http://t.csdn.cn/yvZBq

I am using azure/docker-login for quite a while but now it is failing with a weird error of missing username while login, whereas I have already configured the secrets.

A more intriguing fact is that this error is only shown in the case of the event pull_request but when a commit is made to master the login is a success.

Logs & Pull Request :
https://github.com/layer5io/meshery/pull/1952/checks?check_run_id=1430739345

The Github Action logs show the following warning:

Run azure/docker-login@v1
(node:2690) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

Hello!

I have a project that I spun up with a docker compose file. The images are both in my azure container registry. The container instances were created fine. I used this GitHub action to build and push my images to the registry. This part works fine, and I can verify that the images were correctly updated. When I go to restart the container instances, I get the following error:

Failed to restart the container group 'my-container-group'. Error: Multiple error occurred: 'BadRequest':'InaccessibleImage':The image '{myregistry}/my-repo:my-image-tag' in container group 'my-container-group' is not accessible. Please check the image and registry credential.

This error repeats itself for the other image.

Here is my workflow file:

name: docker_build_push_acr

on:
  push:
    branches:
      - main

jobs:
  docker_build_push_acr:
    name: "Docker Build and Push to ACR"
    runs-on: ubuntu-latest
    environment: production

    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
    defaults:
      run:
        shell: bash

    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout
        uses: actions/checkout@main

      - name: "Docker Login"
        uses: azure/docker-login@v1
        with:
          login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - run: |
          docker build -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/my-repo:frontend-image ./front-end-directory
          docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/my-repo:frontend-image
          docker build -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/my-repo:backend-image ./backend-directory
          docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/my-repo:backend-image

Again, images are pushed to the registry successfully. It is just when I go to restart the container instance that I get this error. I have to delete the container instances and re-initiate them with my docker compose file to get it to start up again.

If it helps, here are my Dockerfiles and docker-compose:

Front end Dockerfile:

FROM node:20-alpine3.18 as build
WORKDIR /usr/app
COPY . /usr/app
RUN npm ci
RUN npm run build

FROM nginx:1.23.1-alpine
EXPOSE 80
COPY ./docker/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
COPY --from=build /usr/app/dist /usr/share/nginx/html

Backend Dockerfile:

FROM oven/bun

WORKDIR /app

COPY package.json .
COPY bun.lockb .

RUN bun install --production

COPY src src
COPY tsconfig.json .
# COPY public public

ENV NODE_ENV production
CMD ["bun", "src/index.ts"]

EXPOSE 3009

Docker-compose:

version: "3.8"

services:
  frontend:
    image: my-container-registry/my-repo:frontend-image
    ports:
      - "80:80"
    depends_on:
      - backend
    container_name: frontend-container

  backend:
    image: my-container-registry/my-repo:backend-image
    ports:
      - "3009:3009"
    container_name: backend-container

Any help would be greatly appreciated!

I suddenly get errors when pushing new docker containers to azure container registry with:

unauthorized: Invalid clientid or client secret.
Error: Process completed with exit code 1.

It was working fine for exactly a year but started breaking today, so I guess something expired.

My Github Action can be seen below. It fails on the build nlp api step but it seems to pass the login step:

What since it passes the login step, I don't get what has expired to cause the issue?

on: [push]
name: Build a Docker image and Push it to ACR
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - uses: azure/docker-login@v1
        with:
          login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v4
        with:
          python-version: "3.9"

      - name: Install pipenv
        run: |
          python -m pip install --upgrade pipenv wheel

      - name: Update requirements.txt for Docker image
        run: |
          pipenv requirements > requirements.txt

      # build nlp api
      - run: |
          docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/nlpapi:${{ github.sha }}
          docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/nlpapi:${{ github.sha }}
          # release version
          ref=${{ github.ref_name }}
          tag=${ref////-}
          echo $tag
          docker tag ${{ secrets.REGISTRY_LOGIN_SERVER }}/nlpapi:${{ github.sha }} ${{ secrets.REGISTRY_LOGIN_SERVER }}/nlpapi:$tag
          docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/nlpapi:$tag

Is there a way to use this Action with the same secret I created for Azure/login and Azure/aks-set-context actions?

creds: ${{ secrets.AZURE_CREDENTIALS }}

As described here:
#23

I can login to Azure ACR using the service principal id and key

- uses: azure/docker-login@v1
  with:
    login-server: contoso.azurecr.io
    username: ${{ secrets.REGISTRY_USERNAME }}
    password: ${{ secrets.REGISTRY_PASSWORD }}
Where you can set the REGISTRY_USERNAME as your service principal id and REGISTRY_PASSWORD as your service principal key.

