Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

org外のコントリビューターによるPR時に "Build container image" のWorkflowが失敗している #1152

Open
shibafu528 opened this issue Jan 4, 2024 · 1 comment
Open

org外のコントリビューターによるPR時に "Build container image" のWorkflowが失敗している #1152

shibafu528 opened this issue Jan 4, 2024 · 1 comment

Comments

@shibafu528
Copy link
Member

shibafu528 commented Jan 4, 2024
edited
Loading

付与されるGITHUB_TOKENにwrite権限がなくて、Container Repositoryにpushできないっぽそう。

セキュリティ的にはこの制限は妥当だと思うので、orgメンバーが必要に応じて (workflow_dispatchなどで) PRを指定してイメージビルドを起動できればそれで十分かもしれない。

CIログ

#18 exporting to image
#18 exporting layers
#18 exporting layers 24.2s done
#18 exporting manifest sha256:8a0272c41154e1a77f1fd274c351e655b92884ed963cf493f06589654efa2a58 done
#18 exporting config sha256:65e056e580e7442d28faa2aca566f78c8fc9fcc4e9256eb189842de26687468d done
#18 exporting attestation manifest sha256:7f5df5b5666e72eedc1f2def8121ceb1c81c27440f4a366778329cc09446d74a done
#18 exporting manifest list sha256:917e0ec54d319d52fef3e8d545b665c2c03ba168032856f8bc080c734d57c4a6 done
#18 pushing layers
#18 ...

#19 [auth] shikorism/tissue-foundation:pull,push token for ghcr.io
#19 DONE 0.0s

#18 exporting to image
#18 pushing layers 0.5s done
#18 ERROR: failed to push ghcr.io/shikorism/tissue-foundation:pr-1151: unexpected status from POST request to https://ghcr.io/v2/shikorism/tissue-foundation/blobs/uploads/: 403 Forbidden
------
 > exporting to image:
------
ERROR: failed to solve: failed to push ghcr.io/shikorism/tissue-foundation:pr-1151: unexpected status from POST request to https://ghcr.io/v2/shikorism/tissue-foundation/blobs/uploads/: 403 Forbidden
Error: buildx failed with: ERROR: failed to solve: failed to push ghcr.io/shikorism/tissue-foundation:pr-1151: unexpected status from POST request to https://ghcr.io/v2/shikorism/tissue-foundation/blobs/uploads/: 403 Forbidden
@shibafu528 shibafu528 mentioned this issue Jan 13, 2024
Merged
@shibafu528
Copy link
Member Author

on.pull_request での実行をやめてみた。必要な時に手動でトリガーしてみる。

誰かorganizationのwrite権限がない人がPR立てた時に試す。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shibafu528