The parser will not add latest when org name contains number

[Mon-ius]

Contributing guidelines

• I've read the contributing guidelines and wholeheartedly agree

I've found a bug, and:

• The documentation does not mention anything about my problem
• There are no open or closed issues that are related to my problem

Description

The parser for docker/build-push-action@v6 failed to add :latest for tags: ${{ env.ghcr_tag }} when it contains number, thus caused 404 error, see logs.

I tested on my org without containing number in name, everything works fine. However, when comes to org that has number, for example xxx3yyyy, it will not append latest, thus return ERROR: failed to solve: failed to push ghcr.io/alpha3olf/sample: unexpected status from HEAD request to

Expected behaviour

This is one with tag tags: ${{ env.ghcr_tag }}-base, it can work,

#18 exporting to image
#18 exporting layers
#18 exporting layers 0.8s done
#18 exporting manifest sha256:b966b72ec4e20c0824[353](https://github.com/Alpha3olf/sample/actions/runs/13443797855/job/37564331575#step:7:359)4195fa7229dcbde306f6f8207d874e8c9ddc0bd1f09 done
#18 exporting config sha256:196fa908159d3ba7e5b47491c8672effd9dc34d3a50ce08a4f46b5f1480b35f4 done
#18 exporting attestation manifest sha256:8b75c28f599d17eb112c8431912ac3bb357d5b37dfcd5480c65fad05774f5fe0 done
#18 exporting manifest sha256:9a6a2a07246df446b4a05c368e334c9e724bbdfef9c0824b4fcecd4295bf8707 done
#18 exporting config sha256:f8fc832c10b115ebf8166d21b8e74068903a6f45e1fa55fd421790586ea40453 done
#18 exporting attestation manifest sha256:fa85c5dee4b7b4685ff61b015f367931adde57309a04d9670c0893475059d422 done
#18 exporting manifest sha256:50d47c702b005fb698b6b023f5172450c2b974a96fb0ae533ca50b37ca676eb0 done
#18 exporting config sha256:a1f6dbd8683d82fb83df129d1900591c2e4c2103dfcb4e5d6c9fe3f1e7c87965 done
#18 exporting attestation manifest sha256:b5bcba4865c3d6cd4fb220fa9e839260897bc2ed099ca4748cb9eaa61549d8ac done
#18 exporting manifest list sha256:68147c485be1bd84[361](https://github.com/Alpha3olf/sample/actions/runs/13443797855/job/37564331575#step:7:367)5881a6535d2e7e10959b7a94232bdfd00bb1de1ab2427 done
#18 pushing layers
#18 ...

#19 [auth] alpha3olf/sample-base:pull,push token for ghcr.io
#19 DONE 0.0s

#18 exporting to image
#18 pushing layers 2.4s done
#18 pushing manifest for ghcr.io/alpha3olf/sample-base:latest@sha256:68147c485be1bd843615881a6535d2e7e10959b7a94232bdfd00bb1de1ab2427
#18 pushing manifest for ghcr.io/alpha3olf/sample-base:latest@sha256:68147c485be1bd843615881a6535d2e7e10959b7a94232bdfd00bb1de1ab2427 2.2s done
#18 DONE 5.5s

#20 resolving provenance for metadata file
#20 DONE 0.0s

Actual behaviour

However, tags: ${{ env.ghcr_tag }}, without -base, it returns 404 forbidden due to the parser not add :latest, see

#18 exporting to image
#18 exporting layers
#18 exporting layers 0.8s done
#18 exporting manifest sha256:9237ad77f1cb92326aa7baa72699b16e2b8c975af0fd5b8606dafea858bc56a8 done
#18 exporting config sha256:43fa1058ed57bef75ac65dabfd7f4a4c3a6f16f96622945316aa082552e457f5 done
#18 exporting attestation manifest sha256:d561861fc0206def28a0fe10b779222338c8bb0316e4958dc72849625b3014b5 done
#18 exporting manifest sha256:51965fc7b8d4d03d57dc5b5fa2cc2134b2e7b2897a0a2a9739ec9758c06ea2b8 done
#18 exporting config sha256:1795617497be4bc68522c237773c7fa14021a64d06f5f4c783c7243301760c43 done
#18 exporting attestation manifest sha256:caaa8439f9e30f6e5e9ffa2165723f7f545456828dd09fbbc5dfbbc5b294722d done
#18 exporting manifest sha256:b88037432e86b180c73960261ebfea38c18888193ed801c18416f4[345](https://github.com/Alpha3olf/sample/actions/runs/13443744477/job/37564159462#step:7:351)793f190 done
#18 exporting config sha256:85d8c430d022cfd54c29d4268f03d6cd4db6556687510f88bcf126370dee21ff done
#18 exporting attestation manifest sha256:a574b3eafa2c13ee272f5b0f3f6579809d8229bca5d5f88b67c670a6a1448de3 done
#18 exporting manifest list sha256:7d3f2cb672c96fa08b8989b79d56e4d1a76dd14882604312ace6a569d714d4dc done
#18 pushing layers
#18 ...

