docker / login-action Goto Github PK
View Code? Open in Web Editor NEWGitHub Action to login against a Docker registry
Home Page: https://github.com/marketplace/actions/docker-login
License: Apache License 2.0
GitHub Action to login against a Docker registry
Home Page: https://github.com/marketplace/actions/docker-login
License: Apache License 2.0
After v.1.11.0 release our CI has started to fail when trying to log in to the ECR. Pinning action back to v.1.10.0 fixes the issue.
Logging in to the ECR should succeed.
An error with following logs:
Retrieving registries data through AWS SDK...
AWS Public ECR detected with us-east-1 region
Error: The security token included in the request is invalid.
name: Production deployment
on: [push]
jobs:
production-job:
name: Build and deploy the image
runs-on: self-hosted
container: docker
steps:
- name: Check out repository code
uses: actions/checkout@master
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-external-id: ${{ secrets.AWS_EXTERNAL_ID }}
role-duration-seconds: 1500
- name: Install the latest AWS CLI
run: |
apk add --no-cache python3 py3-pip
pip3 install --upgrade pip
pip3 install awscli
- name: Log in to Amazon public ECR
uses: docker/login-action@v1
with:
registry: public.ecr.aws
env:
AWS_REGION: us-east-1
Attached
Add docker/login-action to workflow, start the workflow
Expect successful login on Docker registry.
No idea on how to diagnose this early error.
Error : .github#L1
docker/login-action@v1 is not allowed to be used in <organization>/<repo>. Actions in this workflow must be: within a repository owned by <organization> or created by GitHub.
Private.
jobs:
go:
name: Build & Test Actions
runs-on: [self-hosted]
steps:
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Download the [log file of your build]
There is no log file
Is the CR_PAT
the GitHub Container Registry Personal Access Token? Can we update the docs to explain exactly what this is? I forget where you even generate that from.
The official AWS action for setting up credentials works very well for assuming roles. Ideally, this action should be compatible with it. We have been using https://github.com/aws-actions/amazon-ecr-login for logging in, but it is not compatible with your new https://github.com/docker/build-push-action.
Something like this would be very useful:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.DEFAULT_REGION }}
role-to-assume: ${{ secrets.ROLE_ARN }}
role-duration-seconds: 1200
role-session-name: GithubActions
- name: Login to Amazon ECR
uses: docker/login-action@v1
with:
registry: ${{ secrets.ECR_REGISTRY }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
...
What do you think? Is there a known workaround to accomplish this? Thanks in advance!
If used with short term AWS access tokens including a Session Token, the AWS ECR auth fails because the AWS integration interferes in the standard AWS credentials resolution process.
AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, and AWS_SESSION_TOKEN should be used to authenticate the request.
AWS_SESSION_TOKEN is omitted from the auth process because the code interferes with standard credentials resolution process.
Run aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::0123456789:role/abcded-role-name
role-session-name: github-actions
aws-region: us-east-1
Run docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: ***.dkr.ecr.us-east-1.amazonaws.com
username: AWS
logout: true
env:
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
AWS_SESSION_TOKEN: ***
JAVA_HOME: /opt/hostedtoolcache/Java_Adopt_jdk/17.0.1-12/x64
AWS ECR detected with us-east-1 region
Retrieving docker login command through AWS CLI 2.4.9 (/usr/local/bin/aws)...
Error: An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
name: Run build
on:
push:
branches:
- 'feature/**'
pull_request:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
api:
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::01234567890:role/github-automation
role-session-name: github-actions
aws-region: us-east-1
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: 01234567890.dkr.ecr.us-east-1.amazonaws.com
username: AWS
See above
windows-latest
docker/login-action@v1
action to login to an Amazon ECR Private repositoryAction should login with Amazon ECR Private.
Action fails with error: Unable to locate executable file: C:\Program. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also verify the file has a valid extension for an executable file.
