docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.1k stars 525 forks source link

fatal: could not read Username for 'https://github.com': No such device or address #1112

Closed oktayalizada closed 1 month ago

oktayalizada commented 1 month ago

Contributing guidelines

I've found a bug, and:

Description

Could be related to the following issue but got resolved long time ago and was related to v2 specifically: https://github.com/docker/build-push-action/issues/162

Steps to reproduce:

  1. Have project with private dependency to another private repo
  2. Trigger github action

Expected behaviour

Should be able to build image

Actual behaviour

1.372 * Getting lib (https://github.com/<org-name>/libraryr)
1.542 fatal: could not read Username for 'https://github.com/': No such device or address
1.548 ** (Mix) Command "git --git-dir=.git fetch --force --quiet --progress" failed
------
Dockerfile:33
--------------------
  31 |     # install mix dependencies
  32 |     COPY mix.exs mix.lock ./
  33 | >>> RUN mix deps.get --only $MIX_ENV
  34 |     RUN mkdir config
  35 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c mix deps.get --only $MIX_ENV" did not complete successfully: exit code: 1
Error: buildx failed with: ERROR: failed to solve: process "/bin/sh -c mix deps.get --only $MIX_ENV" did not complete successfully: exit code: 1

Repository URL

No response

Workflow run URL

No response

YAML workflow

name: Publish

on:
  release:
    types: [ published, edited ]
    tags:
      - "v*.*.*"

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Generate a token
        id: generate_token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PEM }}

      - name: Log in to the Container registry
        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: "${{ steps.generate_token.outputs.token }}"

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
      - name: Set Versions
        uses: actions/github-script@v4
        id: set_version
        with:
          script: |
            const tag = context.ref.substring(10)
            const no_v = tag.replace('v', '')
            const dash_index = no_v.lastIndexOf('-')
            const no_dash = (dash_index > -1) ?  no_v.substring(0, dash_index) : no_v
            core.setOutput('tag', tag)
            core.setOutput('no-v', no_v)
            core.setOutput('no-dash', no_dash)

      - name: Release to packages
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          secrets: |
             GIT_AUTH_TOKEN=${{ steps.generate_token.outputs.token }}
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{steps.set_version.outputs.no-dash}}

Workflow logs

No response

BuildKit logs

No response

Additional info

No response

crazy-max commented 1 month ago

GIT_AUTH_TOKEN is only used by BuildKit to clone Git sources and doesn't apply to RUN instructions directly for any git command invocations.

You need to handle this yourself in the step RUN mix deps.get --only $MIX_ENV by using a secret mount and managing git configuration.

Something similar to:

RUN --mount=type=secret,id=GIT_AUTH_TOKEN \
  set -e
  GIT_AUTH_TOKEN=$(cat /run/secrets/GIT_AUTH_TOKEN)
  if [ -n "$GIT_AUTH_TOKEN" ]; then
    echo "Setting GitHub access token"
    git config --global "url.https://x-access-token:${GIT_AUTH_TOKEN}@github.com.insteadof" "https://github.com"
  fi
  mix deps.get --only $MIX_ENV
EOT

Would need to see your Dockerfile to make sure you don't do it with the final stage but dependent one to avoid exposing the secret in git config.

larshei commented 3 weeks ago

Using this, with Mix as the build system as well, I get the following error:

1.191 remote: Support for password authentication was removed on August 13, 2021.

Your previous post was from this year (May 2023), which leaves me a bit confused in combination with the error message. :D

Is there a new approach you know of? I've been searching through the web for most of today and have not figured it out yet

larshei commented 3 weeks ago

Got it, basically remove the x-access-token: from the URL rewrite.