search

docker / login-action

GitHub Action to login against a Docker registry
https://github.com/marketplace/actions/docker-login
Apache License 2.0
1.06k stars 195 forks source link

docker login failure on macos self hosted runner #566

Closed nnsay closed 1 year ago

nnsay commented 1 year ago

Behaviour

Steps to reproduce this issue

  1. create self hosted runner with macos(arm)
  2. install the docker desktop on the macos runner
  3. change the runner of workflow to self-hosted and add the docker login step with docker/login-action@v2
  4. trigger the workflow

Expected behaviour

the docker login action is ok and the image on runner can be push to ghcr.io

Actual behaviour

docker does not login. But if change to self hosted runner to ubuntu-latest, the step is ok.

Configuration

- name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

Logs

Run docker/login-action@v2
  with:
    registry: ghcr.io
    username: nnsay
    password: ***
    ecr: auto
    logout: true
  env:
    NODE_AUTH_TOKEN: ***
    NPM_CONFIG_USERCONFIG: /Users/vd/runner/runner1/_work/_temp/.npmrc
    NX_BASE: [2](https://github.com/Albedo-Inc/albedo-frontend/actions/runs/5651927180/job/15310874848#step:10:2)cb1d14582cef2ace[3](https://github.com/Albedo-Inc/albedo-frontend/actions/runs/5651927180/job/15310874848#step:10:3)f6d0668abeb808b7d8a29f
    NX_HEAD: beac76a3ab2eec7659f9b0e3501b[4](https://github.com/Albedo-Inc/albedo-frontend/actions/runs/5651927180/job/15310874848#step:10:4)e13aebce0[6](https://github.com/Albedo-Inc/albedo-frontend/actions/runs/5651927180/job/15310874848#step:10:6)4

Logging into ghcr.io...
Error: Error saving credentials: error storing credentials - err: exit status 1, out: `error getting credentials - err: exit status 1, out: `keychain cannot be accessed because the current session does not allow user interaction. The keychain may be locked; unlock it by running "security -v unlock-keychain ~/Library/Keychains/login.keychain-db" and try again``
crazy-max commented 1 year ago

If you add a step right before login with:

- run: |
    security -v unlock-keychain ~/Library/Keychains/login.keychain-db

Does it work?

Also be careful because when using a self-hosted runner there would be concurrent access to the Docker config. See https://github.com/docker/login-action/issues/173#issuecomment-1079688020 for more info.

gaborcsardi commented 1 year ago

I hit the same issue. I run the self-hosted runner as a custom user, and the first issue was that this used did not have a login keychain.

It is possible that macOS will create the keychain if you log in with the user on the GUI. I created it from R: keyring::keyring_create("login").

The second issue is that the keychain must be unlocked. I did this from a terminal:

sudo -s
su <customuser>
security -v unlock-keychain ~/Library/Keychains/login.keychain-db

After this docker/login-action@v2 works on the self-hosted runner. HTH.