Interestingly enough, using aws-actions/amazon-ecr-login
works.
name: App / Build and push
env:
# In GitHub, go to Settings -> Secrets and set:
# AWS_ACCESS_KEY_ID to your own AWS Access Key ID, eg `AKIAIOSFODNN7EXAMPLE`
# AWS_SECRET_ACCESS_KEY to your own AWS Secret Access Key, eg `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`
AWS_ECR_PRIVATE_ACCOUNT_ID: "355938773567"
AWS_ECR_PRIVATE_REGION: "us-east-1"
AWS_ECR_PRIVATE_REPO_NAME: "bug-docker-login-windows"
on:
push:
jobs:
windows:
name: Amazon ECR Private - Windows
runs-on: windows-latest
steps:
- name: Get the code
uses: actions/[email protected]
- name: Login to Amazon ECR Private - FAILS
continue-on-error: true
uses: docker/login-action@v1
with:
registry: ${{ env.AWS_ECR_PRIVATE_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_ECR_PRIVATE_REGION }}.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR - WORKS
uses: aws-actions/[email protected]
Hi, I am using a step after using docker/login-action@v1
called mamezou-tech/buildpacks-action@master
and as they use a Dockerfile to run the step the docker connection session is not persisted.
Is there a way to make it work? What could be done to have other "dockerized" steps to be able to benefit from the docker login action?
Thanks!
I am using self-hosted runners with an IAM role attached (with ECR permissions) and the login action fails.
uses: docker/login-action@v1
The login should use the EC2 instance credentials and login to ECR.
The login action fails
Error: An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
IMO the action should not attempt to overwrite the env vars for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in this case.
I can make it work using this manual run step:
- name: ECR login
run: |
aws ecr get-login-password | docker login --username AWS --password-stdin <aws-account-id>.dkr.ecr.<aws-region>.amazonaws.com
- name: ECR login
uses: docker/login-action@v1
with:
registry: <aws-account-id>.dkr.ecr.<aws-region>.amazonaws.com
Sorry private repo, I can't share the logs.
Run following workflow: (this is minimal I think)
jobs:
docker-windows:
runs-on: windows-latest
continue-on-error: true
steps:
- uses: actions/checkout@v2
- name: Login
uses: docker/login-action@v1
with:
username: ${{ github.repository_owner }}
password: ${{ secrets.DHUB_TOKEN }}
Login is performed. Whether it success or not.
Gives:
Error: Only supported on linux platform
https://github.com/nao20010128nao/ytdl-patched/blob/master/.github/workflows/build.yml
Please delete this
I'm expecting to be authenticated. I don't have any right result message because I haven't one yet.
I'm receiving this error message:
Run docker/login-action@v1
with:
username: ***
password: $***
logout: true
Logging into Docker Hub...
Error: Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
push-to-registry:
needs: build
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Login to Docker Hub
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: $${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: antonioparolisi/weather-vortex-station
- name: Build and push Docker image
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: true
tags: ${{ steps.meta.output.tags }}
labels: ${{ steps.meta.outputs.labels }}
Download the log file of your build
and attach it to this issue.
Coming from docker/build-push-action#53
Refs:
docker/build-push-action#53 (comment)
It seems that the warning message is hidden from the users, which is misleading as it provides a false feeling of security. As seen in docker/login-action@adb7347
/src/docker.ts#L36, on success stderr is not shown. The warning is precisely shown when the login is successful but insecure.
docker/build-push-action#53 (comment)
See eine/login-action@master
(commits) and eine/login-action/runs/1354438643?check_suite_focus=true#step:3:8.
Login is secure or security warnings are not hidden.
Login is reported not to be secure, but warnings are hidden.
When running workflow it errors at the login step, talking about a missing password.
I have created a PAT as described in #6
Should log in as expected
name: Deploy and run
on:
push:
branches: master
workflow_dispatch:
jobs:
Deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_REGISTRY_TOKEN }}
https://github.com/AlexJeffcott/amboss-cypress-demo/runs/1750353837?check_suite_focus=true#step:3:6
Hi,
I tried to build a multi-arch image in a workflow based on this article: https://github.com/docker/build-push-action#multi-platform-image
However, when I run it, I get the error:
Error: Must provide --username with --password-stdin
Please see the full build log here: https://github.com/admin-shell-io/aasx-server/pull/41/checks?check_run_id=1264107244
The GitHub Packages Docker registry will be superseded by GitHub Container Registry.
