I am working with a setup that uses multiple blocks in a single docker-compose.yml file. Some are public ones, and some are private ones.
If I balena push to a fleet there is no issue: the build succeeds and all blocks get deployed fine. However, if I try to push to a machine in local mode, I get one of two outcomes:
By default, the push fails with:
Some services failed to build:
<service-name>: (HTTP code 404) unexpected - pull access denied for bh.cr/<myorg>/<private-block>, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
which is not surprising because the block is private.
However, when I then set up a registry-secrets.yml following the documentation, and pass it along with the --registry-secrets argument, I now get:
Some services failed to build:
foxglove-studio: (HTTP code 500) server error - Get "https://registry-proxy.balena-cloud.com/v2/sgvandijk/foxglove-studio-amd64/manifests/1.72.0": unauthorized: authentication required
where the error is about this public block. There is no issue with the private one any more in this case.
It seems that logging into bh.cr with the provided secrets causes public blocks to become unavailable. Is there a way to get this working? Or if this is a bug, what would be the best place to file this issue?