Open wangcanfengxs opened 4 months ago
I find when push image,buildx will auth another repo
#24 [auth] lcdev/playwright-java8:pull lctest/cicd-testng:pull,push token for harbor.example.com
I indeed no permission for lcdev repo. But why buildx would check pull permission for lcdev/playwright-java8
got the same issue that I could reproduce 100%:
The only way I could find was to purge any docker buildx cache
When using a docker distribution with an S3 backend I get this call which respond with 401
and asks for a bearer for both repo:
https://[my-s3-api]/[repository-b/image-b]/blobs/uploads/?mount=sha256:[somesha256]&from=[repository-a/image-a]
I'm facing the same issue.
The only way I could find was to purge any docker buildx cache
It's working but I can't implement it that way in my situation.
Looks like there is only one token asked and used by buildx while two different repositories with different permissions are used.
I find when push image,buildx will auth another repo
#24 [auth] lcdev/playwright-java8:pull lctest/cicd-testng:pull,push token for harbor.example.com
I indeed no permission for lcdev repo. But why buildx would check pull permission for lcdev/playwright-java8
@wangcanfengxs, I think buildx tries to pull cached layers from lcdev
repo before pushing to lctest
because it probably already pushed some of them before.
Contributing guidelines
I've found a bug and checked that ...
Description
docker buildx build --pull -f ./Dockerfile --build-arg BASE_IMAGE=harbor.example.com/devops/jdk8-openjdk-skiff:v1.6 --platform linux/amd64,linux/arm64 --push . -t harbor.example.com/lctest/test:4dcd8eac
Expected behaviour
push successfully
Actual behaviour
23 [auth] lcdev/playwright-java8:pull lctest/test:pull,push token for harbor.example.com
[2024-03-28 10:46:05] #23 sha256:d0078f5ccd4e4b94fbcb708aceebf38d48339d9d0fb6e5a308bc05fc0860e58c [2024-03-28 10:46:05] #23 DONE 0.0s [2024-03-28 10:46:05] [2024-03-28 10:46:05] #24 [auth] lcdev/playwright-java8:pull lctest/test:pull,push token for harbor.example.com [2024-03-28 10:46:05] #24 sha256:d6813da4a1ba3d97cfaac03368aca522c1145b52ed917f1a1034fab9dea8f8f0 [2024-03-28 10:46:05] #24 DONE 0.0s [2024-03-28 10:46:05] [2024-03-28 10:46:05] #21 exporting to image [2024-03-28 10:46:05] #21 sha256:d1f58143e758915860091f89ba9a815b655303b4a9da7e6ca9b9aa917ab657f9 [2024-03-28 10:46:05] #21 pushing layers 0.4s done [2024-03-28 10:46:05] #21 ERROR: failed to push harbor.example.com/lctest/test: server message: insufficient_scope: authorization failed [2024-03-28 10:46:05] ------ [2024-03-28 10:46:05] > exporting to image: [2024-03-28 10:46:05] ------ [2024-03-28 10:46:05] error: failed to solve: rpc error: code = Unknown desc = failed to push harbor.cloud.netease.com/qztest/cicd-testng:4dcd8eac: server message: insufficient_scope: authorization failed
Buildx version
github.com/docker/buildx v0.11.2 9872040b6626fb7d87ef7296fd5b832e8cc2ad17
Docker info
Builders list
Configuration
none
Build logs
No response
Additional info
No response