For building images of my current project, I use the gradle task bootBuildImage. This task creates a OCI image using Cloud Native Buildpacks.
- name: Build image with Gradle
run: ./gradlew bootBuildImage
With the next step I'm trying to push this docker image to my private GitHub registry using build-push-action.
- name: Push image to Registry
uses: docker/build-push-action#v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
registry: docker.pkg.github.com
repository: sullrich84/wettkampfdb-backend
tags: latest
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
As I can tell from the logs, the problem with this step is that it seems to rely on a Dockerfile located in the workspaces root directory which does not exist.
unable to prepare context: unable to evaluate symlinks in Dockerfile path:
lstat /github/workspace/Dockerfile: no such file or directory
Is it possible to push the image created via bootBuildImage to my private GitHub registry without using/creating a dedicated Dockerfile?
If you are just looking for something to deal with docker push, you can just use the native docker command to do it.
Something like this.
- name: run docker push
run: |
#docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
#docker push $BUILD_TAG
#docker push $LATEST_TAG
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
The github-action you are using is not for pushing an image you define by repository and tag but rahter build and push https://github.com/docker/build-push-action#build-push-action
Builds and pushes Docker images and will log in to a Docker registry if required.
Specifically this is also related to https://github.com/docker/build-push-action/issues/17 - so just building without pushing is possible, not vice versa.
This github action does yet not allow just pushing.
This is for now very common for a lot of CI/CD solutions, where build and push are one task.
I use publishRegistry option of gradle bootBuildImage.
Set parameter in your build.gradle (below is gradle.kts)
tasks.bootBuildImage {
imageName = "${imageName}:${project.version}"
isPublish = true
docker {
publishRegistry {
url = dockerUrl
username = dockerUsername
password = dockerPassword
}
}
}
check this document
Related
I am running the google-github-actions/deploy-cloudrun Action on Github, which fails when trying to push a docker image to Artifact Registry.
I authenticate through an identity pool
The docker image builds successfully
However, pushing the image to Google Artifact Registry fails with name invalid: Missing image name. Pushes should be of the form docker push HOST-NAME/PROJECT-ID/REPOSITORY/IMAGE
Github action YML
# Authenticate Docker to Google Cloud Artifact Registry
- name: Docker Auth
id: docker-auth
uses: 'docker/login-action#v1'
with:
username: 'oauth2accesstoken'
password: '${{ steps.auth.outputs.access_token }}'
registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev'
- name: Build and Push Container
run: |-
docker build -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}" .
docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}"
Log output
Successfully built 2edd636b95c7
Successfully tagged us-central1-docker.pkg.dev/[my-project]/github-actions:ecb28fdf92addae09fe6bd9e86033027b2850de3
The push refers to repository [us-central1-docker.pkg.dev/[my-project]/github-actions]
8189f048f482: Retrying in 5 seconds
... multiple retries ...
name invalid: Missing image name. Pushes should be of the form docker push HOST-NAME/PROJECT-ID/REPOSITORY/IMAGE
Error: Process completed with exit code 1.
I do have Artifact Registry enabled, and created repository with the path us-central1-docker.pkg.dev/[my-project]/github-actions
The IAM role has following permissions
Artifact Registry Administrator
Cloud Run Admin
Service Account User
I am out of ideas why to the authenticated docker it appears that the registry doesn't exist.
Turns out, the above notation is only specifying HOST-NAME/PROJECT-ID/REPOSITORY:tag but not /IMAGE
Replacing all occurrences by e.g. ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/website:${{ github.sha }} will use /website as the actual image name within the repository.
I'm very new with github actions, caprover and docker images so I might be asking very stupid questions, sorry if it is the case. I searched for a good amount of time and could not understand it by myself...
So, I'm trying to deploy to caprover a docker image built just before in my github action. Please see below my .yml file:
name: Docker Image CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- name: Build the Docker image
run: docker build . --file Dockerfile --tag my-image-name:latest
- name: Print image names
run: docker images -q my-image-name
- name: Deploy image
uses: floms/action-caprover#v1
with:
host: '${{ secrets.CAPROVER_SERVER }}'
password: '${{ secrets.CAPROVER_PASSWORD }}'
app: '${{ secrets.APP_NAME }}'
image: my-image-name:latest
The Build the Docker image step was successful, but the Deploy image one was not. The error message I got was:
Build started for ***
An explicit image name was provided (my-image-name:latest). Therefore, no build process is needed.
