Login k8s in ghcr not working

[xvladqt]

Workflow

name: review-app

on:
  pull_request:
    types:
      - opened
      - reopened
      - synchronize

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Define environment url
        env:
          nip_host_ip: ${{ secrets.NIP_HOST_IP }}
        run: |
          pr_id=${{ github.event.number }}
          echo WERF_SET_ENV_URL=global.env_url=http://${pr_id}-${nip_host_ip}.nip.io >> $GITHUB_ENV
      - name: Deploy
        uses: werf/actions/converge@v1.2
        with:
          env: review-${{ github.event.number }}
          kube-config-base64-data: ${{ secrets.KUBE_CONFIG_BASE64_DATA }}

k8s docker secret

apiVersion: v1
kind: Secret
metadata:
  name: regsecret
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: {{ .Values.dockerconfigjson }}

Result:

Error: helm upgrade have failed: unable to build kubernetes objects from release manifest: error validating "": error validating data: unknown object type "nil" in Secret.data..dockerconfigjson
Error: The process '/home/runner/work/_temp/e04a3e2b-fca8-42be-a0e3-22170e1a095c/werf' failed with exit code 1

[distorhead]

@xvladqt Hi!

First of all .Values.dockerconfigjson will be enabled only when --set-docker-config-json-value=true param is set (or WERF_SET_DOCKER_CONFIG_JSON=true environment variable.

With this option werf will put current system docker config into the variable. Thus you need to login into the ghcr prior running werf.

IMPORTANT It is impossible to use temporal one-shot tokens in CI/CD systems in such way, because these tokens will expire when job finishes. You need to use persistent tokens for such task.

[xvladqt]

@distorhead hi, thanks for reply!

I try use WERF_SET_DOCKER_CONFIG_JSON=true

      - name: Deploy
        uses: werf/actions/converge@v1.2
        env:
          WERF_SET_DOCKER_CONFIG_JSON: true
        with:
          github-token: ${{ secrets.CR_TOKEN }}
          env: review-${{ github.event.number }}
          kube-config-base64-data: ${{ secrets.KUBE_CONFIG_BASE64_DATA }}

But I get the error:

Running time 282.72 seconds
Error: helm upgrade have failed: failed parsing --set data: key "true" has no value
Error: The process '/home/runner/work/_temp/182f9f9d-8233-4c4c-ac88-e2ea4fa18b31/werf' failed with exit code 1

What have I done wrong ?

[xvladqt]

@distorhead i found update on changelog "WERF_SET_DOCKER_CONFIG_VALUE env variable collision with --set param (30177b4)", and try use new version

      - name: Deploy
        uses: werf/actions/converge@v1.2
        with:
          version: v1.2.29

But I get the error:

Run werf/actions/converge@v1.2
Error: Unexpected HTTP response: 404

[distorhead]

There is some internal issue with werf/actions. I am investigating this now.

[distorhead]

@xvladqt Sorry, there is some problem with exact-version-downloading in the actions using the version directive:

with:
  version: XXX

But we have promoted v1.2.29 to the alpha channel, so you can use now:

with:
  channel: alpha

[xvladqt]

@distorhead Unfortunately v1.2.29 did not fix the error

/home/runner/work/_temp/88987a97-b20a-4333-b890-9a6d6cd7d18f/werf converge
Version: v1.2.29
...
Running time 175.83 seconds
Error: helm upgrade have failed: failed parsing --set data: key "true" has no value
Error: The process '/home/runner/work/_temp/88987a97-b20a-4333-b890-9a6d6cd7d18f/werf' failed with exit code 1

[distorhead]

          WERF_SET_DOCKER_CONFIG_JSON: true

=>

          WERF_SET_DOCKER_CONFIG_VALUE: true

Maybe a little illogical name of option we have chosen to enable .Values.dockerconfigjson -> --set-docker-config-value. But it is what it is.

[distorhead]

There is actually mismatch between cli option and environment variable: --set-docker-config-json-value and WERF_SET_DOCKER_CONFIG_VALUE. I think this is a typo (missing _JSON_ part). We will fix this by adding additional alias environment value WERF_SET_DOCKER_CONFIG_JSON_VALUE so that env variable name matches cli option at least.

[xvladqt]

@distorhead The original problem persisted, this solution didn't work

Run werf/actions/converge@v1.2
  with:
    channel: alpha
    github-token: ***
    env: review-***
    kube-config-base64-data: ***
  env:
    nip_host_ip: ***
    WERF_SET_ENV_URL: ***
    WERF_SET_ENV_DOMAIN: ***
    WERF_SET_REVIEW_ID: ***
    ENV_URL: ***
    WERF_SET_DOCKER_CONFIG_VALUE: true
...
Running time 11.89 seconds
Error: helm upgrade have failed: UPGRADE FAILED: error validating "": error validating data: unknown object type "nil" in Secret.data..dockerconfigjson
Error: The process '/home/runner/work/_temp/422de64a-a9e9-408b-a401-8707d7b3a5bc/werf' failed with exit code 1

[distorhead]

@xvladqt Confirming the problems with the current v1.2.29 version.

I have started PR with a fix: https://github.com/werf/werf/pull/3832:

1. Given that environment-variable for this option never worked, I've renamed WERF_SET_DOCKER_CONFIG_VALUE to WERF_SET_DOCKER_CONFIG_JSON_VALUE to match cli option --set-docker-config-json-value (without aliases).
2. Fixed a bug with environment variable usage.
3. Checked that WERF_SET_DOCKER_CONFIG_JSON_VALUE=true actually works in test application.

Fix is available in the v1.2.30 in the alpha channel.

[xvladqt]

@distorhead Yes, it is working correctly now, thanks