The package registry will never support multi-arch image manifests. The container registry (ghcr.io) does.
buildx
pushes multi-arch image manifests, even when using a single architecture. I don't think this can be turned off.
docker/build-push-action@v2
uses buildx
. Therefore, I don't think it is necessary to have an example for the package registry. Though a comment mentioning why might be nice. Possibly with a link to the migration guide
Permission denied while trying to connect to the Docker daemon socket
It should login to the Github with the same way as it does on the x86 runner.
Error: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
name: Build Docker Image
on:
# Trigger the workflow on push but only for the main branch
push:
branches:
- master
# Trigger manually
workflow_dispatch:
jobs:
build-amd64:
name: Build amd64 Docker image
needs: build-arm64
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'Armbian' }}
steps:
- uses: actions/checkout@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.CR_PAT }}
[logs_7652.zip](https://github.com/docker/login-action/files/7726883/logs_7652.zip)
Hello,
I'd like to further understand how docker/login-action
interacts with other docker
actions like docker/build-push
, and the VM in general. To keep it simple: is the purpose of this action to login the user on the runs-on
VM? Then, whatever actions require being logged in come after like build-push
?
This is my initial understanding, although finding the logout
parameter has me questioning that understanding. As far as I understand, having post: 'dist/index.js'
in action.yml
runs the logout
function in src/docker.ts
, which is really just the docker logout <registry>
shell command. This is ran, I think, once the main:
command finishes executing, and before the next job. But if that is correct, then the following would happen using login-action
with logout: true
, and then using build-push
:
That doesn't make sense, so I must be misunderstanding the sequence here. Do post
actions happen at a different time than I expect, or is it something else? Any clarification would be appreciated.
Output log:
Run docker/login-action@v1
with:
username: ***
password: ***
logout: true
Logging into Docker Hub...
Error: Unable to locate executable file: docker. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
log link: https://github.com/rundax/go-bitsong/runs/3341040866?check_suite_focus=true
config file: https://github.com/rundax/go-bitsong/blob/develop/.github/workflows/build.yml
I would like to run some curl commands towards the docker hub registry and was curious if this is possible with docker/login-action and if yes, how to do it.
doing this was not successful:
# list public repos
- name: list docker repositories (not authenticated)
run: curl https://hub.docker.com/v2/repositories/my_repo | jq -r -C .
- uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# list public and private repos
- name: list docker repositories (authenticated)
run: curl https://hub.docker.com/v2/repositories/my_repo | jq -r -C .
I'm a little confused about how this action's side-effects are persisted. I expected to see a $HOME/.docker/config.json
file but I'm not seeing it.
The problem I'm trying to solve is enabling experimental docker
CLI features in a subsequent step after using docker/login-action
. I'm trying:
DOCKER_CFG_PATH="${DOCKER_CONFIG:-$HOME/.docker}/config.json"
jq '. + {"experimental": "enabled"}' < "$DOCKER_CFG_PATH" | sponge "$DOCKER_CFG_PATH"
but $DOCKER_CFG_PATH
doesn't exist. When I try to create an empty config.json
and set the experimental flag on that I lose my docker login
session.
Any tips on enabling experimental docker
CLI features after using this action? Thanks!
