠΎΠΊ ΠΎΠ±ΡΠ°Π·ΠΎΠ² Docker Π² ΡΠ΅Π΄ΠΆΠ΅ΡΡΡΠΈ GitLab.
ΠΡΠΎΡ ΠΌΠ΅ΡΠΎΠ΄ Π½Π°ΠΏΡΡΠΌΡΡ ΠΎΠ±ΡΠ°ΡΠ°Π΅ΡΡΡ ΠΊ ΡΠ΅Π΄ΠΆΠ΅ΡΡΡΠΈ GitLab.
Π‘ΠΎΠ·Π΄Π°ΠΉΡΠ΅ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΉ ΡΠΎΠΊΠ΅Π½ Π΄ΠΎΡΡΡΠΏΠ° Ρ ΠΎΠ±Π»Π°ΡΡΡΡ read_registry.
Π‘ΠΎΠ·Π΄Π°ΠΉΡΠ΅ shell ΡΠΊΡΠΈΠΏΡ, ΠΊΠΎΡΠΎΡΡΠΉ Π±ΡΠ΄Π΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡΡΡ Π΄Π»Ρ Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΡΠ΅Π΅ΡΡΡΡ GitLab.
ΠΠ»Ρ ΡΡΠΎΠ³ΠΎ ΠΏΠΎΡΡΠ΅Π±ΡΡΡΡΡ ΡΡΠΈΠ»ΠΈΡΡ ΠΊΠΎΠΌΠ°Π½Π΄Π½ΠΎΠΉ ΡΡΡΠΎΠΊΠΈ curl ΠΈ jq.
#!/usr/bin/env bash
# Display GitLab registry containers
#
# Create Personal Access Token with read_registry scope
#
# Define shell variables:
# export GITLAB_USERNAME=milosz
# export GITLAB_TOKEN="glpat-qhP3QBpSMXLUysvserXY"
# export GITLAB_ADDRESS="https://gitlab.example.org"
# export GITLAB_REGISTRY_ADDRESS="https://registry.example.org"
# Check required shell variables
if [ -n "$GITLAB_USERNAME" ] && [ -n "$GITLAB_TOKEN" ] && [ -n "$GITLAB_ADDRESS" ]; then
# Check GitLab and its registry addresses
curl --output /dev/null --silent --head --fail "$GITLAB_ADDRESS" || { echo "GitLab is not responding"; exit 1; }
curl --output /dev/null --silent --head --fail "$GITLAB_REGISTRY_ADDRESS" || { echo "Registry is not responding"; exit 1; }
# Get JWT token that grants access to registry catalog
token="$(curl --silent --request GET --user "${GITLAB_USERNAME}:${GITLAB_TOKEN}" \
"${GITLAB_ADDRESS}/jwt/auth?service=container_registry&scope=registry:catalog:*" | \
jq --raw-output .token)"
if [ -n "$token" ] && [ "$token" != "null" ]; then
# Get repositories
repositories="$(curl --silent --header "Authorization: Bearer $token" \
"${GITLAB_REGISTRY_ADDRESS}/v2/_catalog" | \
jq --raw-output ".repositories[]")"
for repository in $repositories; do
echo "Repository: $repository"
# Get JWT token that grants pull access to the specific repository
token="$(curl --silent --request GET --user "${GITLAB_USERNAME}:${GITLAB_TOKEN}" \
"${GITLAB_ADDRESS}/jwt/auth?service=container_registry&scope=repository:{$repository}:pull" | \
jq --raw-output .token)"
if [ -n "$token" ] && [ "$token" != "null" ]; then
# Get tags
tags="$(curl --silent --header "Authorization: Bearer $token" \
"https://registry.awesomebeastie.eu/v2/${repository}/tags/list" | \
jq --raw-output .tags[])"
echo "Tagged:"
for tag in $tags; do
echo " - $tag"
done
echo
else
echo "Unable to retrieve the JWT token. Please verify your credentials and try again."
fi
done
else
echo "Unable to retrieve the JWT token. Please verify your credentials and try again."
fi
fi
ΠΠΊΡΠΏΠΎΡΡΠΈΡΡΠΉΡΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΠ΅ ΠΎΠ±ΠΎΠ»ΠΎΡΠΊΠΈ.
export GITLAB_USERNAME=milosz export GITLAB_TOKEN="glpat-qhP3QBpSMXLUysvserXY" export GITLAB_ADDRESS="https://gitlab.example.org" export GITLAB_REGISTRY_ADDRESS="https://registry.example.org"
ΠΡΠΏΠΎΠ»Π½ΠΈΡΠ΅ Π΅Π³ΠΎ.
$ inspect_registry.sh
Repository: containers/ansible Tagged: - 9.3.0 Repository: containers/hugo Tagged: - 0.122.0-r0 - latest Repository: containers/rust Tagged: - 1.76.0-alpine Repository: sandbox/alpine-cache-nexus Tagged: - utilities Repository: sandbox/alpine-cache Tagged: - basic - utilities
API GitLab ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅Ρ Π΄ΠΎΠΏΠΎΠ»Π½ΠΈΡΠ΅Π»ΡΠ½ΡΠ΅ ΠΏΠΎΠ΄ΡΠΎΠ±Π½ΠΎΡΡΠΈ, ΠΊΠΎΡΠΎΡΡΠ΅ ΠΌΡ ΡΠ°ΡΡΠΌΠΎΡΡΠΈΠΌ ΠΏΠΎΠ·ΠΆΠ΅.
ΡΠΌ. ΡΠ°ΠΊΠΆΠ΅:
π¦Β GitLab Π½Π°ΡΡΡΠΎΠΉΠΊΠ° 2FA Π΄Π»Ρ Π²ΡΠ΅Ρ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ
