aliyun / acr-login Goto Github PK

Hi，I use the following config to login ACR:

 - name: Login to ACR with the AccessKey pair
    uses: aliyun/acr-login@v1
    with:
      region-id: "cn-hangzhou"
      access-key-id: "${{ secrets.ACK_ACCESS_KEY_ID }}"
      access-key-secret: "${{ secrets.ACK_ACCESS_KEY_SECRET }}"

It returns the following error:

Is there something I missed?

In my test, when successfully logging to ACR, it will print the information as below:

I also went through the code and found out the information below indicates successful login.

Run aliyun/acr-login@v1
  with:
    login-server: https://kubevela-registry.cn-hangzhou.cr.aliyuncs.com
    username: ***
    password: ***
    region-id: cn-hangzhou
  env:
    BUCKET: ***
    ENDPOINT: ***
    ACCESS_KEY: ***
    ACCESS_KEY_SECRET: ***
    ARTIFACT_HUB_REPOSITORY_ID: ***

DOCKER_CONFIG environment variable is set

How about we appending some similar information as below?

...

Successfully login to ACR.

Run denverdino/acr-login@v10s
}
Run denverdino/acr-login@v1
with:
login-server: registry.cn-hangzhou.aliyuncs.com
region-id: cn-hangzhou
access-key-id:
access-key-secret:
internal/modules/cjs/loader.js:800
throw err;
^

Error: Cannot find module '@actions/core'
Require stack:

• /home/runner/work/_actions/denverdino/acr-login/v1/lib/login.js
  at Function.Module._resolveFilename (internal/modules/cjs/loader.js:797:15)
  at Function.Module._load (internal/modules/cjs/loader.js:690:27)
  at Module.require (internal/modules/cjs/loader.js:852:19)
  at require (internal/modules/cjs/helpers.js:74:18)
  at Object. (/home/runner/work/_actions/denverdino/acr-login/v1/lib/login.js:21:27)
  at Module._compile (internal/modules/cjs/loader.js:959:30)
  at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
  at Module.load (internal/modules/cjs/loader.js:815:32)
  at Function.Module._load (internal/modules/cjs/loader.js:727:14)
  at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/home/runner/work/_actions/denverdino/acr-login/v1/lib/login.js' ]
  }

Why change the tag from v1 to V1, which will cause all the existing jobs to fail?

I have noticed that PR #17 has been merged just now.

Could you please release a new version or create a new tag?

i follow the readme example, set USER_NAME and PASSWORD，github action login success but push fails
below is github action config file:

- name: Check out the repo
   uses: actions/checkout@v2

- name: Login to ACR
  uses: aliyun/acr-login@v1
  with:
    login-server: https://registry.cn-beijing.aliyuncs.com
    region-id: cn-beijing
    username: "${{ secrets.USERNAME }}"
    password: "${{ secrets.PASSWORD }}"

- name: Build and push image
  env:
    IMAGE_TAG: latest
  run: |
    docker build -t registry.cn-beijing.aliyuncs.com/tmoe/resume_web:$IMAGE_TAG .
    docker push registry.cn-beijing.aliyuncs.com/tmoe/resume_web:$IMAGE_TAG

below is action fail screenshot:

I try to exec docker push registry.cn-beijing.aliyuncs.com/tmoe/resume_web:$IMAGE_TAG on my local machine, and it works, but github action can not work. before use acr, i push to dockerhub, it works too.

My account has permission 'AliyunContainerRegistryFullAccess'
I can use my access key to configure and access CR using the Aliyun CLI
I had double check the access key and access secret and tried two different pair but still invalid.
Thanks!

When I use accesskey as the authentication method, the login is successful, but this error is reported

I was experimenting with aliyun command line client against cr Personal Edition. It seems the aliyun cr GetAuthorizationToken command only supports 2016-06-07 API for now

Invoking aliyun --access-key-id "$ak" --access-key-secret "$sk" --region cn-beijing cr GetAuthorizationToken will fail with the following error, with http status code being 404 (req id: 77C730C7-CE62-51FD-AC39-2658DCF9EE05). The aksk was for a RAM user with AdministratorAccess role policy.

Same command but with access key created from "AccessKey Management" works just fine.

My end goal is to use aksk from a RAM user with only permission to access specified repo. Aksk from "AccessKey Management" does not pertain to the least permission security practice.