amazon-ecr-login icon indicating copy to clipboard operation
amazon-ecr-login copied to clipboard

Published 20 hours ago verified publisher icon aws-actions

no basic auth credentials

Open XI2171-sumitkadian opened this issue 2 years ago • 11 comments

Some time when pipeline fails with the below error: no basic auth credentials, it does not happens regularly but in every 10-15 days this issue is occurring.

Pipeline steps:

  - name: Configure AWS Credentials
    uses: aws-actions/configure-aws-credentials@v1
    with:
     aws-region: ${{env.REGION}}
     role-to-assume: ${{env.ASSUME_ROLE}}
     role-duration-seconds: 1200
     role-skip-session-tagging: true
          

  - name: Login to Amazon ECR 
    id: login-ecr
    uses: aws-actions/amazon-ecr-login@v1
    
  - name: Build, tag, and push image to Amazon ECR
    env:          
      ECR_URL: ${{ steps.login-ecr.outputs.registry }}
    run: |
      docker build -t $ECR_URL/$ECR_REPO:$IMAGE_TAG .
      docker push $ECR_URL/$ECR_REPO:$IMAGE_TAG

XI2171-sumitkadian avatar Aug 18 '22 12:08 XI2171-sumitkadian

Facing the same issue too.

rahul799 avatar Dec 19 '22 06:12 rahul799

Same issue when running multiple pushes on different actions on the same runner instance.

RobinFrcd avatar Jan 20 '23 15:01 RobinFrcd

Could you paste the exact error from your logs here, covering any sensitive information?

arjraman avatar Mar 03 '23 00:03 arjraman

Nothing really more useful than OP provided sadly :/

The push refers to repository [***.dkr.ecr.eu-west-3.amazonaws.com/***]
00ae2f02e451: Preparing
e9857ac559f9: Preparing
a70a5126b72f: Preparing
4cdb6e4a61: Preparing
d8009a0aa7: Preparing
2421911654: Preparing
435699713645: Preparing
2231911654: Waiting
4b4b8ae407af: Preparing
6e8b10052d: Preparing
435699713645: Waiting
0d7f412381ae: Preparing
954edfb465a4: Preparing
47ad77: Preparing
4b4b8ae407af: Waiting
no basic auth credentials
Error: Process completed with exit code 1.

But I can easily reproduce it.

  1. Install 2 runners on the same server
  2. Run 2 CIs at the same time that will both try to push an image to ECR

RobinFrcd avatar Mar 03 '23 02:03 RobinFrcd

Could it be any of the issues mentioned here: https://docs.aws.amazon.com/AmazonECR/latest/userguide/common-errors-docker.html#error-403?

arjraman avatar Mar 07 '23 01:03 arjraman

Pretty sure it's not:

  • You have authenticated to a different region: Always using the same region, eu-west-3
  • You have authenticated to push to a repository you don't have permissions for: If I retry a few seconds later, it works so the runner has the right permission
  • Your token has expired: I always do the ecr login before trying to push, so no
  • Bug in wincred credential manager: The runner is on Linux

RobinFrcd avatar Mar 07 '23 11:03 RobinFrcd

Got the same error for me in our GitHub self-hosted server having 3 runners in the same server. Can someone help? There is no issue with authentication creds with AWS. My setup is using assume_role.

davi020 avatar Mar 30 '23 07:03 davi020

@RobinFrcd what was your workaround concerning this issue

nerdeveloper avatar May 25 '23 12:05 nerdeveloper

@nerdeveloper To have the 2 runners on 2 different instances ...

RobinFrcd avatar May 25 '23 12:05 RobinFrcd

OMG! I just knew it. but I thought you'd be able to make it work without having to do that. The solution to this is to increase costs.

@arjraman, any time to fix this issue

nerdeveloper avatar May 25 '23 12:05 nerdeveloper

This is my workaround. I used the native docker login; you can use this if you choose to have multiple runners in one VM pending when this issue is fixed.

      - name: Login into ECR 
        run: echo ::set-output name=logged-in::$(aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin [private ECR repo URL])

nerdeveloper avatar May 25 '23 13:05 nerdeveloper