π€ Problem
Currently the build from code functionality can only deal with public repos and public images. But a lot of users are asking for support for using private repos and publishing images that are private to the project.
π΄ Appetite
6 weeks
π― Solution
- Make another project in harbor that will be private with a fixed token. This will host the private images.
- Inject the tokens from git integrations into the pipelines for building images from code so that we handle private repos.
- Users mark on the session launcher that they want a private image when they create the launcher for building from code.
- When the launcher is marked as private it publishes the image in the private harbor project.
- When users launch sessions we check their access to the project - if they have access to the project then they can use the image. This also means that if the project is public there is no point in building a private image for it.
- The private images will not be accessible from outside of Renku - only in Renku sessions. This is a limitation we can live with for now. We donβt display the image name for private images.
- In the future (i.e. not in this build) we can expand to supporting image repos on github and gitlab. In this case the credentials will come from the integrations. And the build from code UI will have to ask for the integration and for a target image registry.
π User stories / journeys
π° Rabbit Holes
π Security Implications
- Image pull policy needs to be Always to prevent reusing private images