Closed justinthelaw closed 6 months ago
This command does not look right: https://github.com/justinthelaw/gpu-support-test/actions/runs/7401503898/job/20137548820#step:6:2
- name: Create Manifest and Push Image
working-directory: /tmp/digests
run: |
docker buildx imagetools create \
-t ${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
Should be something like:
- name: Create Manifest and Push Image
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
I had a variation of that originally and it gave me a reference error. I'll try your code later today and report on the logs or success. Thank you!
@crazy-max I was able to diagnose and fix the problem! The final YAML file looks like the one below, and the run is here.
It turns out, I needed to add the env.REGISTRY
to both the area you specified, and also in the Docker Metadata step. Originally, the Docker Metadata step only included env.REGISTRY_IMAGE
name: Build and Push Image
on:
push:
tags:
- "v*.*.*"
workflow_dispatch:
env:
REGISTRY_IMAGE: justinthelaw/gpu-support-test
REGISTRY: ghcr.io
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
- linux/arm/v7
- windows/amd64
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Docker Metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Digest
id: build
uses: docker/build-push-action@v5
with:
context: .
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
tags: ${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}
- name: Export Digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload Digest
uses: actions/upload-artifact@v3
with:
name: digests
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Download Digests
uses: actions/download-artifact@v3
with:
name: digests
path: /tmp/digests
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker Metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create Manifest and Push Image
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
Contributing guidelines
I've found a bug, and:
Description
I am following the Docker multi-platform GitHub Actions instructions here, with the following modifications:
I am able to get past the job where each platform build is matrixed into separate runners (example of completed job here). I noticed the interesting side-effect of these matrixed jobs pushing and overwriting the package's latest image to be the OS that last finished its job, as seen here, but that is not the purpose of this post.
Expected behaviour
The
merge
job (example job here) properly pulls down all digests and creates the multi-platform image manifest before pushing back into GHCR.GHCR package repository then properly reflects support for all 4 OS/Arch combinations and contains the image with the tags: 0.1.0, latest
Actual behaviour
Ignoring the fact that I did not apply the v0.1.0 tag (that is inconsequential as I have already tried it and it does pick that up properly), the
merge
job gets up to "Create Manifest and Push Image" and fails at the following step, which occurs after GHCR login:The failure message is as follows:
ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
. Please see the full log for details.Repository URL
https://github.com/justinthelaw/gpu-support-test
Workflow run URL
https://github.com/justinthelaw/gpu-support-test/actions/runs/7401503898
YAML workflow
Workflow logs
The attached is the
merge
raw logs:BuildKit logs
Additional info
I am able to run the example commands below without problems locally, so it is not my Dockerfile nor Docker buildx. The commands properly push a multi-platform image to the package repository.