I’m working with docker containers which are running in Jenkins CI pipelines.
Usually within this pipeline Jenkins/ruleset2.0.yaml starts docker command:

generate-report:
    - task: generate-report
      docker-image: gen-rep-image
      docker-in-docker: socket
      cmd: gen_report
       --image ${image-to-test}
       --report-dir {reports}

This is works fine – we have access to repository where ${image-to-test} is located due to ~/docker/config.json

Now I try another script where such report generation is called in next way:

   big-generate-report:
    - task: big-generate-report
      docker-image: big-gen-rep-img
      docker-in-docker: socket
      cmd: big_gen_report
           --user ${env.USER}
       --password ${env.PASSWORD}
       --image ${image-to-test}
       --output-dir {big_reports}
       --dockerconfig-dir /home/ciuser/.docker/

big_gen_report is python script which calls previous script gen-rep-image by container run:

import docker
client = docker.from_env()
client.login(username=${env.USER},
             password=${env.PASSWORD},
         registry=repo_of_image_to_test)
volumes_dict[f'{dockerconfig_dir}:{dockerconfig_dir}', f'{cwd}:{cwd}',
             '/var/run/docker.sock:/var/run/docker.sock']
cwd = os.getcwd()
usergroup = f'{os.geteuid()}'
client.containers.run(
    image=gen-rep-img,
    command='gen_report --image ${image-to-test} --report-dir {reports}',
    remove=True,
    user=usergroup,
    volumes=volumes_dict,
    init=True,
    working_dir=f'{cwd}',
    detach=False) 

But here I receive faulty exit code due to the reason that user anonymous tries to access to ${image-to-test}.
Seems that we have lost CI user within that chain.
Tried different options how I can transfer that CI username to inner container but without success.
Maybe you can advise me.

I have tried:
1)
client.login(username=${env.USER},
             password=${env.PASSWORD},
         registry=repo_of_image_to_test)
2) Updates in volumes_dict
3) Updates in docker configuration