search

docker / scout-action

Docker Scout GitHub Action
https://docker.com/products/docker-scout
Other
83 stars 27 forks source link

Version 0.19.0 Authentication Issue #8

Closed oliv10 closed 1 year ago

oliv10 commented 1 year ago

Desc

Unable to run the action in its basic state because it fails to authenticate.

Bug

Error: could not authenticate: user githubactions not entitled to use Docker Scout

Job Step

-       name: Docker Scout Recommendations
        id: docker-scout-recs
        if: ${{ github.event_name == 'pull_request' }}
        uses: docker/scout-action@v0.19.0
        with:
          command: recommendations
          image: ${{ steps.meta.outputs.tags }}
          write-comment: true
          github-token: ${{ secrets.GITHUB_TOKEN }}

Recommendation

IDK guys I can't see the source code. But I can tell you that this works fine in v0.18.1 and in this commit.

oliv10 commented 1 year ago

https://github.com/docker/scout-action/issues/7#issuecomment-1635994664

pozsa commented 1 year ago

This does not seem to work if the docker/login-action is used with a 3rd party registry.

The way the documentation is worded it is unclear whether docker/login-action should work with a 3rd party registry or not. @cdupuis Can you confirm this?

image

oliv10 commented 1 year ago

My understanding is that you need to login to Docker Hub to use the scout features at all. And I guess you would need another step to login to your other registry to store your image. Dev Response Or you could pass the Docker Hub credentials in the scout action itself as they mentioned.

pozsa commented 1 year ago

So if I don't have a DockerHub user then I won't be able to use Docker Scout?

cdupuis commented 1 year ago

So if I don't have a DockerHub user then I won't be able to use Docker Scout?

Yes, that’s correct. We require logins to safeguard our free services from abuse and to guarantee a high level of service for our customers.

Having said that a Docker Hub user is completely free, as is Docker Scout for CI.

nam20485 commented 10 months ago

So if I don't have a DockerHub user then I won't be able to use Docker Scout?

Yes, that’s correct. We require logins to safeguard our free services from abuse and to guarantee a high level of service for our customers.

Having said that a Docker Hub user is completely free, as is Docker Scout for CI.

It's also quite easy to login to in a GitHub Actions workflow. See Docker's example for the workflow step config you need to add:

https://github.com/docker/login-action#docker-hub

This will require two things before it will run successfully:

  1. You have a username and access token from a registered Docker Hub account
  2. You have added these values as secrets in your GitHub repo settings under the specified names

You can register a user and/or create an access token at Docker Hub.

When creating an access token for simply running Docker Scout I believe the minimum permission needed is read-only. Obviously if you are doing others things with the Docker Hub registry you may require more permissions that just that.