Gitlab-runner local build - login from non TTY device

I'm trying to build my project locally using gitlab-runner on Linux.

docker-build:
  stage: build
  image: docker:latest
  script:
    - docker login -u "gitlab-ci-token" -p "$CI_JOB_TOKEN" $CI_REGISTRY # user "gitlab-ci-token" is automatically created by GitLab
    - docker build -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME" target/
    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"

Unfortunately my attempts end with error about "docker login" not being able to perform interactive login from non-TTY device.

$ gitlab-ci-multi-runner exec docker --docker-privileged docker-build
Running with gitlab-ci-multi-runner 1.11.1 (a67a225)
  on  ()
Using Docker executor with image docker:latest ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Waiting for services to be up and running...
Pulling docker image docker:latest ...
Running on runner--project-1-concurrent-0 via vanqyard...
Cloning repository...
Cloning into '/builds/project-1'...
done.
Checking out 70187b2d as docker-basic-conf...
Skipping Git submodules setup
Checking cache for docker-build/docker-basic-conf...
Successfully extracted cache
$ docker login -u "gitlab-ci-token" -p "$CI_JOB_TOKEN" $CI_REGISTRY
Error: Cannot perform an interactive login from a non TTY device
ERROR: Job failed: exit code 1
FATAL: exit code 1 

                            

My question is has anybody stumbled upon this issue and how to succesfunlly perform build?

Probably not linked to the problem here, but some people might encounter the exact same message when trying a docker login from a Linux like terminal on Windows such as Git bash or Docker quickstart terminal or even Cygwin.

The trick here is to use winpty docker login

Most likely you did not specify the variables $CI_JOB_TOKEN and $CI_REGISTRY for the project you are working on. Note that variables are not shared and are only set per project!

That's also why you encounter the error message

> "flag needs an argument: 'p' in -p"

when you try to do the docker login without the quotes, which is the right way because otherwise $CI_JOB_TOKEN is not recognized as a variable, but it is simply a string consisting of two quotes, a dollar sign and the sequence of chars "CI_JOB_TOKEN".

Assuming your variables are not set and you try to execute the command

docker login -u "gitlab-ci-token" -p $CI_JOB_TOKEN $CI_REGISTRY

the variables are evaluated and your command essentially looks like that:

docker login -u "gitlab-ci-token" -p

The -p flag is not followed by a password and for that reason docker tries to initialize an interactive login.

You can verify this by trying to output your variables when you include the command echo $CI_JOB_TOKEN in your .gitlab-ci.yml

I had the same issue, but for a different cause than those already listed in here.

This is my gitlab-ci command:

docker login "${AZURE_ACR_URL}" -u "${AZURE_ACR_ACCOUNT}" -p "${AZURE_ACR_PASSWORD}"

My pipeline was running fine on the master branch, but not on other branches. Why? Because I defined the AZURE_ACR_PASSWORD variable via the settings/ci_cd feature, with the "protected" flag. After reading what this protected flag means I understood why my AZURE_ACR_PASSWORD variable could not be seen in the command:

> This variable will be passed only to pipelines running on protected > branches and tags

Error: Cannot perform an interactive login from a non TTY device is your typical red herring message. You have to look beyond the message, or rather, before. It wants to use interactive login as a fallback solution, because the previous login failed. Just like in Unix when your ssh2 auth attempt is rejected. It then prompts for username/password. Except that for emulation of Unix terminals it may fail.

The general answer to this is: Review each of your parameters, in your command line, and make sure it is what you think it is. A trick is to precede your overall command line with echo, so as to resolve all variables...

Reading how protected variables are working solved it for me. I need to perform this action inside a protected branch since I also protected my variables.

If you are not using a protected branch better remove protected variables and try again.

For those who are trying to ssh to a remote host for deploying a docker image via gitlab-ci:

Some variables like $CI_DEPLOY_USER $CI_DEPLOY_PASSWORD CI_JOB_TOKEN and others are not been sent through ssh to the remote server because they are not shared vars.

You need to create a deploy token via config >> repository >> deploy token. This applies for your group or for a specific project.

Then create 2 variables on the project or group via configs >> ci /cd >> variables. The names could be MASTER_DEPLOY_USER and MASTER_DEPLOY_TOKEN

Then you could login like following

deploy-development:
  stage: deploy-development
  image: kroniak/ssh-client
  only:
    - my_development_branch
  before_script:
    - eval $(ssh-agent -s)
    - echo "$YOUR_SERVER_SSH_PRIV_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
  script:
    - ssh-keygen -R $YOUR_REMOTE_HOST || true
    # login to docker on auth machine with deploy credentials
    - >
      ssh root@${YOUR_REMOTE_HOST}
      "docker login -u $MASTER_DEPLOY_USER -p $MASTER_DEPLOY_TOKEN $CI_REGISTRY"

Make sure you define also the other needed variables like YOUR_REMOTE_HOST and YOUR_SERVER_SSH_PRIV_KEY.

If you only need to log into one registry, you can get the token (from looking at .docker/config.json after a console login or sometimes via the registry itself in the case of Artifactory). Then just echo the results to .docker/config.json

echo '{ "auths": { "https://awesome_docker_repsitory.com": { "auth": "c4ajLWdpqGxhYi3xYsQ6qVa4aUefY0xbd1t6dtc4YnQ3y2DYTDoOWONx", "email": "[email protected]" } } }' > ~/.docker/config.json"

This performs the same action as the docker login (if you don't have a docker credential helper that is).

For those that are using variables that are set in settings of GitLab CI/CD, unmark the options protected and masked. Optionally simply unmarking protected works fine without masked unchecked as well.

This will figure out the docker login problem.

Although I didn't get this error for git-lab, I got it while pulling a different image.

The issue was with using git bash on Windows. Switch to PowerShell prompt and then try the following:

docker login

Below worked for me for Docker 1.13 ( Rhel-7.8 ):

1. Create a file with your password / ECR key
2. use command docker login --username AWS -p 'cat /data/user/ecr/key' registry-url.amazonaws.com

Note: In step 2 please replace ' with ` while using the command

if your here because your getting the error in git hubs workflows (actions). the easiest way to login is the docker login-action step: https://github.com/marketplace/actions/docker-login#github-packages-docker-registry

-   name: Login to GitHub Packages Docker Registry
    uses: docker/login-action@v1
    with:
      registry: docker.pkg.github.com
      username: ${{ github.repository_owner }}
      password: ${{ secrets.GITHUB_TOKEN }}

or for windows build agents:

-   name: Login
    shell: pwsh
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    run: echo $env:GITHUB_TOKEN | docker login https://docker.pkg.github.com -u ${env:GITHUB_ACTOR} --password-stdin

Try this. docker login -u Username -p Password

It worked for me.