name: CI/CD Docker
on:
push:
branches: [main]
env:
DOCKER_IMAGE: ghcr.io/${{ github.actor }}/github-actions-auto
VERSION: ${{ github.sha }}
NAME: go_cicd
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
# github repository에서 checkout
- uses: actions/checkout@v2
- name: Set up docker buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Cache docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ env.VERSION }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to ghcr
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
push: true
tags: ${{ env.DOCKER_IMAGE }}:latest
deploy:
needs: build
name: Deploy
runs-on: [self-hosted, label-go]
steps:
- name: Login to ghcr
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Docker run
run: |
docker stop ${{ env.NAME }} && docker rm ${{ env.NAME }} && docker rmi ${{ env.DOCKER_IMAGE }}:latest
docker run -d -p 8080:80 --name go_cicd --restart always ${{ env.DOCKER_IMAGE }}:latest
This is our Dockerfile. If I push code to main branch, this CI/CD pipeline works well. But my partner push code to main branch, it makes 403 forbidden error. I don’t know how to solve this problem… How to solve this error?
This is error message in github actions.
6
Answers
Follow these steps to fix this issue.
https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions
Adding the below permissions to the build job fixed this issue for me. I am not sure it will work for anyone, but this question was the first I found when looking for a solution. Hopefully it can help future people:
This was taken from this answer: https://stackoverflow.com/a/71438011/14387852
For anyone stumbling upon this in future, here’s what you need to make the pre-built github actions to push docker image to azure web app work,
You need to add the content given below the permissions part.
Reference: https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#publishing-a-package-using-an-action
In my case, it was fixed by adding a driver and install properties.
To make this work for me, I had to allow the repository to write to the package. You would do that in this link:
https://github.com/users/${username}/packages/container/#{repo}/settings
And there should be a section there "Manage Actions access", where you can add the repository
Had the same problem, here’s what fixed:
It’s a combination of @keipala’s answer, and this answer.
Also note: if permissions are an issue, for testing purposes, you can add
as found here to allow full access, then par back scopes when you know it’s working.