Github 工作流程:请求的资源访问被拒绝
[英]Github workflow: requested access to the resource is denied
问题描述
I am trying to use GitHub workflow to build an ASP.NET 6 project using Dockerfile then push the image to a private Azure Registry using docker. 
I am trying to use GitHub workflow to build an ASP.NET 6 project using Dockerfile then push the image to a private Azure Registry using docker.
Here is my .yml file这是我的.yml文件
name: Docker Image CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login To Azure Container Registr
uses: Azure/docker-login@v1
with:
login-server: ${{ secrets.ACR_HOST }}
username: ${{ secrets.ACR_USERNAME }}
password: ${{ secrets.ACR_PASSWWORD }}
- name: Build And Push Docker Images
uses: docker/build-push-action@v3.1.1
with:
push: true
file: ./Dockerfile
tags: companyname/projectname:${{ github.run_number }}
In the above, the Dockerfile is located in the root of my project's code.在上面, Dockerfile位于我项目代码的根目录中。
However, the the build runs I get the following error但是,构建运行我收到以下错误
Error: buildx failed with: error: denied: requested access to the resource is denied
In the Secrets > Action section in my repository settings, I added ACR_HOST , ACR_USERNAME and ACR_PASSWORD secrets.在我的存储库设置的Secrets > Action部分中,我添加了ACR_HOST 、 ACR_USERNAME和ACR_PASSWORD 。
When viewing the logs, this issue seems to happen after this line in the logs查看日志时,此问题似乎发生在日志中的此行之后
pushing companyname/projectname:2 with docker:
How can I solve this issue?我该如何解决这个问题?
UPDATED更新
I changed the .yml script to the following我将.yml脚本更改为以下内容
name: Docker Image CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login To Azure Container Registr
uses: Azure/docker-login@v1
with:
login-server: mycontainer.azurecr.io
username: "The admin username"
password: "The admin password"
- run: cat ${{ env.DOCKER_CONFIG }}/config.json
- name: Build And Push Docker Images
uses: docker/build-push-action@v3.1.1
with:
push: true
file: ./Dockerfile
tags: companyname/projectname:${{ github.run_number }}
The added step (ie, cat ${{ env.DOCKER_CONFIG }}/config.json ) displayed a json string that look like this添加的步骤(即cat ${{ env.DOCKER_CONFIG }}/config.json )显示了一个看起来像这样的 json 字符串
{"auths":{"mycontainer.azurecr.io":{"auth":"BASE64 string with the admin username:password as expected"}}}
The base64 string was formatted like this username:password base64 字符串的格式如下username:password
I am assuming that the step Azure/docker-login@v1 has no issue and stages the token for docker/build-push-action@v3.1.1 correctly.我假设步骤Azure/docker-login@v1没有问题并正确docker/build-push-action@v3.1.1的令牌。
If I set the push flag to false in the docker/build-push-action@v3.1.1 step, the workflow runs with no issue.如果我在docker/build-push-action@v3.1.1步骤中将push标志设置为 false,则工作流运行没有问题。 So from what I can tell, the issue is when the step docker/build-push-action@v3.1.1 tries to push the created image to the Azure registry.所以据我所知,问题是当步骤docker/build-push-action@v3.1.1尝试将创建的图像推送到 Azure 注册表时。
I use my local machine to login using the same credentials and all worked with no issue docker login mycontainer.azurecr.io我使用我的本地计算机使用相同的凭据docker login mycontainer.azurecr.io ,并且所有操作都没有问题
Additionally, the login request from my local machine is logged into Azure portal.此外,来自我本地计算机的登录请求已登录到 Azure 门户。 However, I do not see the request when I run the workflow.但是,我在运行工作流时看不到请求。
I think that main issue is that the step docker/build-push-action@v3.1.1 does not attempt to login before it pushes the image.我认为主要问题是步骤docker/build-push-action@v3.1.1在推送图像之前不会尝试登录。
1 个解决方案
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.