Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Working with Github package registry

See original GitHub issue

Hey so i’m currently stuck between v1 no longer working and v2 not working either.

I use the Github container registry in a private repo.

In v1 i used:

- uses: docker/build-push-action@v1
  with:
    username: ${{ github.actor }}
    password: ${{ github.token }}
    registry: docker.pkg.github.com
    repository: <org-name>/<repo-name>/<app-name>
    tag_with_ref: true

This worked great. However this is failing recently. I suspect a major update to docker happened cause I cannot even pull these images locally since it fails with the error:

Error response from daemon: mediaType in manifest should be 'application/vnd.docker.distribution.manifest.v2+json' not ''

In v2: I’m using the setup from the readme:

- run: echo ::set-env name=IMAGE_TAG::${GITHUB_REF:10}

- name: Set up QEMU
  uses: docker/setup-qemu-action@v1
  with:
    platforms: all

- name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v1

- name: Cache Docker layers
  uses: actions/cache@v2
  with:
    path: /tmp/.buildx-cache
    key: ${{ runner.os }}-buildx-${{ github.sha }}
    restore-keys: |
      ${{ runner.os }}-buildx-

- name: Login to Registry
  uses: docker/login-action@v1
  with:
    registry: docker.pkg.github.com
    username: ${{ github.actor }}
    password: ${{ github.token }}

- uses: docker/build-push-action@v2
  with:
    push: true
    tags: <org-name>/<repo-name>/<app-name>:${{ env.IMAGE_TAG }}
    secrets: |
      GIT_AUTH_TOKEN=${{ github.token }}

This fails with:

failed to solve: rpc error: code = Unknown desc = server message: insufficient_scope: authorization failed

Is there anything i am missing here?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:7
  • Comments:15 (5 by maintainers)

github_iconTop GitHub Comments

25reactions
ghostwritercommented, Sep 19, 2020

@kyler-hyuna your issue looks like an authentication 401 Unauthorized and maybe tags.

If you’re planning on migrating to GitHub Container Registry,

  1. Create a new personal access token (PAT) with the appropriate scopes for the tasks you want to accomplish. If your organization requires SSO, you must enable SSO for your new token.
  • Select the read:packages scope to download container images and read their metadata.
  • Select the write:packages scope to download and upload container images and read and write their metadata.
  • Select the delete:packages scope to delete container images.

  1. In your GitHub Actions workflow files, update the package URL from https://docker.pkg.github.com to ghcr.io.

  2. Add your new container registry authentication personal access token (PAT) as a GitHub Actions secret. GitHub Container Registry does not support using GITHUB_TOKEN for your PAT so you must use a different custom variable, such as CR_PAT. For more information, see “Creating and storing encrypted secrets.

Updated build.yml

- run: echo ::set-env name=IMAGE_TAG::${GITHUB_REF:10}

- name: Set up QEMU
  uses: docker/setup-qemu-action@v1
  with:
    platforms: all

- name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v1

- name: Login to Registry
  uses: docker/login-action@v1
  with:
    # registry: docker.pkg.github.com
    registry: ghcr.io
    username: ${{ github.repository_owner }}
    password: ${{ secrets.CR_PAT }}

- name: Cache Docker layers
  uses: actions/cache@v2
  with:
    path: /tmp/.buildx-cache
    key: ${{ runner.os }}-buildx-${{ github.sha }}
    restore-keys: ${{ runner.os }}-buildx-

- uses: docker/build-push-action@v2
  with:
    push: true
    # tags: <org-name>/<repo-name>/<app-name>:${{ env.IMAGE_TAG }}
    tags: ghcr.io/${{ github.repository_owner }}/<image-name>:${{ env.IMAGE_TAG }}

I hope you find this helpful. ✌🏽 @crazy-max @hiddeco @kyler-hyuna

5reactions
clarkbwcommented, Oct 8, 2020

Because it doesn’t support GITHUB_TOKEN anymore

This is only during the Beta, we’ll roll out support for this next.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Working with a GitHub Packages registry
Learn how to use a supported GitHub Packages registry. Diagram showing packages support for Docker, Container registry, RubyGems, npm, Apache Maven. Working ......
Read more >
Working with the npm registry - GitHub Docs
The GitHub Packages registry stores npm packages within your organization or ...
Read more >
Introduction to GitHub Packages
GitHub Packages is a software package hosting service that allows you to host ... GitHub Packages supports, see "Working with a GitHub Packages...
Read more >
Your packages, at home with their code - GitHub
Run your CI/CD with Actions, and install packages and images hosted on GitHub Packages or your preferred registry of record. Streamline your workflow....
Read more >
Quickstart for GitHub Packages
Now that you've published the package, you'll want to use it as a dependency across your projects. For more information, see "Working with...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Push with rpc error Unknown desc failed commit on ref: no response

Next page

Image push fails when tags contains 2 or more items