[英]Github workflow: requested access to the resource is denied
I am trying to use GitHub workflow to build an ASP.NET 6 project using Dockerfile
then push the image to a private Azure Registry using docker. I am trying to use GitHub workflow to build an ASP.NET 6 project using Dockerfile
then push the image to a private Azure Registry using docker.
Here is my .yml
file这是我的.yml
文件
name: Docker Image CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login To Azure Container Registr
uses: Azure/docker-login@v1
with:
login-server: ${{ secrets.ACR_HOST }}
username: ${{ secrets.ACR_USERNAME }}
password: ${{ secrets.ACR_PASSWWORD }}
- name: Build And Push Docker Images
uses: docker/build-push-action@v3.1.1
with:
push: true
file: ./Dockerfile
tags: companyname/projectname:${{ github.run_number }}
In the above, the Dockerfile
is located in the root of my project's code.在上面, Dockerfile
位于我项目代码的根目录中。
However, the the build runs I get the following error但是,构建运行我收到以下错误
Error: buildx failed with: error: denied: requested access to the resource is denied错误: buildx 失败:错误:拒绝:请求的资源访问被拒绝
In the Secrets > Action
section in my repository settings, I added ACR_HOST
, ACR_USERNAME
and ACR_PASSWORD
secrets.在我的存储库设置的Secrets > Action
部分中,我添加了ACR_HOST
、 ACR_USERNAME
和ACR_PASSWORD
。
When viewing the logs, this issue seems to happen after this line in the logs查看日志时,此问题似乎发生在日志中的此行之后
pushing companyname/projectname:2 with docker:
How can I solve this issue?我该如何解决这个问题?
UPDATED更新
I changed the .yml
script to the following我将.yml
脚本更改为以下内容
name: Docker Image CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login To Azure Container Registr
uses: Azure/docker-login@v1
with:
login-server: mycontainer.azurecr.io
username: "The admin username"
password: "The admin password"
- run: cat ${{ env.DOCKER_CONFIG }}/config.json
- name: Build And Push Docker Images
uses: docker/build-push-action@v3.1.1
with:
push: true
file: ./Dockerfile
tags: companyname/projectname:${{ github.run_number }}
The added step (ie, cat ${{ env.DOCKER_CONFIG }}/config.json
) displayed a json string that look like this添加的步骤(即cat ${{ env.DOCKER_CONFIG }}/config.json
)显示了一个看起来像这样的 json 字符串
{"auths":{"mycontainer.azurecr.io":{"auth":"BASE64 string with the admin username:password as expected"}}}
The base64 string was formatted like this username:password
base64 字符串的格式如下username:password
I am assuming that the step Azure/docker-login@v1
has no issue and stages the token for docker/build-push-action@v3.1.1
correctly.我假设步骤Azure/docker-login@v1
没有问题并正确docker/build-push-action@v3.1.1
的令牌。
If I set the push
flag to false in the docker/build-push-action@v3.1.1
step, the workflow runs with no issue.如果我在docker/build-push-action@v3.1.1
步骤中将push
标志设置为 false,则工作流运行没有问题。 So from what I can tell, the issue is when the step docker/build-push-action@v3.1.1
tries to push the created image to the Azure registry.所以据我所知,问题是当步骤docker/build-push-action@v3.1.1
尝试将创建的图像推送到 Azure 注册表时。
I use my local machine to login using the same credentials and all worked with no issue docker login mycontainer.azurecr.io
我使用我的本地计算机使用相同的凭据docker login mycontainer.azurecr.io
,并且所有操作都没有问题
Additionally, the login request from my local machine is logged into Azure portal.此外,来自我本地计算机的登录请求已登录到 Azure 门户。 However, I do not see the request when I run the workflow.但是,我在运行工作流时看不到请求。
I think that main issue is that the step docker/build-push-action@v3.1.1
does not attempt to login before it pushes the image.我认为主要问题是步骤docker/build-push-action@v3.1.1
在推送图像之前不会尝试登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.