server message: insufficient_scope: authorization failed

andrey-helldar commented 4 years ago

Behaviour

Set up Docker Buildx - ok
Login to DockerHub - ok (Login Succeeded!)
Build - ok
Push - failed

Steps to reproduce this issue

Just run the script or see the output of mine.

Expected behaviour

The script should compile the docker container and push it into the main register (https://hub.docker.com/repository/docker/helldar/laravel-gitlab-ci).

Actual behaviour

When trying to push, the script returns an authorization error:

failed to solve: rpc error: code = Unknown desc = server message: insufficient_scope: authorization failed
Error: buildx call failed with: failed to solve: rpc error: code = Unknown desc = server message: insufficient_scope: authorization failed

Configuration

Repository URL (public): https://hub.docker.com/repository/docker/helldar/laravel-gitlab-ci
Build URL (public): https://github.com/andrey-helldar/laravel-gitlab-ci/blob/master/.github/workflows/build.yml
Action URL (public): https://github.com/andrey-helldar/laravel-gitlab-ci/actions/runs/355830206

name: Docker Build

on:
    schedule:
        -   cron: 0 0 * * *
    push:
        branches: master
        tags:
            - v*

jobs:
    build:
        runs-on: ubuntu-latest

        strategy:
            matrix:
                php_version: [ 7.2.34, 7.3.24, 7.4.12, latest ]

        steps:
            -   name: Checkout
                uses: actions/checkout@v2

            -   name: Set up Docker Buildx
                uses: docker/setup-buildx-action@v1

            -   name: Login to DockerHub
                uses: docker/login-action@v1
                with:
                    username: ${{ secrets.DOCKERHUB_USERNAME }}
                    password: ${{ secrets.DOCKERHUB_TOKEN }}

            -   name: Get the version
                id: get_version
                run: |
                    VERSION=${{ matrix.php_version }}
                    PREFIX=edge
                    SUFFIX="-alpine"

                    if [[ $VERSION == "latest" ]]; then
                        SUFFIX=""
                    fi

                    if [[ $GITHUB_REF == refs/tags/* ]]; then
                        PREFIX=latest
                    fi

                    echo ::set-output name=prefix::${PREFIX}
                    echo ::set-output name=suffix::${SUFFIX}
                    echo ::set-output name=minor_version::${VERSION:0:3}
                    echo ::set-output name=full_version::${VERSION}

            -   name: Prepare
                id: prepare
                env:
                    MINOR_PHP_VERSION: ${{ steps.get_version.outputs.minor_version }}
                    FULL_PHP_VERSION: ${{ steps.get_version.outputs.full_version }}
                run: |
                    DOCKER_IMAGE=${GITHUB_REPOSITORY,,}

                    MINOR_VERSION=${MINOR_PHP_VERSION}
                    PATCH_VERSION=${FULL_PHP_VERSION}

                    echo ::set-output name=docker_image::${DOCKER_IMAGE}
                    echo ::set-output name=minor_version::${MINOR_VERSION}
                    echo ::set-output name=patch_version::${PATCH_VERSION}

            -   name: Build and Push (latest)
                if: success() && matrix.php_version == 'latest'
                uses: docker/build-push-action@v2
                with:
                    context: .
                    file: ./Dockerfile
                    push: true
                    tags: ${{ steps.prepare.outputs.docker_image }}:${{ steps.get_version.outputs.prefix }}
                    build-args: |
                        VERSION=${{ steps.get_version.outputs.prefix }}
                        MINOR_PHP_VERSION=alpine
                        FULL_PHP_VERSION=alpine
                        BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
                        VCS_REF=${GITHUB_SHA::8}

            -   name: Build and Push (minor)
                if: success() && matrix.php_version != 'latest'
                uses: docker/build-push-action@v2
                with:
                    context: .
                    file: ./Dockerfile
                    push: true
                    tags: ${{ steps.prepare.outputs.docker_image }}:${{ steps.get_version.outputs.prefix }}-${{ steps.prepare.outputs.minor_version }}
                    build-args: |
                        VERSION=${{ steps.get_version.outputs.prefix }}-${{ steps.prepare.outputs.minor_version }}
                        MINOR_PHP_VERSION=${{ steps.prepare.outputs.minor_version }}
                        FULL_PHP_VERSION=${{ steps.prepare.outputs.minor_version }}${{ steps.get_version.outputs.suffix }}
                        BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
                        VCS_REF=${GITHUB_SHA::8}

            -   name: Build and Push (patch)
                if: success() && matrix.php_version != 'latest'
                uses: docker/build-push-action@v2
                with:
                    context: .
                    file: ./Dockerfile
                    push: true
                    tags: ${{ steps.prepare.outputs.docker_image }}:${{ steps.get_version.outputs.prefix }}-${{ steps.prepare.outputs.patch_version }}
                    build-args: |
                        VERSION=${{ steps.get_version.outputs.prefix }}-${{ steps.prepare.outputs.patch_version }}
                        MINOR_PHP_VERSION=${{ steps.prepare.outputs.patch_version }}
                        FULL_PHP_VERSION=${{ steps.prepare.outputs.patch_version }}${{ steps.get_version.outputs.suffix }}
                        BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
                        VCS_REF=${GITHUB_SHA::8}

            -   name: Inspect (latest)
                if: success() && matrix.php_version == 'latest'
                run: docker image inspect ${{ steps.prepare.outputs.docker_image }}:${{ steps.get_version.outputs.prefix }}

            -   name: Inspect (minor)
                if: success() && matrix.php_version != 'latest'
                run: docker image inspect ${{ steps.prepare.outputs.docker_image }}:${{ steps.get_version.outputs.prefix }}-${{ steps.prepare.outputs.minor_version }}

            -   name: Inspect (patch)
                if: success() && matrix.php_version != 'latest'
                run: docker image inspect ${{ steps.prepare.outputs.docker_image }}:${{ steps.get_version.outputs.prefix }}-${{ steps.prepare.outputs.patch_version }}

Logs

logs_18.zip

crazy-max commented 4 years ago

@andrey-helldar

Looking at the generated buildx command it looks like you cannot push to andrey-***/laravel-gitlab-ci repo on DockerHub. Something is wrong with your DOCKER_IMAGE var. I think it should be helldar/laravel-gitlab-ci.

andrey-helldar commented 4 years ago

@crazy-max, The devil is in the details.

Indeed, that was the problem.

My repository name was taken automatically from the GitHub namespace - andrey-helldar/*, and in DockerHub it is different -helldar/*.

I replaced DOCKER_IMAGE=${GITHUB_REPOSITORY,,} with DOCKER_IMAGE=helldar/laravel-gitlab-ci and it worked.

Thanks! 🍻

Voyz commented 1 year ago

docker login - and reauthenticating helped me solve this very problem.

For some reason the auth was no longer valid, despite having been authenticated just a couple of days before.

docker / build-push-action