I am running my tests on aws lambda with the use of custom image. I'm using serverless for the configuration and the build of the image.
Process works fine locally. When I try to make it work with github actions, using serverless/github-action#v3 I'm getting an error:
Error: Could not find Docker installation. Ensure Docker is installed before continuing.
But since you can use 2 "uses:" I'm not sure how to work this one out. Any idea would be welcomed.
I don't know why the action cannot find docker installation but I resolved it by running the serverless command directly as follows:
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2
with:
node-version: "14"
- run: npm i -g serverless
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-1
- name: deploy
run: sls deploy --stage dev --verbose
Related
I am currently trying to run a docker GitHub Action which builds and pushes a docker image to the GitHub Packages but I am receiving an error which I have never seen. For some reason it fails to push the docker image because write_permission is denied but I have a token allowing me to write so I don't understand what the problem is.
This is my action file:
name: Docker Image CI
on:
workflow_dispatch:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 16
uses: actions/setup-java#v1
with:
java-version: 16
- name: Build with Maven
run: mvn -f ACS/pom.xml clean install dependency:copy-dependencies
- name: Login to GitHub Package Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${{ github.repository }} --password-stdin
- name: Build the Docker image
run: docker build -t image:latest .
- name: Tag the Docker image
run: docker tag image:latest docker.pkg.github.com/organization/repository/image:latest
- name: Push the Docker image to the registry
run: docker push docker.pkg.github.com/organization/repository/image:latest
This is my error:
Run docker push docker.pkg.github.com/organization/repository/image:latest
The push refers to repository
[docker.pkg.github.com/organization/repository/image]
f0eaf014e806: Preparing 7d0bad636b3f: Preparing aa0870e7c621:
Preparing 36d2f9f005e6: Preparing 22bb3686ee25: Preparing
05e198868a20: Preparing b5cea4a3dd43: Preparing 93c7a8a0e1f4:
Preparing 7f4b55b885b0: Preparing 05e198868a20: Waiting b5cea4a3dd43:
Waiting 93c7a8a0e1f4: Waiting 7f4b55b885b0: Waiting denied:
permission_denied: write_package
I was facing the same issue. To resolve this
Go to USER/ORG home page and click on Packages tab
Click on the package for which you are getting the permission_denied error
On the bottom of right sidebar click on Package settings option
On the Manage Actions access change the package role to write
Done. Now rerun the the action and you will find the problem is resolved.
The solution presented did not work for me, I had to add my repository to the package settings as documented in the issue https://github.community/t/unable-to-push-to-ghcr-io-from-github-actions/191761/3
Go to Package settings (to the right / bottom) of the package
And configure "Manage Actions access" section to allow the git repository in question write permissions on this package/docker repository - so making sure to also select "Write" when adding the repository.
For those interested, I managed to solve my issue although not quite sure how or more precisely which of the steps that I used, did help me solve the issue.
So basically, I first revoked my tokens and made a new one. Then I logged in to docker like this docker login -u USERNAME -p TOKEN ghcr.io while before I would use docker.pkg.github.com and then managed to push my docker image manually to GitHub Package Registry which then made the GitHub Action flow works as well, although I did change nothing there.
I hope that helps people who have the same issue.
Try adding login step to your job:
- name: Login to GitHub Container Registry
uses: docker/login-action#v1
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
I just wanted to add an alternative solution for people who are running into this error and finding this page from Google results.
If you've created a package previously from a forked repo, and then forked a different repo with the same package name, Github actions will fail like this. Go into your package settings and delete the package, and it should succeed again.
currently you precise your github token but not the secrets for DOCKERHUB_USERNAME and DOCKERHUB_TOKEN. You need define in your repositories a new secrets DOCKERHUB_USERNAME and DOCKERHUB_TOKEN as indicated in https://docs.github.com/en/actions/reference/encrypted-secrets.
You must also create a dockerhub token on dockerhub website portal.