tried everything ( did a non-fork public clone)
- name: Prepare
id: prep
super_secret: ${{ secrets.DOCKER_ORG }}
docker_user: ${{ secrets.DOCKER_USERNAME }}
docker_repo: ${{ secrets.DOCKER_REPO }}
docker_org: ${{ secrets.DOCKER_ORG }}
foolingia: ${{ secrets.DOCKER_USERNAME }}
run: |
echo "$FOOLONGIA" > /tmp/file
base64 -w0 /tmp/file
echo "supersec: $SUPER_SECRET"
#DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPOSITORY#*/}
DOCKER_IMAGE=${{ secrets.DOCKER_ORG }}/${{ secrets.DOCKER_REPO }}
VERSION=latest
SHORTREF=${GITHUB_SHA::8}
echo "$DOCKER_IMAGE"
echo base64
echo "$DOCKER_IMAGE"|base64 -w0
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
RESULT:
base64 -w0 /tmp/file
DOCKER_IMAGE=${DOCKER_ORG}/${DOCKER_REPO}
echo "supersec: $SUPER_SECRET"
#DOCKER_IMAGE=***/${GITHUB_REPOSITORY#*/}
VERSION=latest
SHORTREF=${GITHUB_SHA::8}
echo "$DOCKER_IMAGE"
echo base64
echo "$DOCKER_IMAGE"|base64 -w0
shell: /usr/bin/bash -e {0}
env:
super_secret: ***
docker_user: ***
docker_repo: ***
docker_org: ***
foolingia: ***
Cg==supersec:
/
base64
Lwo=
Run docker/login-action@v1
Error: Username and password required
in other repos it works ...
really annyoing ,maybe github issue itself , but about to switch away from sh*thub since microsoft crapped it up.. completely unusable mess since in gitlab you can at least switch off that secret replacing clowns-party for debugging ..
Fails to login to private registry
registry
parameter pointing to a private registry. ie: https://docker.seanesopenko.ca
Logs in to registry
Fails to log in, with a 403 forbidden error. Appends /v2
to the url, assuming all registries have routes for docker registry api versions. Example output in the github action console.
Run docker/login-action@v1
Logging into https://docker.seanesopenko.ca...
Error: Error response from daemon: login attempt to https://docker.seanesopenko.ca/v2/ failed with status: 403 Forbidden
name: Orchestration
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Extract branch name
# ref: https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: Set up Go
uses: actions/setup-go@v2
with:
[action_log.txt](https://github.com/docker/login-action/files/7271940/action_log.txt)
go-version: 1.16
- name: Go Build
run: go run mage.go build
- name: Go Test
run: go run mage.go test
# see https://github.com/marketplace/actions/build-and-push-docker-images
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to Docker
uses: docker/login-action@v1
with:
registry: https://docker.seanesopenko.ca
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push master image
if: github.ref == 'refs/heads/main'
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: docker.seanesopenko.ca/multiplayer-orchestration:latest
- name: Build and push pr image
if: github.ref != 'refs/heads/main'
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: docker.seanesopenko.ca/multiplayer-orchestration:${{ steps.extract_branch.outputs.branch }}
attached
I was previously (~10 days ago) able to log into the GitHub container registry with no issues. All of the sudden I am getting this error message when trying to log in:
๐ Logging into ghcr.io...
Error: Error response from daemon: Get https://ghcr.io/v2/: denied: denied
delete:packages
and write:packages
scopesCR_PAT
secret with the PATI expect to be able to log into the GitHub container registry with no errors. The expected output it:
๐ Logging into ghcr.io...
๐ Login Succeeded!
The relevant section in the workflow file:
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
Private repository with potentially sensitive information. If needed urgently, let me know and I will see what I can do.
Currently the ECR login method depends on isEcr which verifies an address. However, we would like to use a custom domain with ECR to simplify our Dockerfiles.
Action correctly logins to ECR despite custom address using loginECR
login-action does not login to ECR using loginECR
- name: Login to ECR
uses: docker/login-action@v1
with:
registry: custom.io
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
I think, it would be the best to add an optional flag isECR
to the configuration to allow use of ECR login despite custom domain usage.
Example: https://github.com/brianmay/scrooge/runs/2292983499
This is happening though in multiple projects.
No error. Should login to Docker. Credentials are (supplied using the designated secrets). This is not a forked repository. It was working. Not sure what has changed.
Error: Username and password required
Relevant step:
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
My GitHub Action looks like https://github.com/sclorg/s2i-base-container/blob/master/.github/workflows/build-and-push.yml
See error from action:
Run docker/login-action@v1
with:
registry: quay.io
ecr: auto
logout: true
Error: Username and password required
Storing secrets in the matrix does not work.
Login is working properly.
Tell us what should happen
Login does not work.
