build-push-action: insufficient_scope: authorization failed
Behaviour
Steps to reproduce this issue
- Set up QEMU
- Set up Docker Buildx
- Login to DockerHub
- Build and push
Expected behaviour
Publish image to docker hub
Actual behaviour
ERROR: server message: insufficient_scope: authorization failed
Configuration
https://github.com/AntonioFalcao/Dotnet5.GraphQL3.WebApplication https://hub.docker.com/repository/docker/antoniofalcaojr/dotnet5-graphql3-webapi
name: Push API Image
on:
push:
branches: master
workflow_dispatch:
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
file: ./src/Dotnet5.GraphQL3.Store.WebAPI/Dockerfile
push: true
tags: antoniofalcaojf/dotnet5-graphql3-webapi:latest
-
name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
Command produced
/usr/bin/docker buildx build --tag antoniofalcaojf/dotnet5-graphql3-webapi:latest --iidfile /tmp/docker-build-push-lDmUS3/iidfile --secret id=GIT_AUTH_TOKEN,src=/tmp/docker-build-push-lDmUS3/tmp-3384-twk4xwQeuxwk --file ./src/Dotnet5.GraphQL3.Store.WebAPI/Dockerfile --push https://github.com/AntonioFalcao/Dotnet5.GraphQL3.WebApplication.git#heads/release
Logs
#33 exporting to image
#33 exporting layers
#33 exporting layers 2.4s done
#33 exporting manifest sha256:3c6a2a955932783e726461031bee8657c2ec7f2b2f239c110ba44ae58effef69 done
#33 exporting config sha256:6d39eefff02cee7c50511f16bd824957f3ef082ed60324850954a5aa3b13a5ee done
#33 pushing layers
#33 pushing layers 0.2s done
#33 ERROR: server message: insufficient_scope: authorization failed
------
> exporting to image:
------
failed to solve: rpc error: code = Unknown desc = server message: insufficient_scope: authorization failed
Error: The process '/usr/bin/docker' failed with exit code 1
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 17
- Comments: 16 (3 by maintainers)
Commits related to this issue
- updated the tag https://github.com/docker/build-push-action/issues/160 — committed to lskatz/SneakerNet by lskatz 4 years ago
- Fix docker build action See https://github.com/docker/build-push-action/issues/160 — committed to JanWichelmann/ctf4e by JanWichelmann 4 years ago
- Docker multistage (#48) * testing docker from github * minor fix to travis-ci * changed branch to $TRAVIS_BRANCH * adding env variables * adding env variables * double checking that tr... — committed to lskatz/SneakerNet by lskatz 4 years ago
- fix: fixed docker build push context bug https://github.com/docker/build-push-action/issues/160 — committed to rfizzle/log-collector by rfizzle 4 years ago
- Add context according to https://github.com/docker/build-push-action/issues/160 — committed to haraldkubota/hackathon-starter by haraldkubota 3 years ago
- try fix from https://github.com/docker/build-push-action/issues/160 — committed to Axual/ksml by deleted user 2 years ago
- fix: insufficient_scope: authorization failed https://github.com/docker/build-push-action/issues/160 — committed to oppara/go-cve-dictionary by oppara 2 years ago
- fix: insufficient_scope: authorization failed https://github.com/docker/build-push-action/issues/160 — committed to oppara/go-cve-dictionary by oppara 2 years ago
- Fix tags Recommended by https://github.com/docker/build-push-action/issues/160 — committed to jwokaty/cunybios2 by jwokaty 2 years ago
- Update release-tag.yml Trying to make dockerhub publishing work with inspiration from this example: https://docs.docker.com/build/ci/github-actions/multi-platform/ * Set `with.context: .` * bump ... — committed to backstage/techdocs-container by agentbellnorm a year ago
hello, if anybody else gets stuck on this like i did, here’s what i did to solve it
i had to fix my
tagssetting:where
${{ env.REGISTRY }}is equivalent withghcr.io(the github packages registry)${{ github.repository }}is equivalent withchase-moskal/xiome(my github name and private repo’s name)serveris the name i decided for my docker image, since my repo is pushing multiple different images${{ github.sha }}is simply the commit id, which i’m using to identify my staging images (i plan to use git v tags for real production releases)ghcr.io/chase-moskal/xiome/server:69aa49cd2994f2063f908dd8868f1aa4da2385bddfbc0e069534a7fa5865cb08this fixed the issue in my case, particularly adding the
ghcr.io/prefixOMG! So sorry about that! It’s working now. Thanks!
Strangely enough, I was getting this error because of a mismatch between the name given to a build stage and the name used in a COPY --from=… instruction. I fortunately stumbled on this answer, which got me looking at the FROM and COPY instructions in my Dockerfile.
I feel like incongruencies between build stage names in FROM and COPY instructions could probably be caught by syntax validation before cascading, somehow, to an auth failure.
Hope this helps somebody, I spent way too much time on this snafu.
For me the problem was that I had to login in Docker on the command line:
docker login --username=<username>I had this too, make sure myuser is set to you real docker username; that’s what caused my Action to fail!
@AntonioFalcao So it’s a typo in your workflow:
antoniofalcaojf/dotnet5-graphql3-webapi!=antoniofalcaojr/dotnet5-graphql3-webapiYes adding
context: .fix the problem.@AntonioFalcao Looks like the same issue as #162 when Git context is used. Can you use the Path context while waiting for a fix?: