Question 81935 in Docker Question posted in
The official documentation can be found here.

Github action: docker/build-push-action@v2 set network=host

We use to build our projects using Github Actions and Docker. As you can imagine, on each push of our dev teams, a well-defined pipeline take the changes, build the new image and push it into the registry. In a couple of days the pipeline start to throw "bizarre" errors about connection issues. Just re-run the whole pipeline fixes it temporarily. Today, the pipeline has reached the point of no return. Every build got stucked on the same docker build step:

RUN apt/apk/yum update

…and the output is something like that:

Github action screenshot

Now, I managed to find the solution to this problem in this github issue thread. As suggested to several users, I tried to run docker build -t <image_name> --network=host . on a simple Dockerfile (which contains an alpine image running apk update command).

Everything works like a charm. Now I have to apply this fix to the github action pipeline.

First of all, let’s take a look to the docker build phase, defined into the pipeline (for security reasons, I masked some part of the Dockfile):

  - name: Build and push
    uses: docker/build-push-action@v2
    with:
      context: .
      push: true
      file: Dockerfile
      tags: |
        <image>
      build-args: |
        <args>
      cache-from: type=registry,ref=<image_cache>
      cache-to: type=registry,ref=<image_cache>

Looking to the official documentation of docker/build-push-action@v2, we are allowed to define the network configuration during the build, simply adding

network: host

in with: customizations.

Following the official documentation of Docker, regarding network param, quote:

The use of –network=host is protected by the network.host
entitlement, which needs to be enabled when starting the buildkitd
daemon with –allow-insecure-entitlement network.host flag or in
buildkitd config, and for a build request with –allow network.host
flag.

So, combining both the documentation, I thought the right way to define the network param is something like that:

  - name: Build and push
    uses: docker/build-push-action@v2
    with:
      context: .
      push: true
      allow: network.host,security.insecure #NEW
      network: host #NEW
      file: Dockerfile
      tags: |
        <image>
      build-args: |
        <args>
      cache-from: type=registry,ref=<image_cache>
      cache-to: type=registry,ref=<image_cache>

but it doesn’t work. Same situation, stucked on apk/apt upgrade for ages.

So I’m here to ask to you how to correctly configure docker/build-push-action@v2 stage in order to define the param network=host and overcome the connection issues.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Based on @user19972112 solution, I figured out how to overcome this issue.

    Into the docker/setup-buildx-action@v1 step, I added two properties:

          buildkitd-flags: '--allow-insecure-entitlement network.host'
      driver-opts: network=host

    Then, into docker/build-push-action@v2 step, you have to allow and specify network equal to host:

          allow: network.host
      network: host

    So, the result will be:

    [...]

 - name: Set up Docker Buildx
    id: buildx
    uses: docker/setup-buildx-action@v1
    with:
      version: latest
      endpoint: builders
      buildkitd-flags: '--allow-insecure-entitlement network.host'
      driver-opts: network=host
 
[...]

 - name: Build and push
    uses: docker/build-push-action@v2
    with:
      context: .
      push: true
      allow: network.host
      network: host
      file: ./docker/.dockerfile
[...]

  2. 0 
          - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: |
            network=host
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search