Tell us what happens instead
- name: Export GitHub secrets
run: |
if [ "${{ matrix.os_type }}" == "centos7" ]; then
username="${{ secrets.QUAY_IMAGE_BUILDER_USERNAME }}"
token="${{ secrets.QUAY_IMAGE_BUILDER_TOKEN }}"
else
username="${{ secrets.QUAY_IMAGE_SCLORG_BUILDER_USERNAME }}"
token="${{ secrets.QUAY_IMAGE_SCLORG_BUILDER_TOKEN }}"
fi
echo "QUAY_USERNAME=$username" >> GITHUB_ENV
echo "QUAY_ROBOT_TOKEN=$token" >> GITHUB_ENV
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Login to Quay.io
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ env.QUAY_USERNAME }}
password: ${{ env.QUAY_ROBOT_TOKEN }}
Download the log file of your build
and attach it to this issue.
When my action login into my GitHub Container Registry, the login fails with following error:
The login should be successful.
Errors with code 1
name: Deploy addons
on:
push:
branches:
- master
jobs:
build-image:
name: Build changed addons
runs-on: ubuntu-latest
...
steps:
...
- name: Docker Login
if: steps.files-check.outputs.changed == 'true'
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
...
We are generating one-time login AWS tokens in our Actions workflow.
Theoretically, we don't need aws_access_key_id and aws_secret_access_key. We need only aws_session_token to login into ECR because it has all needed for AWS information.
In practice:
aws_session_token
as passworddocker/login-action
in password
param, set registry
param to be ecr url.Docker gets logged into ECR.
Error: Input required and not supplied: username
# ...
# Previously we've generated AWS_SESSION_TOKEN using 3rd party tool (Okta)
- name: Extract AWS session token by profile name
id: get_aws_credentials
run: |
AWS_SESSION_TOKEN=`python -c 'from boto3 import Session; print(Session().get_credentials().get_frozen_credentials().token)'`
echo "::add-mask::$AWS_SESSION_TOKEN"
echo "::set-output name=token::$AWS_SESSION_TOKEN
- name: Login into ECR
uses: docker/[email protected]
with:
registry: ${{ steps.get_ecr_url.outputs.ecr_url }}
password: ${{ steps.get_aws_credentials.outputs.token }}
# ...
echo ${GITHUB_TOKEN} | docker login docker.pkg.github.com -u ${GITHUB_ACTOR} --password-stdin
login-action
github actionA successful docker-login persists the login information so later docker-compose
works succesfully
Docker login happened successfully however the next step in the pipeline docker-compose up -d
fails to execute with no basic auth credentials
.
# This file was automatically generated by sbt-github-actions using the
# githubWorkflowGenerate task. You should add and commit this file to
# your git repository. It goes without saying that you shouldn't edit
# this file by hand! Instead, if you wish to make changes, you should
# change your sbt build configuration to revise the workflow description
# to meet your needs, then regenerate this file.
name: Continuous Integration
on:
pull_request:
branches: ['**']
push:
branches: ['**']
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
build:
name: Build and Test
strategy:
matrix:
os: [ubuntu-latest]
scala: [2.12.11, 2.13.4]
java: [[email protected]]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout current branch (full)
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Java and Scala
uses: olafurpg/setup-scala@v12
with:
java-version: ${{ matrix.java }}
- name: Cache sbt
uses: actions/cache@v2
with:
path: |
~/.sbt
~/.ivy2/cache
~/.coursier/cache/v1
~/.cache/coursier/v1
~/AppData/Local/Coursier/Cache/v1
~/Library/Caches/Coursier/v1
key: ${{ runner.os }}-sbt-cache-v2-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: Check that workflows are up to date
run: sbt ++${{ matrix.scala }} githubWorkflowCheck
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Launch Nakadi
run: docker-compose up -d
- name: Build project
run: sbt ++${{ matrix.scala }} clean coverage test
- name: Upload coverage data to Coveralls
env:
COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COVERALLS_FLAG_NAME: Scala ${{ matrix.scala }}
run: sbt ++${{ matrix.scala }} coverageReport coverageAggregate coveralls
- name: Shut down Nakadi
run: docker-compose down
Is it because of the multifactor authentication?
