scripts: Add missing env vars to enable anon auth when push=false

This commit adds two missing environment variables that allow for anonymous authentication to remote registries when pushing build results is disabled. Pulls and remote digest checks are read-only operations that do not require credentials, however however, if credentials are not set during a non-push build, some steps may return an error that looks like this: ``` sha256:0e59c8168a48aa9ed0573be2d38d40a95e1b1635877d6e3dd56dfd33e3597e56 pulling image moby/buildkit:buildx-stable-1 done ERROR: error getting credentials - err: exit status 1, out: `ANY_REGISTRY_USERNAME is not set` ``` The above example was triggered while building the `image-maker` image in the call to `docker buildx build`. This bug prevents PRs from forks from running the "Build all images" workflow to test their changes, making it more difficult for members of the community who don't have write access to this repository to open PRs. Signed-off-by: Ryan Drew <[email protected]>
cilium · Jun 27, 2024 · 2577810 · 2577810
1 parent b737762
commit 2577810
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/scripts/build-image.sh b/scripts/build-image.sh
@@ -37,6 +37,11 @@ do_build="${FORCE:-false}"
 do_push="${PUSH:-false}"
 output="type=image,push=${do_push}"
 
+if [ "${do_push}" == "false" ]; then
+  export DOCKER_HUB_PUBLIC_ACCESS_ONLY=true
+  export QUAY_PUBLIC_ACCESS_ONLY=true
+fi
+
 do_export="${EXPORT:-false}"
 
 if [ "${with_root_context}" = "false" ] ; then