Pulling this image: my-image-name:latest This process might take a few minutes.
Build has failed!
----------------------
Deploy failed!
Error: (HTTP code 404) unexpected - pull access denied for my-image-name, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Based on the error message, I believe I do not give the correct image name to the floms/action-caprover#v1 action. It is why I created step 2 Print image names to try and understand better what is the real name of the image created. I tried several solutions for the field name image, but all resulted in an error...
Thanks for the all the help you could provide!
To make sure your CapRover instance is able to pull the image from your github docker registry, it needs to be registered on your CapRover instance.
TLDR: I don't see a publish step (for your docker image) in your GitHub Actions configuration. If you want to use the image name to push it to CapRover you will need to publish it to a registry, whether it is GitHub's Container Registry, Nexus registry, or any other registry.
To do that in your CapRover instance, you need to go into Cluster > Docker Registry Configuration > Add Remote Registry. Then you will proceed to enter the configuration for your GitHub Container Registry. Typically you will need a Personal Access Token to allow CapRover to communicate with GitHub instead of using your password.
Docker Registry Configuration
Remote Registry Configuration
Docker Registry Configuration - Remote Registry Configured
Thanks Yoel Nunez for pointing I should deploy to the registry before trying to publish to caprover.
I followed the doc on github and finally managed to publish to caprover using a github action. Below is the .yml file that worked perfectly.
name: Publish to caprover
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout#v3
- name: Log in to the Container registry
uses: docker/login-action#v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.PAT }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push
uses: docker/build-push-action#v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Deploy image
uses: floms/action-caprover#v1
with:
host: '${{ secrets.CAPROVER_SERVER }}'
password: '${{ secrets.CAPROVER_PASSWORD }}'
app: '${{ secrets.APP_NAME }}'
image: ${{ steps.meta.outputs.tags }}
I am currently trying to run a docker GitHub Action which builds and pushes a docker image to the GitHub Packages but I am receiving an error which I have never seen. For some reason it fails to push the docker image because write_permission is denied but I have a token allowing me to write so I don't understand what the problem is.
This is my action file:
name: Docker Image CI
on:
workflow_dispatch:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 16
uses: actions/setup-java#v1
with:
java-version: 16
- name: Build with Maven
run: mvn -f ACS/pom.xml clean install dependency:copy-dependencies
- name: Login to GitHub Package Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${{ github.repository }} --password-stdin
- name: Build the Docker image
run: docker build -t image:latest .
- name: Tag the Docker image
run: docker tag image:latest docker.pkg.github.com/organization/repository/image:latest
- name: Push the Docker image to the registry
run: docker push docker.pkg.github.com/organization/repository/image:latest
This is my error:
Run docker push docker.pkg.github.com/organization/repository/image:latest
The push refers to repository
[docker.pkg.github.com/organization/repository/image]
f0eaf014e806: Preparing 7d0bad636b3f: Preparing aa0870e7c621:
Preparing 36d2f9f005e6: Preparing 22bb3686ee25: Preparing
05e198868a20: Preparing b5cea4a3dd43: Preparing 93c7a8a0e1f4:
Preparing 7f4b55b885b0: Preparing 05e198868a20: Waiting b5cea4a3dd43:
Waiting 93c7a8a0e1f4: Waiting 7f4b55b885b0: Waiting denied:
permission_denied: write_package
I was facing the same issue. To resolve this
Go to USER/ORG home page and click on Packages tab
Click on the package for which you are getting the permission_denied error
On the bottom of right sidebar click on Package settings option
On the Manage Actions access change the package role to write
Done. Now rerun the the action and you will find the problem is resolved.
The solution presented did not work for me, I had to add my repository to the package settings as documented in the issue https://github.community/t/unable-to-push-to-ghcr-io-from-github-actions/191761/3
Go to Package settings (to the right / bottom) of the package
And configure "Manage Actions access" section to allow the git repository in question write permissions on this package/docker repository - so making sure to also select "Write" when adding the repository.
For those interested, I managed to solve my issue although not quite sure how or more precisely which of the steps that I used, did help me solve the issue.
So basically, I first revoked my tokens and made a new one. Then I logged in to docker like this docker login -u USERNAME -p TOKEN ghcr.io while before I would use docker.pkg.github.com and then managed to push my docker image manually to GitHub Package Registry which then made the GitHub Action flow works as well, although I did change nothing there.
I hope that helps people who have the same issue.