successfully login to docker hub && push image to docker hub
from log:
Run docker/[email protected]
with:
username: ***
password: ***
logout: true
๐ Logging into Docker Hub...
Error: unknown flag: --password-stdin
name: Manual workflow
on: push
jobs:
build_image:
runs-on: self-hosted
steps:
- uses: actions/checkout@v2
- name: build Docker image
env:
REGISTRY_USER_NAME: ${{ secrets.REGISTRY_USER_NAME }}
REGISTRY_USER_PSW: ${{ secrets.REGISTRY_USER_PSW }}
run: |
ls -la && \
docker build -t docker.io/ticteam/feedback .
- name: Docker Login
uses: docker/[email protected]
with:
# Username used to log against the Docker registry
username: ${{ secrets.REGISTRY_USER_NAME }}
# Password or personal access token used to log against the Docker registry
password: ${{ secrets.REGISTRY_USER_PSW }}
- name: push image to DockerHub
run: |
docker push docker.io/ticteam/feedback
Can I assume that after I auth successfully here that the next run command takes that auth context? For example:
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCR_JSON_KEY }}
- run: docker push gcr.io/${{ secrets.GCP_PROJECT_ID }}/we-do-tdd:latest
I ask because I keep getting this error and I know I'm using a key with Cloud Storage Admin rights and I can't figure out why it keeps rejecting me still if I've authed with that key:
Login
Error: Unable to locate executable file: docker. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
name: Staging
on:
push:
branches:
- "development"
- "develop"
- "devel"
jobs:
build:
runs-on: ubuntu-latest
# runs all of the steps inside the specified container rather than on the VM host.
# Because of this the network configuration changes from host based network to a container network.
container:
image: node:10.16-jessie
steps:
- name: Check Out Repo
uses: actions/checkout@main
- name: Login to Docker Hub
uses: docker/login-action@master
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Build and push AUTH
id: docker_build_auth
uses: docker/build-push-action@v2
with:
context: ./
file: .docker/Dockerfile
push: true
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/auth-s:latest
build-args: |
PROJECT_ENV=staging
SERVICE_NAME=AUTH
- name: Image digest
run: echo ${{ steps.docker_build_auth.outputs.digest }}
- name: Build and push PRODUCT
id: docker_build_product
uses: docker/build-push-action@v2
with:
context: ./
file: .docker/Dockerfile
push: true
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/product-s:latest
build-args: |
PROJECT_ENV=staging
SERVICE_NAME=PRODUCT
- name: Image digest
run: echo ${{ steps.docker_build_product.outputs.digest }}
- name: ZIP
uses: papeloto/action-zip@master
with:
files: "README.md docker-compose.yml"
dest: staging/latest.zip
recursive: false
- name: Upload S3
uses: shallwefootball/s3-upload-action@master
id: S3
with:
aws_key_id: ${{ secrets.AWS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_KEY}}
aws_bucket: ${{ secrets.AWS_BUCKET }}
source_dir: staging
destination_dir: ${{ github.event.repository.name }}/staging
Login to AWS ECR doesn't work if action is running behind http(s) proxy.
http_proxy
and https_proxy
to correct proxy serverAWS ECR auth token should be retrieved with AWS SDK.
##[debug]Save intra-action state isPost = true
::save-state name=registry::***.dkr.ecr.us-west-2.amazonaws.com
##[debug]Save intra-action state registry = ***.dkr.ecr.us-west-2.amazonaws.com
::save-state name=logout::true
##[debug]Save intra-action state logout = true
Retrieving registries data through AWS SDK...
##[debug]Requesting AWS ECR auth token for ***
AWS ECR detected with us-west-2 region
Error: connect ETIMEDOUT 52.119.173.252:443
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Login to AWS ECR
- name: Configure AWS Credentials
if: github.event_name != 'pull_request'
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Login to AWS ECR
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ${{ env.ECR_REPO }}
Logging into a registry in a different AWS account doesn't work when using CLI v1, with the get-login
command.
docker/login-action
with credentials from ACCOUNT A and try to push/pull an image from ACCOUNT BShould work fine
Access denied
name: Main Workflow
on:
push:
branches:
- master
jobs:
build:
name: Build & push image
runs-on: ubuntu-18.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Login to ECR
uses: docker/login-action@v1
with:
registry: 085895507678.dkr.ecr.us-west-2.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Build and push
uses: docker/build-push-action@v2
with:
push: true
tags: 085895507678.dkr.ecr.us-west-2.amazonaws.com/docker-login-test:latest
See build link.
