Building docker images via github-actions fails.

[marcfehling]

Our docker images are no longer built automatically since last week. https://github.com/dealii/dealii/actions/workflows/docker.yml

There are two issues: 1) Building images for the arm64 architecture exceed the 6h time limit on the github workers. 2) We can't push the docker images to dockerhub.

#9 ERROR: failed to push dealii/dealii:master-jammy: can't push tagged ref docker.io/dealii/dealii:master-jammy by digest

[gassmoeller]

I am looking into this. I already have a solution to make the new workflow work for amd64, but I want to test a bit more. Will open a PR soonish.

[gassmoeller]

Unfortunately #17199 still did not solve the issue (see https://github.com/dealii/dealii/actions/runs/9831396962). The relevant error message is:

failed to push dealii/dealii: push access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

I.e. the build of the docker image succeeds, it is just the push of the unnamed image that fails. I do not understand what the problem there is and will have to investigate further. In the meantime: Should we revert the changes to the last working state to at least have a functioning workflow and an up-to-date image?

[gassmoeller]

Thanks @rombur for merging #17243 :+1:. The PR indeed shows that the issue is with the authentication with docker hub. Here is a result of the workflow: https://github.com/dealii/dealii/actions/runs/9948517704. It shows that building the image succeeds, and uploading to the Github container registry succeeds as well (also visible because we now have a container here, but the workflow then fails when doing the final push to DockerHub. @luca-heltai did anything change with the secrets to authenticate with Dockerhub? I can unfortunately not check that, because I have no admin permission for the deal.II repo (I dont see the settings to set up workflow secrets). We would need one secret named DOCKER_USERNAME for the dockerhub username and one named DOCKER_PASSWORD with the necessary personal access token with permissions to push to the dealii/dealii repo. Could you (or someone with the necessary permissions) check if these secrets are set up?

[luca-heltai]

Thanks @Rombur for merging #17243 👍. The PR indeed shows that the issue is with the authentication with docker hub. Here is a result of the workflow: https://github.com/dealii/dealii/actions/runs/9948517704. It shows that building the image succeeds, and uploading to the Github container registry succeeds as well (also visible because we now have a container here, but the workflow then fails when doing the final push to DockerHub. @luca-heltai did anything change with the secrets to authenticate with Dockerhub? I can unfortunately not check that, because I have no admin permission for the deal.II repo (I dont see the settings to set up workflow secrets). We would need one secret named DOCKER_USERNAME for the dockerhub username and one named DOCKER_PASSWORD with the necessary personal access token with permissions to push to the dealii/dealii repo. Could you (or someone with the necessary permissions) check if these secrets are set up?

Unfortunately i don't have admin permission either. I'm not sure if some changes were made by @tjhei: this is what we had in the past, and it used to work. @tjhei ?

- name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

[tamiko]

@luca-heltai Both of those secrets are still attached to the organization/repository. But the configuration screen tells me that they have been updated last month.

[marcfehling]

Write permissions have been fixed.

[marcfehling]

I assume we postponed the linux/arm64 build.