#19 [auth] alpha3olf/sample:pull,push token for ghcr.io
#19 DONE 0.0s

#18 exporting to image
#18 pushing layers 0.2s done
#18 ERROR: failed to push ghcr.io/alpha3olf/sample: unexpected status from HEAD request to https://ghcr.io/v2/alpha3olf/sample/blobs/sha256:c0ab260c0a6cd7e1873a2ceb23551abfe437c75bc0b552e115b2f0e904d50cb0: 403 Forbidden
------
 > exporting to image:
------
ERROR: failed to solve: failed to push ghcr.io/alpha3olf/sample: unexpected status from HEAD request to https://ghcr.io/v2/alpha3olf/sample/blobs/sha256:c0ab260c0a6cd7e1873a2ceb23551abfe437c75bc0b552e115b2f0e904d50cb0: 403 Forbidden
Reference
Check build summary support
Error: buildx failed with: ERROR: failed to solve: failed to push ghcr.io/alpha3olf/sample: unexpected status from HEAD request to https://ghcr.io/v2/alpha3olf/sample/blobs/sha256:c0ab260c0a6cd7e1873a2ceb2[355](https://github.com/Alpha3olf/sample/actions/runs/13443744477/job/37564159462#step:7:361)1abfe437c75bc0b552e115b2f0e904d50cb0: 403 Forbidden

Repository URL

No response

Workflow run URL

No response

YAML workflow

name: docker

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

permissions:
  actions: write
  checks: write 
  pull-requests: write
  contents: read
  packages: write

on:
  workflow_dispatch:
  schedule:
    - cron: '0 6 */6 * *'
  push:
    branches:
      - "master"
    paths:
      - ".github/workflows/docker.yml"
      - "docker/entrypoint.sh"
      - "docker/Dockerfile"

jobs:
  build-docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - 
        name: Convert tags to lowercase
        run: |
          ghcr_tag="ghcr.io/${{ github.repository }}"
          repository="${{ github.repository }}"
          repo_name="${repository#*/}"
          echo "ghcr_tag=${ghcr_tag,,}" >> $GITHUB_ENV
          echo "repo_name=${repo_name,,}" >> $GITHUB_ENV
      - uses: docker/build-push-action@v6
        with:
          context: "{{defaultContext}}:docker"
          file: Dockerfile
          push: true
          platforms: linux/amd64, linux/arm64, linux/ppc64le
          tags: ${{ env.ghcr_tag }}
          build-args: |
            GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
            GITHUB_REPOSITORY=${{ github.repository }}
            GITHUB_NAME=${{ env.repo_name }}

Workflow logs

No response

BuildKit logs

Additional info

No response

[Mon-ius]

If I add -base for tag, it can work fine for org name contains number

name: docker

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

permissions:
  actions: write
  checks: write 
  pull-requests: write
  contents: read
  packages: write

on:
  workflow_dispatch:
  schedule:
    - cron: '0 6 */6 * *'
  push:
    branches:
      - "master"
    paths:
      - ".github/workflows/docker.yml"
      - "docker/entrypoint.sh"
      - "docker/Dockerfile"

jobs:
  build-docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - 
        name: Convert tags to lowercase
        run: |
          ghcr_tag="ghcr.io/${{ github.repository }}"
          repository="${{ github.repository }}"
          repo_name="${repository#*/}"
          echo "ghcr_tag=${ghcr_tag,,}" >> $GITHUB_ENV
          echo "repo_name=${repo_name,,}" >> $GITHUB_ENV
      - uses: docker/build-push-action@v6
        with:
          context: "{{defaultContext}}:docker"
          file: Dockerfile
          push: true
          platforms: linux/amd64, linux/arm64, linux/ppc64le
          tags: ${{ env.ghcr_tag }}-base
          build-args: |
            GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
            GITHUB_REPOSITORY=${{ github.repository }}
            GITHUB_NAME=${{ env.repo_name }}

[crazy-max]

The parser for docker/build-push-action@v6 failed to add :latest for tags: ${{ env.ghcr_tag }}

I'm not sure what you mean, can you post the full logs of the workflow or link to your repo please?

[Mon-ius]

Let's say I have github/sample, then when push to github/sample, it will append :latest, thus be github/sample:latest;

However, when have githu6/sample, it failed to append :latest, and be githu6/sample:, then caused 404 forbidden. 🤗

[Mon-ius]

And if I add githu6/sample with -xxxx, for example, githu6/sample-base, it can be added :latest, thus be githu6/sample-base:latest, then it can work as expected.

[Mon-ius]

The parser for parse tag may be not enough robust 🤗

[crazy-max]

Looking at the few logs you gave, pushing to ghcr.io/alpha3olf/sample-base works but ghcr.io/alpha3olf/sample doesn't and they both contain a number which is a valid image name so this is not related (see https://docs.docker.com/reference/cli/docker/image/tag/#example-image-references). In last case I think you got a 403 because you don't have perms to push to sample repository. But again can't help much without full workflow logs or link to your repo.

[Mon-ius]

dont think you really understand, I gave enough examples and explain but you just ignore, plz check the code that has bug to parse and add latest 🤗

[crazy-max]

Sorry can't help without workflow logs.