Not sure if more or less secure that uploading user/pass to github?
Run docker/login-action@v1
Error: Username and password required
It should at least log in. I assume that the token I created should be added to the secrets (will try that in a moment)
Also project wide settings should not depend on personal tokens. IMO it's a an obviously bad design. The token is personal, the user might accidentally delete it, leave the projects etc. Either it should dynamically identify as committing user, or it should identify as the pipeline. It should not require the project to contain personal tokens in shared configs.
Isn't this the same as behaviour?
The part that fails:
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
Download the log file of your build and attach it to this issue.
Currently, I need to login to three registries, which makes it very verbose to use this Action:
- name: Login to ghcr.io
uses: docker/login-action@v1
with:
registry: ghcr.io
username: gha
password: ${{ github.token }}
- name: Login to docker.io
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCR_JSON_KEY }}
It would be nice if providing a list of targets was supported. For instance:
- name: Login to container registries
uses: docker/login-action@v2
with:
targets:
- 'ghcr.io|gha|${{ github.token }}'
- 'docker.io|${{ secrets.DOCKER_USERNAME }}|${{ secrets.DOCKER_PASSWORD }}'
- 'gcr.io|_json_key|${{ secrets.GCR_JSON_KEY }}'
This is not a bug repport but maybe more a documentation request so please feel free to close it if there is a better place to raise this. And because I'm far to be an expert, I maybe totally wrong!
The public AWS repository (public.ecr.aws) needs almost the same login process as the private ECR but there is a huge difference in the registry URL which make it not compatible with this action
aws ecr-public get-login-password --region {region} | docker login --username AWS --password-stdin public.ecr.aws/{user_registry_name}
there are 2 problems with the public registry url:
amazonaws
in the registery name, so:Lines 5 to 7 in 12fd633
isn't triggered
region
in the registry url, so:Lines 9 to 11 in 12fd633
won't work as well.
I see a blocker for a region, but this could be resolved if the user uses the Configure AWS Credentials action
Edit:
well there is a third point
ecr-public
not ecr
๐คฆIt breaks with error:
Run f054a8b
with:
username: correctUsername
logout: true
env:
DOCKERHUB_PASS:
DOCKERHUB_USER: ozone2021
Error: Username and password required
The secret for password exists I think. It's added as an environment secret. Should it be asterisks if it exists?
I'm using this example to authenticate with docker hub, however the build fails with the error. What am I missing?
Secrets are set. Both username, password and a PAT - nothing fixes it
Run docker/login-action@v1
with:
logout: true
Error: Username and password required
Configuration
name: Publish Docker image
on:
push:
tags:
- v*
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v2
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
logout: true
- name: Push to Docker Hub
uses: docker/build-push-action@v2
with:
push: true
tags: <removed>:latest
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
It should login to AWS Elastic Container Registry
The executable aws
is missing.
