我有 github 操作文件如下:
name: CI
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
cache: pip
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
deploy:
needs: [dependencies]
runs-on: ubuntu-latest
if: |
github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
env:
DOCKER_BUILDKIT: 1
steps:
- uses: actions/checkout@v4
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
project_id: my-project-123456
service_account_key: ${{ secrets.GOOGLE_AUTHENTICATION_CREDENTIALS_JSON }}
export_default_credentials: true
- name: Authorize Docker push
run: gcloud auth configure-docker us-west1-docker.pkg.dev
# Docker builder image
- name: Build Builder with Cache
id: build-with-cache
continue-on-error: true
run: >-
docker build
--build-arg BUILDKIT_INLINE_CACHE=1
-f Dockerfile
--cache-from ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}-builder:latest
-t ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}-builder:latest
--target builder
.
- name: Build Builder with Cache failed -> Build Builder without Cache
if: ${{ steps.build-with-cache.outcome == 'failure' }}
run: >-
docker build
-f Dockerfile
-t ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}-builder:latest
--target builder
.
# Docker runtime image
- name: Build Runtime with Cache
id: build-runtime-with-cache
continue-on-error: true
run: >-
docker build
--build-arg COLLECT_STATIC=1
--build-arg BUILDKIT_INLINE_CACHE=1
-f Dockerfile
--cache-from ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}:latest
-t ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}:${{ github.sha }}
-t ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}:latest
.
- name: Build Runtime with Cache failed -> Build Runtime without Cache
if: ${{ steps.build-runtime-with-cache.outcome == 'failure' }}
run: >-
docker build
--build-arg COLLECT_STATIC=1
-f Dockerfile
-t ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}:${{ github.sha }}
-t ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}:latest
.
- name: Push builder image to Artifact Registry
run: docker push --all-tags ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}-builder
- name: Push runtime image to Artifact Registry
run: docker push --all-tags ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}
- name: Deploy to Cloud Run
uses: google-github-actions/deploy-cloudrun@v1
with:
service: ${{ secrets.CLOUD_RUN_NAME }}
image: ${{ secrets.RUNTIME_DOCKERIMAGE_URL }}:${{ github.sha }}
region: us-west1
当 github 操作运行时,它在步骤
Push builder image to Artifact Registrydenied: Unauthenticated request. Unauthenticated requests do not have permission "artifactregistry.repositories.uploadArtifacts" on resource "projects/***-123456/locations/us-west1/repositories/***-repo" (or it may not exist)
我的服务帐户确实分配了“Artifact Registry Admin”角色。 github 秘密
GOOGLE_AUTHENTICATION_CREDENTIALS_JSONus-west1-docker.pkg.dev/my-project-123456/my-project-repo/my-project
请帮忙。谢谢。
每当您使用 Docker 或具有 Docker 存储库的其他第三方客户端时,都必须对存储库进行身份验证。本部分简要概述了成功进行身份验证所需的内容。有关详细说明,请参阅为 Docker 设置身份验证。
例如,要添加区域
us-west1gcloud auth configure-docker us-west1-docker.pkg.dev
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://us-central1-docker.pkg.dev
注意:- 更改您的区域。