25

I am currently trying to run a docker GitHub Action which builds and pushes a docker image to the GitHub Packages but I am receiving an error which I have never seen. For some reason it fails to push the docker image because write_permission is denied but I have a token allowing me to write so I don't understand what the problem is.

This is my action file:

name: Docker Image CI

on:
  workflow_dispatch:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 16
      uses: actions/setup-java@v1
      with:
        java-version: 16
    - name: Build with Maven
      run: mvn -f ACS/pom.xml clean install dependency:copy-dependencies
    - name: Login to GitHub Package Registry
      run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${{ github.repository }} --password-stdin
    - name: Build the Docker image
      run: docker build -t image:latest .
    - name: Tag the Docker image
      run: docker tag image:latest docker.pkg.github.com/organization/repository/image:latest
    - name: Push the Docker image to the registry
      run:  docker push docker.pkg.github.com/organization/repository/image:latest

This is my error:

Run docker push docker.pkg.github.com/organization/repository/image:latest The push refers to repository [docker.pkg.github.com/organization/repository/image] f0eaf014e806: Preparing 7d0bad636b3f: Preparing aa0870e7c621: Preparing 36d2f9f005e6: Preparing 22bb3686ee25: Preparing 05e198868a20: Preparing b5cea4a3dd43: Preparing 93c7a8a0e1f4: Preparing 7f4b55b885b0: Preparing 05e198868a20: Waiting b5cea4a3dd43: Waiting 93c7a8a0e1f4: Waiting 7f4b55b885b0: Waiting denied: permission_denied: write_package

Angel Hadzhiev
  • 664
  • 2
  • 6
  • 20
  • See https://stackoverflow.com/a/71193319/180258 - it makes a difference if the first image is pushed locally with PAT, or from workflow with GITHUB_TOKEN. – ron Feb 20 '22 at 10:08

6 Answers6

42

I was facing the same issue. To resolve this

  • Go to USER/ORG home page and click on Packages tab

  • Click on the package for which you are getting the permission_denied error

  • On the bottom of right sidebar click on Package settings option enter image description here

  • On the Manage Actions access change the package role to write enter image description here

  • Done. Now rerun the the action and you will find the problem is resolved.

Vivek
  • 11,938
  • 19
  • 92
  • 127
  • 1
    Thank you! I've been struggling with this for three straight days. My issue was with a npm package initially published from my machine to npm.pkg.github.com, with a PAT. Subsequent workflow runs just threw 403 errors on publish. Had no idea we could control access to individual packages. – nilsel Oct 18 '22 at 15:03
14

The solution presented did not work for me, I had to add my repository to the package settings as documented in the issue https://github.community/t/unable-to-push-to-ghcr-io-from-github-actions/191761/3

Go to Package settings (to the right / bottom) of the package

And configure "Manage Actions access" section to allow the git repository in question write permissions on this package/docker repository - so making sure to also select "Write" when adding the repository.

saranicole
  • 2,093
  • 1
  • 23
  • 23
  • You may not have access and then you will not see the original package on the list. In this case make sure asking administrator for correct permissions. – Krzysztof Madej Aug 23 '22 at 10:56
3

For those interested, I managed to solve my issue although not quite sure how or more precisely which of the steps that I used, did help me solve the issue.

So basically, I first revoked my tokens and made a new one. Then I logged in to docker like this docker login -u USERNAME -p TOKEN ghcr.io while before I would use docker.pkg.github.com and then managed to push my docker image manually to GitHub Package Registry which then made the GitHub Action flow works as well, although I did change nothing there.

I hope that helps people who have the same issue.

Angel Hadzhiev
  • 664
  • 2
  • 6
  • 20
2

I just wanted to add an alternative solution for people who are running into this error and finding this page from Google results.

If you've created a package previously from a forked repo, and then forked a different repo with the same package name, Github actions will fail like this. Go into your package settings and delete the package, and it should succeed again.

user20890848
  • 21
  • 1
1

Try adding login step to your job:

- name: Login to GitHub Container Registry
  uses: docker/login-action@v1
  with:
    registry: ghcr.io
    username: ${{github.actor}}
    password: ${{secrets.GITHUB_TOKEN}}
demisx
  • 7,217
  • 4
  • 45
  • 43
-3

currently you precise your github token but not the secrets for DOCKERHUB_USERNAME and DOCKERHUB_TOKEN. You need define in your repositories a new secrets DOCKERHUB_USERNAME and DOCKERHUB_TOKEN as indicated in https://docs.github.com/en/actions/reference/encrypted-secrets.

You must also create a dockerhub token on dockerhub website portal.

You also need to add this sample code before build and push action.

        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
Dharman
  • 30,962
  • 25
  • 85
  • 135
solidsnaakke
  • 1
  • 1