Closed sdrzazga-nsd closed 1 year ago
I have the same issue, installing the previous version works.
Might your token for ghcr.io have expired? I'm not sure we detect that case, but the access is public, so could you try running docker logout ghcr.io
and then retry?
Hello @chrmarti .
Thank you for your response.
I can confirm that by performing docker logout ghcr.io
it resolved the issue.
What's strange is the fact that it was working with the previous version just fine and except for dev containers I usually don't use ghcr.io
at all. Hence I would not have assumed this to be the issue.
Anyways, thank you!
@joshspicer Can we handle the case where the token isn't valid or expired by retrying without a token?
Makes sense 👍
This should do the trick! https://github.com/devcontainers/cli/pull/515
@joshspicer can we move this to Backlog or June or is it critical for May?
This shipped in the latest dev container CLI release.
I'll need some verification steps for this one. I tried copy-pasting the above file from https://github.com/microsoft/vscode-remote-release/issues/8449#issue-1697605138 into .devcontainer/devcontainer.json and pushing it to a private repository, but then when cloning the repository, the extension reports
[10219 ms] Start: Run in container: cat /workspaces/devcontainers-test/.devcontainer/devcontainer.json 2>/dev/null
[10224 ms] Start: Run in container: cat /workspaces/devcontainers-test/.devcontainer.json 2>/dev/null
[10231 ms] Repository rzhao271/devcontainers-test has no dev container files.
and it asks me to add a configuration file. Edit: I selected a config and it override .devcontainer/devcontainer.json, so it just ignores my config?
I'm also not sure how to test the expired token scenario.
You can test this by creating a GitHub PAT from https://github.com/settings/tokens and then logging into docker in your local environment with docker login ghcr.io -u $GITHUB_USER -p $PAT
. Before building the dev container, revoke the PAT via the GitHub UI. You'll now have an invalid/"expired" PAT in your local docker config.
Any repo with a publicly accessible Feature will work (the example uses the git Feature).
The issue that this change fixes is that an expired token is preferred over accessing the registry anonymously. This CLI patch now falls back to trying the request anonymously (no auth) if the initial auth returns a certain set of exit codes.
From what I can see this patch should be in 0.294.0-pre-release
of the dev containers extension.
LGTM. I overrode the dev container config file in my test repository with one generated by the quickpick UX. I deleted the old containers and dev volumes on Docker Desktop. I created a PAT and made it expire after logging in again for ghcr.io. After that, I was finally able to clone the test repository in a container volume and see the line
[22472 ms] [httpOci] 403: Credentials for 'ghcr.io' may be expired. Attempting request anonymously.
:tada:
Performing in VSCode
Dev Containers: Clone Repository in Container Volume
using a repository with defined container features works usingv0.288.1
but fails inv0.292.0
.Steps to Reproduce:
ms-vscode-remote.remote-containers
with v0.292.0 performDev Containers: Clone Repository in Container Volume
Does this issue occur when you try this locally?: Yes Does this issue occur when you try this locally and all extensions are disabled?: n/a
It works in Codespaces.