name: Publish Docker Image
on:
push:
tags:
- 'v*'
jobs:
push_to_registry:
name: Push Docker image to GitHub Packages
runs-on: [***]
steps:
- uses: actions/checkout@v2
with:
token: ${{ secrets.PERSONAL_GITHUB_TOKEN }}
fetch-depth: 0
- uses: crazy-max/ghaction-docker-meta@v1
id: docker_meta
with:
images: ghcr.io/***,***.dkr.ecr.***.amazonaws.com/***
tag-semver: |
{{version}}
{{major}}.{{minor}}
- uses: docker/setup-qemu-action@v1
- uses: docker/setup-buildx-action@v1
- uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.PERSONAL_GITHUB_TOKEN }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ***
- uses: docker/login-action@v1
with:
registry: ***.dkr.ecr.***.amazonaws.com
- uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Push to GitHub Packages
uses: docker/build-push-action@v2
with:
file: ./Dockerfile
build-args: |
token=${{ secrets.PERSONAL_GITHUB_TOKEN }}
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
Hi, it would be nice to add support for registries served only over http instead of https. Right now it gives this error:
Error response from daemon: Get https://***/v2/: http: server gave HTTP response to HTTPS client
Opening new issue to keep track of the implementation because original issue was closed #72
Right now we're using this action to login to IBM Cloud Container Registry in different regions:
- name: Login to IBM Cloud Container Registry US
uses: docker/login-action@v1
with:
registry: us.icr.io
username: ${{ env.ICR_USERNAME }}
password: ${{ env.ICR_PASSWORD }}
- name: Login to IBM Cloud Container Registry UK
uses: docker/login-action@v1
with:
registry: uk.icr.io
username: ${{ env.ICR_USERNAME }}
password: ${{ env.ICR_PASSWORD }}
Credentials are the same for all regions, it's just the address of the registry that differs.
Could we possibly support something like this?
- name: Login to IBM Cloud Container Registry ALL
uses: docker/login-action@v1
with:
registry: |
us.icr.io
uk.icr.io
de.icr.io
au.icr.io
jp.icr.io
username: ${{ env.ICR_USERNAME }}
password: ${{ env.ICR_PASSWORD }}
I was wondering about the warning that the docker CLI gives when logging in:
WARNING! Your password will be stored unencrypted in /home/runner/.docker/config.json
How does the action handle it ?
Does the action do the exact same thing as the CLI and just basically masks the warning or does it do the login another way ?
I am receiving Error response from daemon: Get https://public.ecr.aws/v2/: denied: Not Authorized
while using Login to ECR action in my workflow. I am able to run aws ecr-public get-login-password --region us-east-1 | docker login -u AWS --password-stdin public.ecr.aws
in my local machine. Would you be able to confirm if it's a bug? I could not find ecr publish test in this repo so not sure if login to ecr actions has any issues or not.
Workflow error: https://github.com/bhautikpip/aws-xray-daemon/runs/1554928752?check_suite_focus=true
Workflow code: https://github.com/bhautikpip/aws-xray-daemon/blob/daemon-ecr-publish/.github/workflows/continuous-build.yml
Login into DockerHub.
The system throws an error: "Error: Username and password required".
name: Docker Publish
on:
push:
branches:
- master
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Login to DockerHub
id: login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
docker/login-action@v1
docker
image based containerTrying to pull the private image from within a docker
image based container should work the same as executing docker pull ghcr.io/twiddler/my-alpine:3.13
on the host.
Error response from daemon: Head "https://ghcr.io/v2/twiddler/alpine/manifests/3.13": denied
Interestingly, the equivalent also fails on my local machine:
$ docker login ghcr.io
...
$ docker run -v /var/run/docker.sock:/var/run/docker.sock docker pull ghcr.io/twiddler/my-alpine:3.13
Error response from daemon: Head "https://ghcr.io/v2/twiddler/my-alpine/manifests/3.13": unauthorized
while
$ docker login ghcr.io
...
$ docker pull ghcr.io/twiddler/my-alpine:3.13
works as expected.
After reading #32 and #34, I came up with this test.yml
:
on:
push:
jobs:
dind:
runs-on: ubuntu-latest
env:
DOCKER_CONFIG: $HOME/.docker
steps:
- uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker://docker
with:
entrypoint: docker
args: pull "ghcr.io/twiddler/my-alpine:3.13"
Hi there,
I'm trying to setup something for an open-source library hosted on my company space. I am getting an error though when my action runs at the login step, talking about a missing password.
Login to GitHub Package Registry
0s
logout: true
Run docker/login-action@v1
with:
registry: ghcr.io
username: machinezone
logout: true
##[error]Input required and not supplied: password
I used this, hoping that the secret would be populated, following this blog post.
name: Login to GitHub Package Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_TOKEN }}
The full yaml for the github action is here.
Any clue on what might be going on ?
Should I report that on the github login action instead maybe ... ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.