Great!

but, then I need to pass two additional secrets to my github actions. And I want to reduce it down to just having to provide my entire credentials json blog, and the login action could extract the id and key from it.

so, basically, I would like the action to look something like this:

- uses: azure/docker-login@v1
  with:
    login-server: contoso.azurecr.io
    credentials: ${{ secrets.Azure_ServicePrincipal_Credentials }}
   

By supporting this, I would just have to pass one secret (my SP credentials) to github action secrets and then I can both push to my registry and for example deploy new Azure Container Instances.

I used hub.docker.com to in login-server parameter. but i don't know why still getting
denied: requested access to the resource is denied

when trying to push

edited: btw username and password just look fine. But still get this issue

I recently received the following warning in the azure/docker-login@v1 action log

Warning: The `set-env` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

Can you update the @actions/core package to v1.2.6 or greater to get the updated addPath and exportVariable functions and update the action to use the new commands, so this action will continue to work before they stop supporting the set-env command.

I wanted to be able to pull a previously pushed image to use as a build cache in our Github actions. The following failed:

- uses: azure/docker-login@v1
  with:
    login-server: index.docker.io
    username: ${{ secrets.DOCKER_USERNAME }}
    password: ${{ secrets.DOCKER_PASSWORD }}

- name: Docker Pull Cache
  run: |
    docker pull private/repo:latest

Whereas, logging in with the Docker CLI tool works:

- name: Docker Login (Redneck Style)
  run: docker login --username='${{ secrets.DOCKER_USERNAME }}' --password='${{ secrets.DOCKER_PASSWORD }}'

- name: Docker Pull Cache
  run: |
    docker pull private/repo:latest

I suspect this is because docker login initiates an OAuth2 flow with scopes that allow pulling and that this action just base64 encodes an auth header that won't allow pulling for security reasons.

GitHub Actions: Transitioning from Node 16 to Node 20

Node 16 has reached its end of life, prompting us to initiate its deprecation process for GitHub Actions.

https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/

Last real update is from 2022, a nice PR updating to node 20 is open and needed, but ignored. As well as other open issues.

Is there still somebody here maintaining the action?

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: azure/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

When I upgraded to v2, I got the following error:

Run azure/docker-login@v2
  with:
    login-server: ***
    username: ***
    password: ***
node:internal/modules/cjs/loader:1051
  throw err;
  ^

Error: Cannot find module '@actions/core'
Require stack:
- /home/runner/work/_actions/azure/docker-login/v[2](https://github.com/Nutiliti/nutiliti/actions/runs/9181416347/job/25248134779#step:4:2)/lib/login.js
    at Module._resolveFilename (node:internal/modules/cjs/loader:1048:15)
    at Module._load (node:internal/modules/cjs/loader:901:27)
    at Module.require (node:internal/modules/cjs/loader:1115:19)
    at require (node:internal/modules/helpers:1[3](https://github.com/Nutiliti/nutiliti/actions/runs/9181416347/job/25248134779#step:4:3)0:18)
    at Object.<anonymous> (/home/runner/work/_actions/azure/docker-login/v2/lib/login.js:13:1[4](https://github.com/Nutiliti/nutiliti/actions/runs/9181416347/job/25248134779#step:4:4))
    at Module._compile (node:internal/modules/cjs/loader:1241:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:129[5](https://github.com/Nutiliti/nutiliti/actions/runs/9181416347/job/25248134779#step:4:5):10)
    at Module.load (node:internal/modules/cjs/loader:1091:32)
    at Module._load (node:internal/modules/cjs/loader:93[8](https://github.com/Nutiliti/nutiliti/actions/runs/9181416347/job/25248134779#step:4:9):12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:[12](https://github.com/Nutiliti/nutiliti/actions/runs/9181416347/job/25248134779#step:4:13)) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/home/runner/work/_actions/azure/docker-login/v2/lib/login.js' ]
}

Node.js v20.8.1

Perhaps something wasn't built successfully on the recent release.

What:
Add support to authenticate using Azure Federation Credentials via OIDC, as in this Microsoft doc

Why:
We are trying to not store secrets (client secret) in Github repo, but this step requires the secret.

