我在 Azure AKS 上使用带有 Actions Runner Controller (ARC) 的自托管 GitHub Actions 运行器设置,以及充当 AKS 代理的小型 VM。我的自托管 Docker 注册表设置了 Nginx 反向代理,并配置为仅接受来自 azure 的 VM 代理服务器的请求。我在 GitHub Actions 中尝试使用 docker/build-push-action@v6 将 Docker 映像推送到注册表时遇到问题。当我在管道脚本中使用常规 Docker 命令构建和推送 Docker 映像时,推送工作完美无缺,但在使用 GitHub Action 时,推送失败并出现 403 Forbidden 错误响应。我怀疑这是因为 docker/build-push-action@v6 GitHub Action 没有利用为 AKS 集群配置的代理虚拟机。
我还尝试在 builds-args 上包含代理,但它仍然不起作用。
什么可能导致这种差异,如何解决?
name: poc
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build-and-push:
runs-on: selfhosted-ubuntu-runners
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to selfhosted-registry.com
uses: docker/login-action@v3
with:
registry: selfhosted-registry.com
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASS }}
- name: Build and Push Docker Image
id: push-tag
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: "selfhosted-registry.com/testrepo:01"
build-args: |
http_proxy=${{ secrets.http_proxy }}
https_proxy=${{ secrets.https_proxy }}
使用 GitHub Action 时出现 403 Forbidden 错误响应是由于工作流权限所致。需要
contents
权限为 write
。
您必须配置存储库 - 设置 -> 操作 -> 常规 -> 工作流程权限并选择读取和写入权限。
要使用
GitHub添加对GITHUB_TOKEN
内容的写入权限,请参阅此 SO。
以下示例 GitHub Actions 工作流程如何为您的作业使用代理设置:
name: poc
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build-and-push:
runs-on: selfhosted-ubuntu-runners
env:
LOG_FILE: devproxy.log
DEVPROXY_VERSION: v0.18.0
# Proxy server configuration
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to selfhosted-registry.com
uses: docker/login-action@v3
with:
registry: selfhosted-registry.com
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASS }}
# Cache Dev Proxy
- name: Cache Dev Proxy
id: cache-devproxy
uses: actions/cache@v4
with:
path: ./devproxy
key: devproxy-ubuntu-${{ env.DEVPROXY_VERSION }}
- name: Install Dev Proxy
if: steps.cache-devproxy.outputs.cache-hit != 'true'
run: bash -c "$(curl -sL https://aka.ms/devproxy/setup.sh)" -- ${{ env.DEVPROXY_VERSION }}
- name: Run Dev Proxy
run: /bin/bash run-dev-proxy.sh
- name: Build and Push Docker Image
id: push-tag
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: "selfhosted-registry.com/testrepo:01"
build-args: |
http_proxy=${{ secrets.http_proxy }}
https_proxy=${{ secrets.https_proxy }}
- name: Upload Dev Proxy logs
uses: actions/upload-artifact@v4
with:
name: ${{ env.LOG_FILE }}
path: ${{ env.LOG_FILE }}
- name: Upload Dev Proxy reports
uses: actions/upload-artifact@v4
with:
name: Reports
path: ./*Reporter*
- name: Write summary
run: |
cat SomePlugin_MarkdownReporter.md >> $GITHUB_STEP_SUMMARY
请参阅此 MSDOC 以将开发代理与 GitHub 一起使用 操作
我参考此 MSDOC 在 AKS 上部署自托管 GitHub Actions Runners。