search

ddev / ddev-gitlab-ci

Extended version docker:latest with ddev
1 stars 0 forks source link

Add credentials to push image to ghcr.io #12

Closed ochorocho closed 1 week ago

ochorocho commented 1 week ago

After moving the project to the ddev org, the image is not pushed to ghcr.io.

The build.yml workflow contains the following line:

echo ${{ secrets.GHCR_TOKEN }} | docker login ghcr.io -u ${{ secrets.GHCR_USERNAME }} --password-stdin

@rfay would you mind adding the environment variables for GHCR_TOKEN and GHCR_USERNAME so the GitHub Action is allowed to upload the image to ghcr.io ?

rfay commented 1 week ago

Oh, you should have had admin on this. Now you do. Let me know if you have everything you need.

ochorocho commented 1 week ago

@rfay is there a way to push the image without using my user and my access token?

Currently i keep getting "403 Forbidden"

 ------
 > exporting to image:
------
ERROR: failed to solve: failed to push ghcr.io/ddev/ddev-gitlab-ci:v1.22: unexpected status from HEAD request to https://ghcr.io/v2/ddev/ddev-gitlab-ci/blobs/sha256:ee0252e41ddc3d0b47674578bb5e3aaca69b3891b9d9ef3a2b900a5fb8946f21: 403 Forbidden

See https://github.com/ddev/ddev-gitlab-ci/actions for more details

rfay commented 1 week ago

I guess we need a token. Can put the one that DDEV uses for package push in there I guess, will take a look when I get home. Thanks for the good work on this!

ochorocho commented 1 week ago

Ok, makes perfect sense to me.

Thank you! :-)

rfay commented 1 week ago

I added a token GHCR_TOKEN that has privileges to push to github repo, but I don't understand what you're doing in your setup. You're using GITHUB_TOKEN, which is absolutely not going to have adequate privs (because it has to have write:packages scope, true? And you're using it with a docker login.

Let me know what powers/scope you need for the token, and what you'd like it to be called. I'm not sure what github_actor might be.

Feel free to drop by discord to chat.

ochorocho commented 1 week ago

Awesome! Thank you @rfay it is working now. GHCR_TOKEN is ok.

For informations sake, the following code will login to ghcr.io so the workflow is able to push:

echo "${{ secrets.GHCR_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

For more details: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs

In case you want me to improve or align the code with other workflow that might be used in the ddev org, just let me know.

rfay commented 1 week ago

Just a note: That token expires April 18, 2025