How do I pull a private image using singularity?

In order to pull and run an image from a private registry (such as your Analysis’ GitLab registry), you need to set two environment variables:

export SINGULARITY_DOCKER_USERNAME=XXXX
export SINGULARITY_DOCKER_PASSWORD=YYYY
singularity exec docker://gitlab-registry.cern.ch/<your-project>/<your-image>:<your-tag> bash

People should should be very careful with this: if you ever put code that sets these variables in a public repo you’ve just shared your password with everyone. If you must use a password in a script, you should set it via a gitlab environment variable.

It’s also worth considering that having any passwords / credentials also another layer of complexity to sharing code. For example, if someone clones your repository which sets these variables, they also have to go in and set their own passwords. On its own this isn’t catastrophic, but it’s one more convoluted step just to get some code to compile.

So please, consider whether you need to make your code private in the first place. The entire Athena repository is public, and unless you’ve done something silly like hardcode your signal significance into the reposotory (which makes no sense anyway) there’s no sensitive ATLAS data to leak in code.

1 Like