No docs (or any support?) for GCP Artifact Registry

[nick-youngblut]

Which Document page:

The containers-from-other-registries docs does not includes AWS and Azure, but not GCP (Artifact Registry). Does apptainer support GCP Artifact Registry? If yes, it would be helpful to have some docs on how to use GCP AR. Simply using the standard Docker approach of authentication with GCP AR results in a permissions error when pulling a private image:

FATAL:   While making image from oci registry: error fetching image to cache: failed to get checksum for docker://...: Requesting bearer token: invalid status code from registry 403 (Forbidden)

[DrDaveD]

This is the first I have heard of it. If you figure out how to use it, please submit a documentation PR.

[DrDaveD]

I would guess that it might suport the oras:// protocol, maybe try that.

[nick-youngblut]

It appears that no one builds images with apptainer from GCP Artifact Registry, given that I'm still the only one to post this issue.

I was hoping that the following would work:

export SINGULARITY_DOCKER_AUTH="Bearer `gcloud auth print-access-token`"
apptainer build ${IMG_NAME}.sif docker://${REGION}-docker.pkg.dev/${PROJECT}/${IMG_NAME}/${IMG_NAME}:${IMG_VERSION}

...but it does not:

INFO:    Starting build...
FATAL:   While performing build: conveyor failed to get: while converting reference: Requesting bearer token: invalid status code from registry 403 (Forbidden)

[DrDaveD]

What happens if you replace docker:// with oras://?

[nick-youngblut]

What happens if you replace docker:// with oras://?

Sadly, that didn't work either. For now, we are just going to use GitHub Container Registry with Apptainer and/or Conda.

[DrDaveD]

Ok, on https://cloud.google.com/artifact-registry/docs they only mention the docker API and what looks to be their own custom API. So docker:// should work, but apparently there is some difference between their implementation and dockerhub's implementation that is confusing apptainer. Did you try the apptainer registry command (new to 1.3.x series) to login first?

[nick-youngblut]

Thanks for looking into this issue. I did try using apptainer registry, but that didn't help.

[DrDaveD]

I just looked back at the posting where you said you were trying SINGULARITY_DOCKER_AUTH but that is not a variable recognized by Apptainer. If it were, it would print a message recommending to set APPTAINER_DOCKER_AUTH instead or in addition. The recognized variables are APPTAINER_DOCKER_USERNAME and APPTAINER_DOCKER_PASSWORD. I would guess you could pass the token in APPTAINER_DOCKER_PASSWORD.