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: 'Azure Container Registry Login'
 # Azure/docker-login
# GITHUB_TOKEN not used

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.

Please add support for authentication using managed identity. We're utilizing a farm of different computes with self-hosted github actions runners and managed identities attached for ease of management so eliminating service principal authentication would be very beneficial option.

I've been following the how-to doc here: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-github-action#create-workflow-file

And have copied the example workflow file main.yml verbatim into my github repo. The one difference is that i've changed

docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/sampleapp:${{ github.sha }}
to
docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/sampleapp:${{ github.sha }} --build-arg SESSION_SECRET="${{ secrets.SESSION_SECRET }}"

I've tried running the command above on my own computer and it builds the container perfectly. Running the container locally with docker run experiences no issues.

Running this through a github action, however, and the SESSION_SECRET never seem to make it as far as the final container. I've tried everything I can think of, including running it with the exact same secret as defined in github (in case it was an escaping issue) to no avail.

My dockerfile is thus:

# base node image
ARG SESSION_SECRET

FROM node:16-bullseye-slim as base

# set for base and all layer that inherit from it
ENV NODE_ENV production
ARG SESSION_SECRET

# Install all node_modules, including dev dependencies
FROM base as deps

WORKDIR /myapp

COPY patches ./patches

ADD package.json package-lock.json ./
RUN npm install --production=false

# Setup production node_modules
FROM base as production-deps

WORKDIR /myapp

COPY --from=deps /myapp/node_modules /myapp/node_modules
ADD package.json package-lock.json ./
RUN npm prune --production

# Build the app
FROM base as build

WORKDIR /myapp

COPY --from=deps /myapp/node_modules /myapp/node_modules

ADD . .
RUN npm run build

# Finally, build the production image with minimal footprint
FROM base

ENV PORT="80"
ENV NODE_ENV="production"
ENV SESSION_SECRET=$SESSION_SECRET

WORKDIR /myapp

COPY --from=production-deps /myapp/node_modules /myapp/node_modules

COPY --from=build /myapp/build /myapp/build
COPY --from=build /myapp/public /myapp/public
ADD . .
EXPOSE 80
CMD ["npm", "start"]

I've also tried running my container in azure using az container create ... --command-line "tail -f /dev/null" to ensure the contain starts with a shell I can use. Having used the console and run printenv the SESSION_SECRET= is present, but the value is blank.

Am I doing something fundamentally wrong here?

When action is run this warning is logged

(node:3966) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

Repo Steps:

1. Use azure/docker-login@master (commit ed03ba4fc617589298156ade22efab93820817b0).
2. Observe error:

I've been dealing with an issue that nobody seems to have an answer to, despite it probably being a very common problem.

When using this GitHub Action, the ACR it connects to has to be open to the internet so GitHub can access it. The best practice in this case is to have IP rules restricting public access, so GitHub IPs can be whitelisted on the ACR.

The problem is, Microsoft only supports 100 IP rules maximum on an ACR, but GitHub Actions uses over 2000 IP ranges (https://api.github.com/meta).

It is basically impossible to use this and have a GitHub Action push to an ACR without having the ACR be open to the public internet on all IP ranges, which is against best practice.

How does one get around this issue?

Since the new version a few minutes ago, we get the following error:

`node:internal/modules/cjs/loader:936
throw err;
^

Error: Cannot find module '@actions/core'
Require stack:

• /home/runner/work/_actions/azure/docker-login/v1/lib/login.js
  at Function.Module._resolveFilename (node:internal/modules/cjs/loader:933:15)
  at Function.Module._load (node:internal/modules/cjs/loader:778:27)
  at Module.require (node:internal/modules/cjs/loader:1005:19)
  at require (node:internal/modules/cjs/helpers:102:18)
  at Object. (/home/runner/work/_actions/azure/docker-login/v1/lib/login.js:13:14)
  at Module._compile (node:internal/modules/cjs/loader:1101:14)
  at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
  at Module.load (node:internal/modules/cjs/loader:981:32)
  at Function.Module._load (node:internal/modules/cjs/loader:822:12)
  at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12) ***
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/home/runner/work/_actions/azure/docker-login/v1/lib/login.js' ]
  ***`

I have a Dockerfile in the root of my repo but I am still getting
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /home/runner/work/REPONAME/REPONAME/Dockerfile: no such file or directory ##[error]Process completed with exit code 1. when building.

Hi team.

