-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
race condition for logout: true #173
Comments
@hholst80 Can you give a link to your repo or post your workflow please? Thanks. |
We have several workers running on the same docker machine. The credential store is shared between the runners. - name: Login build and test machine to myreg.azurecr.io
uses: docker/login-action@v1
with:
registry: myreg.azurecr.io
username: myreg
password: ${{ secrets.AZURECR_PASSWORD }}
# logout: true # default is true
- name: build stuff # this can fail due to race condition from concurrent build & push job
run: docker-compose build --pull
- name: push it # and so can this fail for the same reason
run: docker-compose push |
I researched this a bit and it seems that the only portable way to deal with credentials with Docker is to write those to a credentials store in the current users home directory. The login and log-out needs to be coordinated carefully to avoid a race condition due to the shared state. The only possible way to avoid the race condition would be to create a throwaway context in docker. Be aware that many tools will not honor this unless they use a recent version of a client SDK or use the docker cli directly. |
Yes if you're using a self-hosted runner, you're sharing the same configuration. - name: Login build and test machine to myreg.azurecr.io
uses: docker/login-action@v1
with:
registry: myreg.azurecr.io
username: myreg
password: ${{ secrets.AZURECR_PASSWORD }}
logout: false If you still want to - name: Set DOCKER_CONFIG
run: |
mkdir -p $HOME/${{ env.GITHUB_RUN_ID }}/.docker
echo "DOCKER_CONFIG=$HOME/${{ env.GITHUB_RUN_ID }}/.docker" >> $GITHUB_ENV
- name: Login build and test machine to myreg.azurecr.io
uses: docker/login-action@v1
with:
registry: myreg.azurecr.io
username: myreg
password: ${{ secrets.AZURECR_PASSWORD }} You might also need to prune |
This seems to be a case of the following: docker/login-action#173
There is an obvious race condition if
logout: true
is used.One job runs concurrently with another and the second job logsout after the first job finished logging in.
What I would like to do is to run an explicit
docker/logout
action to remove any credentials as part of an explicit cleanup.The text was updated successfully, but these errors were encountered: