whats-up-docker
whats-up-docker copied to clipboard
fmartinou
Pulling image from private GHCR results in unauthorized
When trying to pull an image inside the docker-compose trigger the pulling fails with the log message
Error when pulling image ghcr.io/[image]:[version] ((HTTP code 500) server error - Head "https://ghcr.io/v2/[image]/manifests/[version]": unauthorized )
I suspect this is a side-effect from https://github.com/fmartinou/whats-up-docker/pull/254. The getAuthPull method still expects a username: https://github.com/fmartinou/whats-up-docker/blob/master/app/registries/providers/ghcr/Ghcr.js#L63 but I am not certain.
I have checked my hypothesis by hard-coding the username in the getAuthPull function, after which the image can be pulled by WUD. I think I can submit a PR to fix this but I am uncertain about how you want to solve it @fmartinou . Would you like to re-introduce the username configuration option or something else?
I'm experiencing the same issue.
22:36:24.751 INFO whats-up-docker/trigger.dockercompose.zzz: Pull image ghcr.io/xxx/yyy:latest (container=local_yyy)
22:36:25.134 WARN whats-up-docker/trigger.dockercompose.zzz: Error when pulling image ghcr.io/xxx/yyy:latest ((HTTP code 500) server error - Head "https://ghcr.io/v2/xxx/yyy/manifests/latest": unauthorized ) (container=local_yyy)
22:36:25.134 WARN whats-up-docker/trigger.dockercompose.zzz: Error ((HTTP code 500) server error - Head "https://ghcr.io/v2/xxx/yyy/manifests/latest": unauthorized )
Hi, @jurgenf ,
Thanks for the troubleshoot 👍
If I understand correctly, the github username is not needed to use the Docker Registry API but it's still needed for the Docker engine to authenticate to ghcr?
Passing an empty or a dummy username doesn't work?
If so, yeah, there is no other way than bringing back the username config option 😞 .
I am now testing with a fixed username 'github', I think that works. I also tried with an empty string but I am not sure if it failed because of another crash I am experiencing (possibly #275) or this is not allowed. I will check again...
@jurgenf, a fixed username github doesn't work for me, still results in unauthorized.
I think you need the correct username afterall @marcusique. So I think we need to bring back the username option.
Hi,
I pushed a fixed version fmartinou/whats-up-docker:fix__271_ghcr_pull_authentication
The WUD_REGISTRY_GHCR_USERNAME and WUD_REGISTRY_LSCR_USERNAME have been reintroduced (PR https://github.com/fmartinou/whats-up-docker/pull/286)
(both GHCR and LSCR registries are impacted)
Can you give it a try?
Hi @fmartinou,
I can confirm it worked. GHCR was successfully added to the authenticated registries
09:44:39.531 INFO whats-up-docker/registry.ghcr: Register with configuration {"username":"xxx","token":"g**************************************i"}
And it managed to automatically update an image based on a trigger
09:47:39.026 INFO whats-up-docker/trigger.dockercompose.zzz: Pull image ghcr.io/xxx/yyy:latest (container=local_yyy)
09:49:18.103 INFO whats-up-docker/trigger.dockercompose.zzz: Image ghcr.io/xxx/yyy:latest pulled with success (container=local_yyy)
09:49:18.105 INFO whats-up-docker/trigger.dockercompose.zzz: Stop container yyy with id bbd9b329b0f89a24b4a35c4838dab1c1e396d77d7ca0a12e790cd6290c21ae98 (container=local_yyy)
09:51:47.915 INFO whats-up-docker/watcher.docker.local: Status changed from running to exited (container=local_yyy)
09:51:47.918 INFO whats-up-docker/trigger.dockercompose.zzz: Container yyy with id bbd9b329b0f89a24b4a35c4838dab1c1e396d77d7ca0a12e790cd6290c21ae98 stopped with success (container=local_yyy)
09:51:47.919 INFO whats-up-docker/trigger.dockercompose.zzz: Remove container yyy with id bbd9b329b0f89a24b4a35c4838dab1c1e396d77d7ca0a12e790cd6290c21ae98 (container=local_yyy)
09:51:47.982 INFO whats-up-docker/trigger.dockercompose.zzz: Container yyy with id bbd9b329b0f89a24b4a35c4838dab1c1e396d77d7ca0a12e790cd6290c21ae98 removed with success (container=local_yyy)
09:51:47.983 INFO whats-up-docker/trigger.dockercompose.zzz: Create container yyy (container=local_yyy)
09:51:48.187 INFO whats-up-docker/trigger.dockercompose.zzz: Container yyy recreated on new image with success (container=local_yyy)
09:51:48.187 INFO whats-up-docker/trigger.dockercompose.zzz: Start container yyy (container=local_yyy)
09:51:49.225 INFO whats-up-docker/trigger.dockercompose.zzz: Container yyy started with success (container=local_yyy)
09:51:49.227 INFO whats-up-docker/trigger.dockercompose.zzz: Remove image ghcr.io/xxx/yyy@sha256:87f21b07426af7dcab249775b8dbb5a16461e5d90e6e96ad79c9ff5365cad42f (container=local_yyy)
09:51:51.008 INFO whats-up-docker/trigger.dockercompose.zzz: Image ghcr.io/xxx/yyy@sha256:87f21b07426af7dcab249775b8dbb5a16461e5d90e6e96ad79c9ff5365cad42f removed with success (container=local_yyy)
09:51:53.186 INFO whats-up-docker/watcher.docker.local: Cron started (1 0 * * *)
Hi @marcusique ,
Thank you for the feedback 👍
I wait for @jurgenf confirmation that the fix is also working for him, then I'll merge it 😃
Hi, I guessed my way to this solution (env for username) when setting up WUD earlier today based on stdout logs. I think it would be great if documentation would be updated that these variables are reintroduced :)
@fmartinou Getting an error tying to pull fmartinou/whats-up-docker:fix__271_ghcr_pull_authentication and doesn't seem like GHCR_USERNAME is in 6.3.0. Is there another workaround currently?
07:24:25.025 WARN whats-up-docker/registry: Some registries failed to register (Error when registering component ghcr ("username" is not allowed))