We just noticed that newest push of v1 tag broke our github workflow.
We're getting errror:

  with:
    login-server: r1k8sacrdev.azurecr.io
    username: ***
    password: ***
  env:
    AZURE_HTTP_USER_AGENT: 
    AZUREPS_HOST_ENVIRONMENT: 
    prisma-username: ***
    prisma-password: ***
    jira-password: ***
    jira-username: ***
    acr-client-id: ***
    acr-client-secret: ***
    github-token: ***
node:internal/modules/cjs/loader:936
  throw err;
  ^

Error: Cannot find module '@actions/core'
Require stack:
- /home/runner/work/_actions/azure/docker-login/v1/lib/login.js
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:933:15)
    at Function.Module._load (node:internal/modules/cjs/loader:778:27)
    at Module.require (node:internal/modules/cjs/loader:1005:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/home/runner/work/_actions/azure/docker-login/v1/lib/login.js:13:14)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:11[53](https://github.com/relativityone/veron-t/actions/runs/3522357286/jobs/5905245813#step:4:56):10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/home/runner/work/_actions/azure/docker-login/v1/lib/login.js' ]
}```

We're using docker-login to log into Azure ACR, example usage:

``` - name: Login to Azure container registry
      uses: azure/docker-login@v1
      with:
        login-server: "some-acr.azurecr.io"
        username: "some-username"
        password: "some-password"```

Let me know if there is something else I should provide.

Hello, I'h having a hard time authenticating with docker with a service principal on GitHub actions.
Unfortunately I could not find any documentation regarding this practice on GitHub actions.

What I want to achieve

On a test machine I can do the following:

az login --service-principal -u XXXX -p XXXX--tenant XXXX

az acr login --name REGISTRY

This will setup az and configure .docker/config.json.
This is expected as documented in Authenticate with an Azure container registry

Why?

The current azure/docker-login@v1 only allows authentication with the registry admin user and password. This is no good if you want to properly manage permissions.
Use case: you have multiple systems that need to use the registry. If you use the admin access keys it means that the same key will be in use in multiple places. This is not a good practice. Making for example rotating a key very impractical.

What I have tried?

As expected azure/docker-login@v1 works as expected authenticating az with a service principal:

      - name: Azure authentication
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

After this I tried azure/CLI@v1 in order to do the az acr login as above:

      - name: Azure CLI script
        uses: azure/CLI@v1
        with:
          inlineScript: az acr login --name ${{ secrets.CONTAINER_REGISTRY_URL }}

But unfortunately this will not work because inside the action you do not have docker:

Starting script execution via docker image mcr.microsoft.com/azure-cli:latest
The login server endpoint suffix '.azurecr.io' is automatically omitted.
You may want to use 'az acr login -n XXXX --expose-token' to get an access token, which does not require Docker to be installed.
An error occurred: DOCKER_COMMAND_ERROR
Please verify if Docker client is installed and running.
Error: Error: az cli script failed.
cleaning up container...

Expected behaviour

I should be able to use azure/docker-login@v1 and it would use the current az authenticated service principal.

Thank you in advance

Got this warning message from github actions:
Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: azure/docker-login, ...

I'd like to see something in the README that explains why someone should use this action versus just calling 'docker login' directly.

I'm not trying to be critical or snarky, rather, it's just that when I review the README for this action, it's not apparent to me what functionality or value the action provides versus just running a one liner run: docker login <loginserver> -u <username> -p <password>. Would be great if some additional info or context was added.

This action currently requires an admin account to push images to an Azure Container Registry, which requires customers to enable the admin account when deploying to ACR with GitHub Actions. Enabling such an account is not recommended per the least privilege principle, and it is an https://github.com/Azure/docker-login/issues/34that needs to be managed.

It should be possible to use Azure Credentials for ACR logins.

Follow the instructions on GitHub - Azure/docker-login: GitHub action to log in to Azure Container Registry (ACR) or any private container registry: --> the instructions require an admin account, which is not recommended.

