search

dotnet / docker-tools

This is a repo to house some common tools for our various docker repos.
MIT License
122 stars 46 forks source link

Authentication error calling `oras` tool in cleanup pipeline #1383

Closed mthalman closed 1 month ago

mthalman commented 1 month ago

Regression from the changes in https://github.com/dotnet/docker-tools/pull/1379. When running the cleanup pipeline, all queries to the registry using the oras tool are failing with an authentication error.

Example:

-- EXECUTING: oras discover --artifact-type application/vnd.microsoft.artifact.lifecycle dotnetdocker.azurecr.io/public/dotnet/core/runtime-deps@sha256:00080f95883aa73f49b01b1d7bc39cf7b536400b7c69863377bad0bea7063a3b --format json
Error response from registry: HEAD "[https://dotnetdocker.azurecr.io/v2/public/dotnet/core/runtime-deps/manifests/sha256:000f5db52196d0f9b18feb010b0cf013eb6e57e2772b3579022d0706a5899bd8"](https://dotnetdocker.azurecr.io/v2/public/dotnet/core/runtime-deps/manifests/sha256:000f5db52196d0f9b18feb010b0cf013eb6e57e2772b3579022d0706a5899bd8%22): unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.

This is because oras relies on authentication of the Docker CLI by default. But the Docker CLI is not logged into in CleanAcrImagesCommand. This should be able to be fixed by calling IRegistryCredentialsProvider.ExecuteWithCredentialsAsync.

/cc @NikolaMilosavljevic

dotnet-issue-labeler[bot] commented 1 month ago

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

dotnet-issue-labeler[bot] commented 1 month ago

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.