Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doesn't work with Docker Hub access tokens #10

Closed
gotson opened this issue Feb 17, 2020 · 32 comments
Closed

Doesn't work with Docker Hub access tokens #10

gotson opened this issue Feb 17, 2020 · 32 comments

Comments

@gotson
Copy link

gotson commented Feb 17, 2020

Hello,

i tried using this with the recently introduced DockerHub access tokens, but it doesn't work. I swapped my credentials for my own Docker Hub and it works again.

If i check the Docker Hub access tokens page, i see that the access token was never used.

When using the access token i get an error 403 on the PATCH request.

@peter-evans
Copy link
Owner

Yes, unfortunately, DockerHub don't support access tokens for this API at the moment. There is a note about this in the readme.

Note: Docker Hub Personal Access Tokens cannot be used as they are not supported by the API. See here and here for further details. Unfortunately, this means that enabling the new 2FA feature on Docker Hub will prevent the action from working.

https://github.com/peter-evans/dockerhub-description/blob/master/README.md#required-environment-variables

@gotson
Copy link
Author

gotson commented Feb 17, 2020

My bad, i didn't read the documentation since they introduced the access tokens. Thanks!

@peter-evans
Copy link
Owner

peter-evans commented Feb 17, 2020

No worries. I hope they open up the API for use with tokens at some point!

@cooperlees
Copy link

O damn, I've hit this. Has anyone found somewhere we can request support for this?

@peter-evans
Copy link
Owner

@cooperlees This is the issue tracking the roadmap feature to allow tokens to be used. docker/roadmap#115

@cooperlees
Copy link

Could we possibly leave this open so people see it's a known issue? It will possibly help stop duplicate issues being logged.

@peter-evans peter-evans reopened this Nov 24, 2020
@LongLiveCHIEF
Copy link

It's not like the tokens are any different than passwords anyways. Tokens have absolutely no scope attached to them. Docker has needed to step up their game with this stuff for years.

BoGnY pushed a commit to BoGnY/tor that referenced this issue Jan 5, 2021
Until peter-evans/dockerhub-description#10 is fixed
Signed-off-by: Luca Bognolo <git@bogny.eu>
ijo42 added a commit to ijo42/CurseForge2Discord that referenced this issue Feb 13, 2021
funkyfisch added a commit to funkyfisch/node-docker-devenv that referenced this issue Mar 9, 2021
axelrindle added a commit to axelrindle/github-starred-index that referenced this issue May 6, 2021
Cyb3r-Jak3 added a commit to Cyb3r-Jak3/pypy-flask that referenced this issue May 23, 2021
Cyb3r-Jak3 added a commit to Cyb3r-Jak3/pypy-flask that referenced this issue May 23, 2021
* Using meta action

* Fix tag

* No description update action. See peter-evans/dockerhub-description/issues/10
rseedorff added a commit to secureCodeBox/secureCodeBox that referenced this issue Jun 28, 2021
…ion#10

Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
@peter-evans
Copy link
Owner

Thanks for confirming! I think we can close this now.

fauust added a commit to fauust/docker-systemd that referenced this issue Jul 19, 2022
@fauust
Copy link

fauust commented Jul 19, 2022

Hi!
Good that this is now working and that we can finally activate 2FA 👍

FYI, I did not manage to make this work with a read/write token, I had to generate a read/write/delete token, not sure why since we just need to update the README.md file?

fauust added a commit to fauust/docker-ansible that referenced this issue Jul 19, 2022
mvdan pushed a commit to mvdan/sh that referenced this issue Jul 19, 2022
See: peter-evans/dockerhub-description#10

Not mandatory but good to implement IMO:

* create a Docker Hub token (needs read/write/delete rights)
* replace DOCKER_PASSWORD with DOCKER_TOKEN in GH actions secrets.
* eventually add 2FA authentication on Docker Hub (it was not possible because of that).

While here, bump GitHub Actions versions.
fauust added a commit to fauust/lychee that referenced this issue Jul 19, 2022
@ghost ghost mentioned this issue Jul 20, 2022
iloveitaly added a commit to iloveitaly/crypto-index-fund-bot that referenced this issue Aug 14, 2022
@jaydrogers
Copy link

I hate to wake this old thread up, but I figured it was the best place to keep this discussion organized. Today I am running into this error. No changes were made on my end and it just started to appear this morning (I have a job run every Tuesday to automatically update).

Error Message

Error: Bad Request

Full screenshot

image

Attempted fix (same failing result)

  • Delete my PAT
  • Re-create it with read, write, delete
  • Re-run the job

Possible error to help debug?