A better alternative is to use Azure credentials, especially if the workflow is already using the azure/login task.

I have used the following YAML

• name: ACR authentication
  uses: azure/docker-login@v1
  with:
  login-server: ${{ env.AZURE_CONTAINER_REGISTRY_NAME }}.azurecr.io
  username: ${{ env.AZURE_CONTAINER_REGISTRY_NAME }}
  password: ${{ steps.acr-creds.outputs.pass }}

- name: Docker Build & Push to ACR
  run: |
    cd WebApp
    docker build . -t ${{ env.AZURE_CONTAINER_REGISTRY_NAME }}.azurecr.io/app:${{ github.sha }}
    docker push ${{ env.AZURE_CONTAINER_REGISTRY_NAME }}.azurecr.io/app:${{ github.sha }}

But when the workflow tries the docker push it fails with authentication error.
I tried with docker login -u ... -p ... and it worked (what I expected).
From my understanding, azure/docker-login@v1 does nearly the same as docker login +additional Azure stuff.
What is the use case for this action, when I have to do a second auth.?

I spent a while debugging my pipeline and turns out it was because of this action.

I need to use the "buildx" extension for Docker, and it's inside this action: https://github.com/crazy-max/ghaction-docker-buildx

When using the azure/docker-login action to authenticate, buildx didn't work. Replacing the action with a script fixed it.

Broken setup:

# Setup Docker buildx
- name: Set up Docker buildx
  id: buildx
  uses: crazy-max/ghaction-docker-buildx@v1
  with:
    version: latest

# Login to Docker Hub
- name: Login to Docker Hub
  uses: azure/docker-login@v1
  with:
    username: ${{env.DOCKER_USERNAME}}
    password: ${{ secrets.DOCKER_PASSWORD }}

Working:

# Setup Docker buildx
# https://github.com/crazy-max/ghaction-docker-buildx
- name: Set up Docker buildx
  uses: crazy-max/ghaction-docker-buildx@v1
  with:
    version: latest
# Login to Docker Hub
- name: Login to Docker Hub
  env:
    DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
  run: |
    echo "${DOCKER_PASSWORD}" | docker login --username "${{env.DOCKER_USERNAME}}" --password-stdin

In both cases, the next instruction is a script that runs docker buildx build.

I believe there may be an undocumented prerequisite for this login action to be able to actually build and push docker images. When I try to use the action on my local action runner, I get the following error:

Run docker build . -t ***/sampleapp:a903ff57b9c5c63ac6eeb5128b325b13b90628fd
/home/docker/actions_runner/_work/_temp/8ea43984-5404-4a24-8fc3-8a29f87e8af2.sh: line 1: docker: command not found
Error: Process completed with exit code 127.

Does my action runner environment need to have the docker binaries installed?

Referring to logging in to multiple registries, does Azure docker login override Google docker login?

The following works as expected.

- name: Setup gcloud CLI
  uses: google-github-actions/[email protected]
  with:
    project_id: ${{ secrets.GCP_PROJECT_ID }}
    service_account_key: ${{ secrets.GCP_SA_KEY }}

- name: Configure Docker using gcloud
  run: |
    gcloud auth configure-docker

- name: Hello world image
  run: |
    docker pull hello-world
    docker tag hello-world:latest us.gcr.io/my_registry/hello-world:test
    docker push us.gcr.io/my_registry/hello-world:test

If I add an Azure login as the following, it fails to authenticate to GCP with the following error message when pushing the image to a google container registry.

- name: Setup gcloud CLI
  uses: google-github-actions/[email protected]
  with:
    project_id: ${{ secrets.GCP_PROJECT_ID }}
    service_account_key: ${{ secrets.GCP_SA_KEY }}

- name: Configure Docker using gcloud
  run: |
    gcloud auth configure-docker

- name: Azure login
  uses: azure/docker-login@v1
  with:
    login-server: ${{ secrets.AZ_CR }}
    username: ${{ secrets.AZ_USERNAME }}
    password: ${{ secrets.AZ_PASSWORD }}

- name: Hello world image
  run: |
    docker pull hello-world
    docker tag hello-world:latest us.gcr.io/my_registry/hello-world:test
    docker push us.gcr.io/my_registry/hello-world:test

unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

Hi,
My steps are like this:

• run: |
  docker compose build
  docker tag docker.io/library/data-analytics-predictor ${{ secrets.REGISTRY_LOGIN_SERVER }}/data-analytics-predictor:latest
  docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/data-analytics-predictor:latest
  If I try to deploy this to Azure container apps it crashes in provisioning.
  If I do the same steps locally pushed image works fine.

This repo's 'About' description reads Enable GitHub developers to deploy to Kubernetes service using GitHub Actions.
