Forks of master branch fail GitHub Actions

[webb-ben]

Description A fork of geopython/pygeoapi:master that is wanting to keep up date fails GitHub Actions because the the geopython Docker image is hard-coded into container.yml.

Some solutions could be:

• A solution for organizations that have the same organization name in GitHub and Dockerhub - which is atleast true for geopython and internetofwater, changing L67-69 would be the same behavior as already implemented for the geopython/pygeoapi repository while allowing downstream forks to fit in (more) seamlessly.

        images: |
          ${{ github.repository }}
          ghcr.io/${{ github.repository }}

• The even friendlier downstream change, which is probably overkill could be allowing the DOCKER_REPOSITORY in L18 to be a repository variable / secret.

  DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY || github.repository }}

Steps to Reproduce Create a fork of pygeoapi in a repository where GitHub actions are enabled. Monitor build status

Expected behavior Ability to publish pygeoapi docker images without needing to make changes to containers.yml

Screenshots/Tracebacks Failed Action Modified File Action

Environment

• OS:
• Python version:
• pygeoapi version:

Additional context Add any other context about the problem here.

[ricardogsilva]

@webb-ben Is this still relevant?

looking at the current workflow:

https://github.com/geopython/pygeoapi/blob/f092cf548ebbe405e030a6247a81ac5b6d276e28/.github/workflows/containers.yml#L71-L80

and according to the docs of the docker/build-push-action github action it seems to me that the repo details are not hardcoded in the workflow.

[webb-ben]

Yes it is. The docker image will always publish as: https://github.com/geopython/pygeoapi/blob/f092cf548ebbe405e030a6247a81ac5b6d276e28/.github/workflows/containers.yml#L15

The solutions offered in the issue still work to resolve it

[francescoingv]

@ricardogsilva I also have the issue on pygeoapi/.github/workflows/containers.yml (line 39 - 40) when I commit to my local repository.

I have a DockerHub account, but I don't know where to set my credentials (secrets.DOCKER_USERNAME and secrets.DOCKER_PASSWORD) (i.e. in what file, placed where, with what format)

Should I also change line 15 (DOCKER_REPOSITORY: geopython/pygeoapi) to something like: francescomartinelliingv/pygeoapi ?

Please advice.

[francescoingv]

@ricardogsilva as of today, possibly the reported error changed a little, but when pulling a commit on a branch of a fork of geopython/pygeoapi:master I still get an email with the message Publish Docker image: Some jobs were not successful.

If usefull this is the link I am redirected to: https://github.com/francescoingv/pygeoapi/actions/runs/9958179840

Thank you.

[webb-ben]

@francescoingv you will need to set this in the settings tab of your fork

[francescoingv]

Thank you @webb-ben , I will check it: but would it be possible to avoid the docker part?

[francescoingv]

@francescoingv you will need to set this in the settings tab of your fork

@webb-ben I set the 2 secrets in my settings, however I still get an error. https://github.com/francescoingv/pygeoapi/actions/workflows/containers.yml It worked a couple of times and then now it is failing again.

Could you please help to understand what I am still missing or doing wrong?

Thank you

[webb-ben]

@francescoingv There are three secrets you need to set to get the container build to work:

DOCKER_REPOSITORY
DOCKER_USERNAME
DOCKER_PASSWORD

From the linked action history it appears some of these are not set

[francescoingv]

@webb-ben thank you. In your screenshot I only saw DOCKER_USERNAME (I set it to my docker account name) and DOCKER_TOKEN (I set it to the token I got from docker, but I understand this was useless).

Now you reported I also have to set DOCKER_PASSWORD (I immagine to my docker accont password) and DOCKER_REPOSITORY, but I have no idea what value to associate to this variable:.

Could you please help with this last variable (DOCKER_REPOSITORY)?

Thank you.

[webb-ben]

@francescoingv DOCKER_REPOSITORY is going to represent the docker image you want to publish under. For instance I could choose between publishing on my personal pygeoapi image or my organizational pygeoapi image.

If you are developing for personal use it should be francescoinno/pygeoapi (i.e. DOCKER_USERNAME/pygeoapi)

[francescoingv]

Dear @webb-ben, now I have set the Action-Secrets above (DOCKER_REPOSITORY, DOCKER_USERNAME, DOCKER_PASSWORD) but I still get the following error:

Run docker/login-action@v2.1.0
  with:
    username: ***
    password: ***
    ecr: auto
    logout: true
  env:
    DOCKER_REPOSITORY: ***
Logging into Docker Hub...
Error: Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password

I double checked the settings are correct: DOCKER_USERNAME = FrancescoMartinelliIngv DOCKER_REPOSITORY = francescomartinelliingv/pygeoapi (but I also tried DOCKER_REPOSITORY = pygeoapi ) and DOCKER_PASSWORD is correct.

Could you please advice? Thank you.

[webb-ben]

It is not an issue with the DOCKER_REPOSITORY, the issue you are seeing is just about not being able to authenticate with dockerhub. It is your username or password that must be the issue.

Are you using your literal Dockerhub password? I have only tested this using Dockerhub PATs.

[francescoingv]

@webb-ben I can use either PAT or literal password.

Finally I succeeded, but the setting were the following:

1. DOCKER_USERNAME was my dockerhub account name (in my case francescomartinelliingv); not the username (in my case FrancescoMartinelliIngv)
2. DOCKER_PASSWORD was a docker personal access token (PAT) with scope Read, Write, Delete; not my password.

May I suggest to use more clear secret names (e.g. could be DOCKER_ACCOUNT and DOCKER_FULL_ACCESS_TOKEN), and/or error reporting messages describing the settings that should be used according to the above.