Home > Software engineering >  Pulling web (ghcr.io/***/: unauthorized - Docker and Github actions
Pulling web (ghcr.io/***/: unauthorized - Docker and Github actions

Time:10-16

my deploy script is as follows:

  - name: Log in to GitHub Packages
    run: echo ${PERSONAL_ACCESS_TOKEN} | docker login ghcr.io -u ${{ secrets.NAMESPACE }} --password-stdin
    env:
      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

  - name: Build and deploy images on DigitalOcean
    env:
      SSH_AUTH_SOCK: /tmp/ssh_agent.sock
    run: |
      scp  -o StrictHostKeyChecking=no -r ./.env ./docker-compose_prod.yml root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }}:/app
      ssh -o StrictHostKeyChecking=no root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} << 'ENDSSH'
        cd /app
        source .env
        docker login ghcr.io -u $NAMESPACE -p $PERSONAL_ACCESS_TOKEN
        docker pull $WEB_IMAGE
        docker pull $NGINX_IMAGE
        docker-compose -f docker-compose.prod.yml up -d
      ENDSSH

and the error that I get is

Pulling web (ghcr.io/***/testdriver_tutorial/web:ba673356fe8a9abcf25700b8a12619e414bbaf7c)... Head enter image description here

UPDATE

I just did docker login ghcr.io -u $NAMESPACE -p $PERSONAL_ACCESS_TOKEN on the digital ocean droplet and it requests a password.

How can I switch off this password authentication so it only uses PERSONAL_ACCESS_TOKEN ?

CodePudding user response:

The problem was not with docker pull, the problem was with the command executed before docker login which was source .env

        run: |
          scp  -o StrictHostKeyChecking=no -r ./.env ./docker-compose.prod.yml root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }}:/app
          ssh -o StrictHostKeyChecking=no root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} << 'ENDSSH'
            cd /app
            source .env
            docker login ghcr.io -u $NAMESPACE -p $PERSONAL_ACCESS_TOKEN

There was a special character in the source .env - specifically in the Django Secret Key. The GitHub actions continued to the next step. I am not sure how unauthorized error resulted, but fixing the syntax in source .env made it log in.

  • Related