goal push - failed to authorize: failed to fetch oauth token
arauchberger opened this issue · comments
Is this a request for help?: YES
Environment (plugin version, maven version, OS, ...):
plugin version: 6.7.0
maven version: 3.6.3
OS: linux; GitHub-workflow
What happened:
everything works as expected on my local macOS system.
even though i can see some strange logs, finally the chart gets pushed to dockerHub OCI registry.
when i execute the same maven routine via GitHub-workflow i do get the oAuth error.
i can see also a successful registry login performed by your plugin 🤷♂️.
i can force the same error when i do a docker logout locally. so i added a docker-login action in my gh-wf (even though pushing the docker image in a previous step without a docker login), but that didn't solve the issue.
This is my configuration:
<plugin>
<groupId>io.kokuwa.maven</groupId>
<artifactId>helm-maven-plugin</artifactId>
<configuration>
<chartDirectory>${project.build.directory}/helm/chart</chartDirectory>
<chartVersion>${docker.image.tag}</chartVersion>
<appVersion>${docker.image.tag}</appVersion>
<!--<addDefaultRepo>false</addDefaultRepo>-->
<helmVersion>${helm.version}</helmVersion>
<debug>${helm.debug}</debug>
</configuration>
<executions>
<execution>
<id>package</id>
<phase>package</phase>
<goals>
<goal>init</goal>
<goal>package</goal>
</goals>
</execution>
<execution>
<id>push</id>
<phase>deploy</phase>
<goals>
<goal>registry-login</goal>
<goal>push</goal>
</goals>
<configuration>
<uploadRepoStable>
<name>pineit-dockerhub-helm-release</name>
<url>registry-1.docker.io/pineit</url>
<type>CHARTMUSEUM</type>
</uploadRepoStable>
<uploadRepoSnapshot>
<name>pineit-dockerhub-helm-snapshot</name>
<url>registry-1.docker.io/pineit</url>
<type>CHARTMUSEUM</type>
</uploadRepoSnapshot>
</configuration>
</execution>
</executions>
</plugin>This is the relevant part from my gh-wf:
- name: prepare maven settings for pineit-gh-packages
uses: s4u/maven-settings-action@v2
with:
servers: |
[
{
"id": "pineit-dockerhub-helm-release",
"username": "${{ secrets.DOCKER_HUB_USERNAME }}",
"password": "${{ secrets.DOCKER_HUB_TOKEN }}"
},
{
"id": "pineit-dockerhub-helm-snapshot",
"username": "${{ secrets.DOCKER_HUB_USERNAME }}",
"password": "${{ secrets.DOCKER_HUB_TOKEN }}"
}
]
- name: login to DockerHub OCI registry
uses: docker/login-action@v2
with:
registry: "registry-1.docker.io/pineit"
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: helm package & push
run: |
cd ${{ steps.setup.outputs.PRODUCT_REPO }}
mvn -B -X clean deploy -Pdebug,helm \
-Ddocker.username=${{ secrets.DOCKER_HUB_USERNAME }} \
-Ddocker.password=${{ secrets.DOCKER_HUB_TOKEN }} \in addition i will attach the log file.
i appreciate each hint - i'm stuck on this now for hours.
thanks in advance
Is registry-1.docker.io/pineit a correct repository? Does it work with other repositories?
hi,
yes, it is a correct private repo. as I mentioned, the whole thing works perfectly on my local environment. but when i do a docker logout I see the same errors as when running via gh-workflow.
Right now i do not know whats wrong. This plugin is only a wrapper from helm and in line 67 you can see the executed command. I only can assume that something with the permissions is invalid.
Remarks:
- for our kokuwa.io Account we use
docker.ioinstead ofregistry-1.docker.io. Is the subdomain necessary for private repos? helm:pushalready performs a login,registry-loginis redundant<type>CHARTMUSEUM</type>can be omitted
hi,
I think i found the issue.
i did not declare the two input-secrets ${{ secrets.DOCKER_HUB_USERNAME }} and ${{ secrets.DOCKER_HUB_TOKEN }} in the on workflow_dispatch.
i don't know, why i did not get any error for the docker-login action 🤷♂️ - but it works now.
thanks for your time