search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.11k stars 527 forks source link

Build/Push fails if the tag name matches an existing tag in the registry #1042

Closed jstuessy closed 4 months ago

jstuessy commented 5 months ago

Contributing guidelines

I've found a bug, and:

Description

The build/push step fails if the tag name matches a tag currently in ECR.

Expected behaviour

Docker Build/Push shouldn't fail if the tags match since the image is pulled before it is pushed.

Actual behaviour

The push fails any time the tag is matching a tag currently in ECR

Repository URL

No response

Workflow run URL

No response

YAML workflow

- uses: docker/build-push-action@v5
        with:
          context: "xxxxx/"
          push: true
          pull: true
          tags: ${{ steps.login-ecr.outputs.registry }}/XXXXXXX:${{ hashFiles('xxxx/**') }}
          file: "xxxxx/docker/Dockerfile"
          cache-from: type=gha
          cache-to: type=gha,mode=max
          provenance: false

Workflow logs

pushing manifest for XXXXXX.dkr.ecr.us-west-2.amazonaws.com/XXXXXXXXXXX@sha256:XXXXXXXXXX pushing manifest for XXXXXXXX.dkr.ecr.us-west-2.amazonaws.com/XXXXXX:XXXXXXXXXXXXX@sha256:XXXXXXX 0.7s done ERROR: failed to push XXXXXXXX.dkr.ecr.us-west-2.amazonaws.com/XXXXX:XXXXXXXXXXXX: failed commit on ref "manifest-sha256:XXXXXXXXXXXX": unexpected status from PUT request to https://XXXXXXXXXX.dkr.ecr.us-west-2.amazonaws.com/v2/XXXXXX/manifests/XXXXXXXXXXXXXXX: 400 Bad Request

BuildKit logs

No response

Additional info

No response

crazy-max commented 5 months ago

Sounds like a registry configuration. Tag immutability is probably turned on for this repository: https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html

krainboltgreene commented 5 months ago

@crazy-max Right the tag immutability is turned on. Should build-push-action be able to handle this case? Immutability is a commonly accepted practice, from a quick glance.

asveepay commented 5 months ago

@krainboltgreene this started happening for us last week as well; we push to two repos at deployment for different environments. Both repos have tag immutability turned on, but pushing images with new tags started failing in to one repository. The other one worked, and continues to work fine. Tags are not duplicated within each repository.

WesleyKapow commented 4 months ago

Just hit this. We default our ecr repos to IMMUTABLE (agreed this is good practice). Ideally we wouldn't have to disable this to get caching working. Can there be an option to get build-push-action to delete any existing buildcache image before pushing the new one?

krainboltgreene commented 4 months ago

For what it's worth our solution was to add a step prior to this that uses docker manifest image to see if the image at that name exists, if it fails then that means the image doesn't exist and can run the build.