login-action
login-action copied to clipboard
docker
failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden
Contributing guidelines
- [X] I've read the contributing guidelines and wholeheartedly agree
I've found a bug, and:
- [X] The documentation does not mention anything about my problem
- [X] There are no open or closed issues that are related to my problem
Description
I have two Google Artifact Registries:
- foo: for fetching base images from
- bar: for pushing images to
Now docker build works, if I replace foo by docker.io.
When however I run docker build using foo I get an error:
europe-west1-docker.pkg.dev/foo/ar/python:3.9-slim: failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden
[email protected] has Artifact Registry Reader permissions on europe-west1-docker.pkg.dev/foo/ar/python
So it seems like I cannot use the WIP access_token for accessing foo. But how would I then use WIP to login for foo?
Expected behaviour
Would be good if either it worked or at least the error message would state clearly why it doesn't work.
Actual behaviour
See above
Repository URL
No response
Workflow run URL
No response
YAML workflow
- id: auth
uses: "google-github-actions/auth@v1"
with:
project_id: bar
retries: 10
service_account: '[email protected]'
token_format: access_token
workload_identity_provider: projects/${{ inputs.project_number }}/locations/global/workloadIdentityPools/github/providers/oidc
- uses: google-github-actions/setup-gcloud@v1
- run: |
gcloud auth configure-docker -q europe-west1-docker.pkg.dev
- uses: docker/login-action@v3
with:
registry: europe-west1-docker.pkg.dev
username: oauth2accesstoken
password: "${{ steps.auth.outputs.access_token }}"
Workflow logs
No response
BuildKit logs
No response
Additional info
No response
Hi I am not sure the problem I am having is related to this. I have a github action that use the action to login to docker artifect, it was working fine with v2, but since we update to v3 2 weeks ago, I am having this. just in case you can't see this is the error
Run docker/login-action@v3
with:
ecr: auto
logout: true
Error: Username and password required
and this is my github workflow https://github.com/grafana/mimir/blob/main/.github/workflows/push-mimir-build-image.yml#L34
@ying-jeanne This is not related, see https://github.com/docker/login-action/issues/29#issuecomment-731206108.
Same here.
I'm following these steps https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
And when I've tried to pull a image from my private Artifact Registry on my GKE/k8s cluster I'm getting this:
unpack image "us-central1-docker.pkg.dev/org/containers/images/mongo-backup:1.0.4": failed to resolve reference "us-central1-docker.pkg.dev/org/containers/images/mongo-backup:1.0.4": failed to authorize: failed to fetch anonymous token: unexpected status from GET request to https://us-central1-docker.pkg.dev/v2/token?scope=repository%3Aorg%2Fcontainers%2Fimages%2Fmongo-backup%3Apull&service=us-central1-docker.pkg.dev: 403 Forbidden
Any ideias how to solve this? Any help will be appreciate!
Thank you!