You also need to add this sample code before build and push action.
name: Login to DockerHub
uses: docker/login-action#v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
guys!
I need you help to run docker-compose build on github action. I have a docker-compose file and I can't understand how to build and deploy it in correct way besides of just copying docker-compose by ssh and run scripts there.
There's docker/build-push-action#v2 but it's not working with docker-compose.yml.
This strongly depends where do you want to push your images. But for instance if you use Azure ACR you can use this action
on: [push]
name: AzureCLISample
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Azure Login
uses: azure/login#v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure CLI script
uses: azure/CLI#v1
with:
azcliversion: 2.0.72
inlineScript: |
az acr login --name <acrName>
docker-compose up
docker-compose push
And then just build and push your images. But this is an example. If you use ECR it would be similar I guess.
For DigitialOcean it would be like this:
steps:
- uses: actions/checkout#v2
- name: Build image
run: docker-compose up
- name: Install doctl # install the doctl on the runner
uses: digitalocean/action-doctl#v2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: push image to digitalocean
run: |
doctl registry login
docker-compose push
You can find more details about this here
For building images of my current project, I use the gradle task bootBuildImage. This task creates a OCI image using Cloud Native Buildpacks.
- name: Build image with Gradle
run: ./gradlew bootBuildImage
With the next step I'm trying to push this docker image to my private GitHub registry using build-push-action.
- name: Push image to Registry
uses: docker/build-push-action#v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
registry: docker.pkg.github.com
repository: sullrich84/wettkampfdb-backend
tags: latest
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
As I can tell from the logs, the problem with this step is that it seems to rely on a Dockerfile located in the workspaces root directory which does not exist.
unable to prepare context: unable to evaluate symlinks in Dockerfile path:
lstat /github/workspace/Dockerfile: no such file or directory
Is it possible to push the image created via bootBuildImage to my private GitHub registry without using/creating a dedicated Dockerfile?
If you are just looking for something to deal with docker push, you can just use the native docker command to do it.
Something like this.
- name: run docker push
run: |
#docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
#docker push $BUILD_TAG
#docker push $LATEST_TAG
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
The github-action you are using is not for pushing an image you define by repository and tag but rahter build and push https://github.com/docker/build-push-action#build-push-action
Builds and pushes Docker images and will log in to a Docker registry if required.
Specifically this is also related to https://github.com/docker/build-push-action/issues/17 - so just building without pushing is possible, not vice versa.
This github action does yet not allow just pushing.
This is for now very common for a lot of CI/CD solutions, where build and push are one task.
I use publishRegistry option of gradle bootBuildImage.
Set parameter in your build.gradle (below is gradle.kts)
tasks.bootBuildImage {
imageName = "${imageName}:${project.version}"
isPublish = true
docker {
publishRegistry {
url = dockerUrl
username = dockerUsername
password = dockerPassword
}
}
}
check this document
I have this code at .github/workflows/main.yaml
# .github/workflows/main.yaml
name: CI Workflow
on: [push]
jobs:
rspec-job:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
container:
image: I-stucked-here
volumes:
- /vendor/bundle
steps:
- code omitted for brevity
The main idea of this job is to run all steps in container mode. Not in Linux host mode.
Under the same repository, I have a public Docker image named ruby-rimy-2.6.3. Since it's not publicly hosted on DockerHub, I can't find a way to programmatically authenticate myself to GitHub Packages/Registry.
I did try with different syntax (see code below) but it didn't work.
# .github/workflows/main.yaml
name: CI Workflow
on: [push]
jobs:
rspec-job:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
container:
image: docker://docker.pkg.github.com/zulhfreelancer/rimy/ruby-rimy-2.6.3:latest
volumes:
- /vendor/bundle
steps:
- code omitted for brevity
From the docs, GitHub says the GITHUB_TOKEN is available when the job is running. How do I use this GITHUB_TOKEN environment variable to run something like docker login on top of that
container: section so that the job is able to pull the image?
