Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fatal: could not read Username for 'https://github.com': No such device or address #1112

Open
1 of 3 tasks
oktayalizada opened this issue May 7, 2024 · 1 comment
Open
1 of 3 tasks

fatal: could not read Username for 'https://github.com': No such device or address #1112

oktayalizada opened this issue May 7, 2024 · 1 comment

Comments

@oktayalizada
Copy link

Contributing guidelines

I've found a bug, and:

  • The documentation does not mention anything about my problem
  • There are no open or closed issues that are related to my problem

Description

Could be related to the following issue but got resolved long time ago and was related to v2 specifically: #162

Steps to reproduce:

  1. Have project with private dependency to another private repo
  2. Trigger github action

Expected behaviour

Should be able to build image

Actual behaviour

1.372 * Getting lib (https://github.com/<org-name>/libraryr)
1.542 fatal: could not read Username for 'https://github.com/': No such device or address
1.548 ** (Mix) Command "git --git-dir=.git fetch --force --quiet --progress" failed
------
Dockerfile:33
--------------------
  31 |     # install mix dependencies
  32 |     COPY mix.exs mix.lock ./
  33 | >>> RUN mix deps.get --only $MIX_ENV
  34 |     RUN mkdir config
  35 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c mix deps.get --only $MIX_ENV" did not complete successfully: exit code: 1
Error: buildx failed with: ERROR: failed to solve: process "/bin/sh -c mix deps.get --only $MIX_ENV" did not complete successfully: exit code: 1

Repository URL

No response

Workflow run URL

No response

YAML workflow

name: Publish

on:
  release:
    types: [ published, edited ]
    tags:
      - "v*.*.*"

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        
      - name: Generate a token
        id: generate_token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PEM }}

      - name: Log in to the Container registry
        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: "${{ steps.generate_token.outputs.token }}"

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
      - name: Set Versions
        uses: actions/github-script@v4
        id: set_version
        with:
          script: |
            const tag = context.ref.substring(10)
            const no_v = tag.replace('v', '')
            const dash_index = no_v.lastIndexOf('-')
            const no_dash = (dash_index > -1) ?  no_v.substring(0, dash_index) : no_v
            core.setOutput('tag', tag)
            core.setOutput('no-v', no_v)
            core.setOutput('no-dash', no_dash)
       
      - name: Release to packages
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          secrets: |
             GIT_AUTH_TOKEN=${{ steps.generate_token.outputs.token }}
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{steps.set_version.outputs.no-dash}}

Workflow logs

No response

BuildKit logs

No response

Additional info

No response
@crazy-max
Copy link
Member

crazy-max commented May 7, 2024
edited

GIT_AUTH_TOKEN is only used by BuildKit to clone Git sources and doesn't apply to RUN instructions directly for any git command invocations.

You need to handle this yourself in the step RUN mix deps.get --only $MIX_ENV by using a secret mount and managing git configuration.

Something similar to:

RUN --mount=type=secret,id=GIT_AUTH_TOKEN \
  set -e
  GIT_AUTH_TOKEN=$(cat /run/secrets/GIT_AUTH_TOKEN)
  if [ -n "$GIT_AUTH_TOKEN" ]; then
    echo "Setting GitHub access token"
    git config --global "url.https://x-access-token:${GIT_AUTH_TOKEN}@github.com.insteadof" "https://github.com"
  fi
  mix deps.get --only $MIX_ENV
EOT

Would need to see your Dockerfile to make sure you don't do it with the final stage but dependent one to avoid exposing the secret in git config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-max @oktayalizada