Try adding login step to your job:
- name: Login to GitHub Container Registry
uses: docker/login-action#v1
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
I just wanted to add an alternative solution for people who are running into this error and finding this page from Google results.
If you've created a package previously from a forked repo, and then forked a different repo with the same package name, Github actions will fail like this. Go into your package settings and delete the package, and it should succeed again.
currently you precise your github token but not the secrets for DOCKERHUB_USERNAME and DOCKERHUB_TOKEN. You need define in your repositories a new secrets DOCKERHUB_USERNAME and DOCKERHUB_TOKEN as indicated in https://docs.github.com/en/actions/reference/encrypted-secrets.
You must also create a dockerhub token on dockerhub website portal.
You also need to add this sample code before build and push action.
name: Login to DockerHub
uses: docker/login-action#v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
guys!
I need you help to run docker-compose build on github action. I have a docker-compose file and I can't understand how to build and deploy it in correct way besides of just copying docker-compose by ssh and run scripts there.
There's docker/build-push-action#v2 but it's not working with docker-compose.yml.
This strongly depends where do you want to push your images. But for instance if you use Azure ACR you can use this action
on: [push]
name: AzureCLISample
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Azure Login
uses: azure/login#v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure CLI script
uses: azure/CLI#v1
with:
azcliversion: 2.0.72
inlineScript: |
az acr login --name <acrName>
docker-compose up
docker-compose push
And then just build and push your images. But this is an example. If you use ECR it would be similar I guess.
For DigitialOcean it would be like this:
steps:
- uses: actions/checkout#v2
- name: Build image
run: docker-compose up
- name: Install doctl # install the doctl on the runner
uses: digitalocean/action-doctl#v2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: push image to digitalocean
run: |
doctl registry login
docker-compose push
You can find more details about this here
Here is my workflow file:
name: Integration
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: run docker-build with tag
run: ./docker-build sudipbhandari/springboot-docker-app:$GITHUB_SHA
- name: list docker images
run: docker image ls
- name: Docker Login
uses: Azure/docker-login#v1
with:
login-server: 'docker.io'
username: '{{secrets.DOCKER_HUB_USERNAME}}'
password: '{{secrets.DOCKER_HUB_PASSWORD}}'
- name : docker push
run: docker push sudipbhandari/springboot-docker-app:$GITHUB_SHA
- name: clean up
run: rm ~/.docker/config.json
Image:
***/springboot-docker-app 8d0caac294f0e414b88cfe6cc433995ef7ca2f25
Docker push output:
Run docker push ***/springboot-docker-app:$GITHUB_SHA
[6](https://github.com/sudipbhandari126/springboot-docker-app/runs/477583287#step:6:6)The push refers to repository [docker.io/***/springboot-docker-app]
[7](https://github.com/sudipbhandari126/springboot-docker-app/runs/477583287#step:6:7)945b12e86d4e: Preparing
[8](https://github.com/sudipbhandari126/springboot-docker-app/runs/477583287#step:6:8)fff0debc90b1: Preparing
[9](https://github.com/sudipbhandari126/springboot-docker-app/runs/477583287#step:6:9)ceaf9e1ebef5: Preparing
[10](https://github.com/sudipbhandari126/springboot-docker-app/runs/477583287#step:6:10)9b9b7f3d56a0: Preparing
[11](https://github.com/sudipbhandari126/springboot-docker-app/runs/477583287#step:6:11)f1b5933fe4b5: Preparing
[12](https://github.com/sudipbhandari126/springboot-docker-app/runs/477583287#step:6:12)denied: requested access to the resource is denied
Image is properly tagged (username/imagename:tag)
Docker login is successful to registry (docker.io)
Still I am gettting permission denied.
I locally built and tried to push the image and it works just fine.
docker push sudipbhandari/springboot-docker-app:a
The push refers to repository [docker.io/sudipbhandari/springboot-docker-app]
f2f6c53c3c45: Layer already exists
9ff7271739b8: Layer already exists
ceaf9e1ebef5: Layer already exists
9b9b7f3d56a0: Layer already exists
f1b5933fe4b5: Layer already exists
a: digest: sha256:ecf90929be9690c052bcc457edd5bb12cbe231029b63536d94e0e86cd845b983 size: 1366
First, in GitHub go to Setting>Secrets and add two repository secrets for DOCKER_USERNAME and DOCKER_PASSWORD. Then try this:
- run:
echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
env:
$DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
$DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}