my deploy script is as follows:
- name: Log in to GitHub Packages
run: echo ${PERSONAL_ACCESS_TOKEN} | docker login ghcr.io -u ${{ secrets.NAMESPACE }} --password-stdin
env:
PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Build and deploy images on DigitalOcean
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
scp -o StrictHostKeyChecking=no -r ./.env ./docker-compose_prod.yml root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }}:/app
ssh -o StrictHostKeyChecking=no root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} << 'ENDSSH'
cd /app
source .env
docker login ghcr.io -u $NAMESPACE -p $PERSONAL_ACCESS_TOKEN
docker pull $WEB_IMAGE
docker pull $NGINX_IMAGE
docker-compose -f docker-compose.prod.yml up -d
ENDSSH
and the error that I get is
Pulling web (ghcr.io/***/testdriver_tutorial/web:ba673356fe8a9abcf25700b8a12619e414bbaf7c)... Head
UPDATE
I just did
docker login ghcr.io -u $NAMESPACE -p $PERSONAL_ACCESS_TOKEN
on the digital ocean droplet and it requests a password.How can I switch off this password authentication so it only uses
PERSONAL_ACCESS_TOKEN
?CodePudding user response:
The problem was not with docker pull, the problem was with the command executed before docker login which was
source .env
run: | scp -o StrictHostKeyChecking=no -r ./.env ./docker-compose.prod.yml root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }}:/app ssh -o StrictHostKeyChecking=no root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} << 'ENDSSH' cd /app source .env docker login ghcr.io -u $NAMESPACE -p $PERSONAL_ACCESS_TOKEN
There was a special character in the
source .env
- specifically in the Django Secret Key. The GitHub actions continued to the next step. I am not sure howunauthorized error
resulted, but fixing the syntax in source .env made it log in.