Using GitHub Personal Token is not an option for me because that repository is just my experiment repository before applying the same thing to my GitHub organization. I don't want to put my personal token under my organization's repository environment variables/secrets — that will simply exposes my personal token to my co-workers.
You do not need to use the container instruction to run tests in a container.
The GitHub Actions host comes with docker and docker-compose installed. The way I do it, is have a docker-compose.yml in my repository, which includes a "service" that runs tests. Then, your workflow needs to do docker login and simply run the docker-compose run test command.
Note that the beauty of this approach, is that your tests are executed exactly the same on your own machine and on the CI machine. Same exact steps.
Something along these lines:
name: Test
on:
pull_request:
push: { branches: master }
jobs:
test:
name: Run test suite
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout#v2
- name: Docker login
run: echo ${GITHUB_TOKEN} | docker login -u ${GITHUB_ACTOR} --password-stdin docker.pkg.github.com
- name: Build docker images
run: docker-compose build
- name: Run tests
run: docker-compose run test
I am doing the same with DockerHub, with great ease and success.
Of course, if you do not want to use docker-compose, you can still use any normal docker run ... commands after you login properly in the login step.
I am not sure that docker login command will work as is, see these for a deeper discussion:
https://github.com/actions/starter-workflows/issues/66
https://github.community/t5/GitHub-Actions/Github-Actions-Docker-login/td-p/29852/page/2
I have a github repository, a docker repository and a Amazon ec2 instance. I am trying to create a CI/CD pipeline with these tools. The idea is to deploy a docker container to ec2 instance when a push happened to github repository master branch. I have used github actions to build the code, build docker image and push docker image to docker hub. Now I want to pull the latest image from docker hub to remote ec2 instance and run the same. For this I am trying to execute ansible command from github actions. But I need to specify .pem file as an argument to the ansible command. I tried to keep .pem file in github secretes, but it didn't work. I am really confused how to proceed with this.
Here is my github workflow file
name: helloworld_cicd
on:
push:
branches:
- master
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout#v1
- name: Go Build
run: go build
- name: Docker build
run: docker build -t helloworld .
- name: Docker login
run: docker login --username=${{ secrets.docker_username }} --password=${{ secrets.docker_password }}
- name: Docker tag
run: docker tag helloworld vijinvv/helloworld:latest
- name: Docker push
run: docker push vijinvv/helloworld:latest
I tried to run something like
ansible all -i '3.15.152.219,' --private-key ${{ secrets.ssh_key }} -m rest of the command
but that didn't work. What would be the best way to solve this issue
I'm guessing what you meant by "it didn't work" is that ansible expects the private key to be a file, whereas you are supplying a string.
This page on github actions shows how to use secret files on github actions. The equivalent for your case would be to do the following steps:
gpg --symmetric --cipher-algo AES256 my_private_key.pem
Choose a strong passphrase and save this passphrase as a secret in github secrets. Call it LARGE_SECRET_PASSPHRASE
Commit your encrypted my_private_key.pem.gpg in git
Create a step in your actions that decrypts this file. It could look something like:
- name: Decrypt Pem
run: gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output $HOME/secrets/my_private_key.pem my_private_key.pem.gpg
env:
LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
Finally you can run your ansible command with ansible all -i '3.15.152.219,' --private-key $HOME/secrets/my_private_key.pem
You can easily use webfactory/ssh-agent to add your ssh private key. You can see its documentation and add the following stage before running the ansible command.
# .github/workflows/my-workflow.yml
jobs:
my_job:
...
steps:
- actions/checkout#v2
# Make sure the #v0.5.2 matches the current version of the
# action
- uses: webfactory/ssh-agent#v0.5.2
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- ... other steps
SSH_PRIVATE_KEY must be the key that is registered in repository secrets. After that, run your ansible command without passing the private key file.