Run peter-evans/dockerhub-description@v3
  with:
    username: ***
    password: ***
    repository: serversideup/php
    short-description: Production-ready Docker images for PHP. Optimized for Laravel, WordPress, and more!
##[debug]Inputs: {
##[debug]  username: '***',
##[debug]  password: '***',
##[debug]  repository: 'serversideup/php',
##[debug]  shortDescription: 'Production-ready Docker images for PHP. Optimized for Laravel, WordPress, and more!',
##[debug]  readmeFilepath: './README.md'
##[debug]}
Acquiring token
::add-mask::***
Sending PATCH request
##[debug]Error: Bad Request
##[debug]    at /home/runner/work/_actions/peter-evans/dockerhub-description/v3/dist/index.js:79:23
##[debug]    at processTicksAndRejections (node:internal/process/task_queues:96:5)
Error: Bad Request
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: push README to Dockerhub

My source code

https://github.com/serversideup/docker-php/blob/649c0e215a82512554ce7e4f616f099dd2af8b3c/.github/workflows/publish_docker-images-production.yml#L59-L65

Other notes & thanks

  • I have another repository running the same syntax and it seems to be fine 🤷‍♂️

I'm very grateful for this project! Thank you for putting this together. If anyone has any ideas, it would be very appreciated 🙌

@simmel
Copy link

simmel commented Feb 14, 2023

@jaydrogers I just tried to update and it worked see https://github.com/simmel/vanilla-imap-baby/actions/runs/4177535798/jobs/7235219564#step:8:1

Try again? Might have just been Docker Hubs API that had an issue?

@jaydrogers
Copy link

Thanks @simmel!

I just tried it again, and I am getting the same results. I can move this into a new issue if it's more appropriate 😃

image

@jonasbn
Copy link

jonasbn commented Feb 14, 2023

Hi @jaydrogers

Here are my 2 cents.

The error hints at a bad HTTP request (400), ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400

  • Is there anyway to get to see the original request and response?
  • Evaluating what the variable parts are - does the username or password contain anything that could render the request invalid?
  • Are there other variable parameters
  • Are the credentials the same as for the other repository where it works?

@jonasbn
Copy link

jonasbn commented Feb 14, 2023

Hi @jaydrogers

And 2 cents more

Just a last thing, have you tried the running the Docker image outside of the context of GHA, as outlined in the README?

@jaydrogers
Copy link

Thanks @jonasbn! Brilliant method with the Docker testing. 👍

I attempted to run what was in the README and I am just getting nothing in return. I had some warnings running with my M1 Mac, so I modified the command to see if that would help. I also tried to set environment variables to put Node into a debug mode to see if I can see the request.

Command I am running

I am running this in the directory of my README file on my Mac.

docker run --platform linux/amd64 -v $(pwd):/workspace \
  -e DOCKERHUB_USERNAME='mydockerhubusername' \
  -e DOCKERHUB_PASSWORD='mysupersecretpat' \
  -e DOCKERHUB_REPOSITORY='serversideup/php' \
  -e README_FILEPATH='/workspace/README.md' \
  -e NODE_ENV=dev \
  -e DEBUG=* \
  peterevans/dockerhub-description:3

My results after running command above

The command runs and returns no output. When I run echo $?, it returns a 1 -- hinting there is an error. It's challenging to know what that is since there isn't any output being displayed.

Screenshot 2023-02-14 at 15 15 19

Things I have checked

  • ✅ Reset PAT
  • ✅ GitHub Actions secrets are reset and named correctly

Thanks for your help everyone! 🙌

@peter-evans
Copy link
Owner

@jaydrogers It's possible that DockerHub doesn't like the content of your readme. Could you try a test where the README.md file just contains something very simple.

@jaydrogers
Copy link

Yup! That's definitely it. Sorry for the confusion! I thought it had something to do with my PAT.

Weird thing is, if I copy and paste it into hub.docker.com, it works no problem.

I even tried pasting it into hub.docker.com then copying that into my README and it still would not take it.

If there are any quick thoughts to trace the down the culprit, I am open ears -- but I am working on a documentation site anyways so it will greatly simplify my README in the future anyways.

I can open another issue on it in the future if I run into problems.

Thanks for your help 🙌

@simmel
Copy link

simmel commented Feb 15, 2023 via email

@christian-korneck
Copy link

If there are any quick thoughts to trace the down the culprit, I am open ears

@jaydrogers do you get the same error when you try to upload your repo description using this tool?

@LeviPesin
Copy link

LeviPesin commented Jul 10, 2023

I'm still getting the "Forbidden" error on the PATCH request. I triple-checked all repository names and even tried running exactly the same API requests in Python -- but no matter what I keep getting 403 {'message': 'insufficient scope', 'errinfo': {}} errors.
You can see the job failing here.

@peter-evans
Copy link
Owner

@LeviPesin As the error message suggests, the problem is likely to be insufficient scopes. It requires read/write/delete scopes (Admin level) to update the Docker Hub repo description. This is mentioned in the readme here.

@LeviPesin
Copy link

Ah, sorry, indeed!! My token only had read/write permissions. Thank you!

@peter-evans peter-evans unpinned this issue Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests