search

GoogleCloudPlatform / cloud-run-button

Let anyone deploy your GitHub repos to Google Cloud Run with a single click
https://cloud.run
Apache License 2.0
523 stars 91 forks source link

Docker push fails due to lack of permission for Container Registry #247

Open evil-shrike opened 7 months ago

evil-shrike commented 7 months ago

At the last step of pushing a built container to Container Registry the procedure fails with an unauthenticated error:

[ ! ] Attempting to build this application with its Dockerfile...
[ ! ] FYI, running the following command:
        docker build -t gcr.io/arp-test-3/arp-installer app-reporting-pack/gcp/cloud-run-button
[ ✓ ] Built container image gcr.io/arp-test-3/arp-installer
[ ! ] FYI, running the following command:
        docker push gcr.io/arp-test-3/arp-installer
[ ✖ ] Failed to push container image to Google Container Registry.
Error: failed to push image to gcr.io/arp-test-3/arp-installer: docker push failed: exit status 1, output:
Using default tag: latest
The push refers to repository [gcr.io/arp-test-3/arp-installer]
581bf958b3be: Preparing
fa810cf7b9f7: Preparing
ebf9c408cfe4: Preparing
4376bb6bef20: Preparing
c9885fc563e4: Preparing
ec4d864ac810: Preparing
5af4f8f59b76: Preparing
ec4d864ac810: Waiting
5af4f8f59b76: Waiting
unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

It can be fixed via executing gcloud auth configure-docker.

But should not it work by default? I believe so.

I think it doesn't depend on specific application but just in case here're what I built: app.json:

{
  "name": "arp-installer",
  "options": {
    "allow-unauthenticated": false,
    "port": 80
  },
  "build": {
    "skip": false
  },
  "hooks": {
    "prebuild": {
      "commands": ["./prebuild.sh"]
    },
    "postcreate": {
      "commands": ["./postcreate.sh"]
    }
  }
}

Dockerfile:

FROM python:alpine
RUN apk add --update --no-cache py3-pip
EXPOSE 80/tcp
WORKDIR /app
CMD ["python3", "-m", "http.server", "80"]
glasnt commented 6 months ago

Thanks for reporting this, @evil-shrike. You're correct, the workaround is gcloud auth configure-docker. There may be an issue where the default registries configured in the environment do not include Container Registry. The configure-docker command will fix it, but it shouldn't need to be run in the first place. I will follow up internally.

geshan commented 4 months ago

I can reproduce this issue, can this be looked into please.

yasser-chihab commented 2 months ago

I solved this with using app.json :

{
    "name": "app",
    "hooks": {
        "prebuild": {
            "commands": [
                "gcloud auth configure-docker"
            ]
        }
    }
}

Other solution is to fork cloudrun-button-repo, add a call to gcloud auth configure-docker, build the image and push it to your registry (the image should be publicly available), and then use the following link to deploy your cloud-run application 

https://shell.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https://github.com/xxx/xxx.git&cloudshell_image=us-east1-docker.pkg.dev/your-registry/cloudshell-custom