This should be edited to reflect the docker content rather than Kubernetes.
(Sorry, I can't do a PR on the 'about' text or I'd do it myself. :) )

Hi!

right now the actions always override the previous login.

It would be great if the auth credentials could be merged with the current, e.g.:

Here is the use case:

      - name: Docker Login docker.io
        uses: azure/docker-login@v1
        if: github.ref == 'refs/heads/master'
        with:
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Docker Login docker.pkg.github.com
        uses: azure/docker-login@v1
        if: github.ref == 'refs/heads/master'
        with:
          login-server: docker.pkg.github.com
          username: $GITHUB_ACTOR
          password: ${{ secrets.GITHUB_TOKEN }}

I am trying to use this code to push a .NET 7 container image to my ACR:

    - name: Azure Container Registry Login
      uses: Azure/docker-login@v1
      with:
        username: ${{ secrets.ACR_USERNAME }}
        password: ${{ secrets.ACR_PASSWORD }}
        login-server: ${{ secrets.ACR_REGISTRY_URL }}
    - name: Publish
      run: dotnet publish --os linux --arch x64 --configuration Release -p:PublishProfile=DefaultContainer

The login to the CR apparently succeeds (completes without error):

Run Azure/docker-login@v1
  with:
    username: ***
    password: ***
    login-server: ***
  env:
    BUILD_VERSION: [2](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:6:2)022.11.2[8](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:6:8)-11
    DOTNET_ROOT: C:\Program Files\dotnet
DOCKER_CONFIG environment variable is set

but the subsequent publish fails (contents of config.json added to aid debugging):

Run cat $HOME/.docker/config.json
  cat $HOME/.docker/config.json
  dotnet publish --os linux --arch x64 --configuration Release -p:PublishProfile=DefaultContainer
  shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
  env:
    BUILD_VERSION: 2022.11.28-11
    DOTNET_ROOT: C:\Program Files\dotnet
    DOCKER_CONFIG: D:\a\_temp\docker_login_1669624656512
{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "redacted"
		}
	}
}
MSBuild version 17.4.0+18d5aef85 for .NET
  Determining projects to restore...
  Restored D:\a\dotnet7-docker\dotnet7-docker\dotnet7-docker.csproj (in 2.67 sec).
  dotnet7-docker -> D:\a\dotnet7-docker\dotnet7-docker\bin\Release\net7.0\linux-x64\dotnet7-docker.dll
  dotnet7-docker -> D:\a\dotnet7-docker\dotnet7-docker\bin\Release\net7.0\linux-x64\publish\
  Building image 'weatherforecast-api' with tags 2022.11.28-11 on top of base image mcr.microsoft.com/dotnet/aspnet:7.0
  Uploading layer sha256:a60[3](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:3)fa5e3b[4](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:4)127f210[5](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:5)03aaa[6](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:6)189abf6286ee5a[7](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:7)3deeaab460f[8](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:8)f33ebc6b64e2 to registry
  Uploading layer sha256:478[9](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:10)09de3dddf82d41bf49336ca75e99dda4b994ff95f8b3c7f9929eccf5bd9c to registry
  Uploading layer sha256:42b07697[10](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:11)d8d902794c709bb43daa609dbfbcabec0035151652de886592e7f5 to registry
  Uploading layer sha256:165f2f6a3267d0655553c5e46e5da98fee9656d18a69d6658864a9ddbfceb716 to registry
  Uploading layer sha256:e573684406723b55606ecce5f188244d5ca85ba1fcd17f4394580cb4b4d3bce6 to registry
  Uploading layer sha256:af9f2d1c1d74aee03ce2cc5565b97ec022298413400cf8bd2781e85e6251fcac to registry
C:\Users\runneradmin\.nuget\packages\microsoft.net.build.containers\0.2.7\build\Microsoft.NET.Build.Containers.targets([12](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:13)4,9): error : Failed to push to the output registry: System.AggregateException: One or more errors occurred. (Failed retrieving credentials for "seeman.***": No matching auth specified for registry 'seeman.***' in Docker config 'D:\a\_temp\docker_login_[16](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:17)696[24](https://github.com/Monte-Christo/dotnet7-docker/actions/runs/3563058595/jobs/5985420750#step:7:25)656512\config.json'.) [D:\a\dotnet7-docker\dotnet7-docker\dotnet7-docker.csproj]

Apparently, the auth for the ACR is not added to config.json.

If i use

    - name: Login to ACR
      run: |
        az acr login -n seeman -u ${{ secrets.ACR_USERNAME }} -p ${{ secrets.ACR_PASSWORD }}

instead of the Azure/docker-login@v1 task, everything works as expected.