Azure AKS 上的 GitHub Actions Runner 控制器和充当 AKS 群集代理的 VM 无法使用 docker/build-push-action@v6 操作进行推送

问题描述 投票:0回答:1

我在 Azure AKS 上使用带有 Actions Runner Controller (ARC) 的自托管 GitHub Actions 运行器设置,以及充当 AKS 代理的小型 VM。我的自托管 Docker 注册表设置了 Nginx 反向代理,并配置为仅接受来自 azure 的 VM 代理服务器的请求。我在 GitHub Actions 中尝试使用 docker/build-push-action@v6 将 Docker 映像推送到注册表时遇到问题。当我在管道脚本中使用常规 Docker 命令构建和推送 Docker 映像时,推送工作完美无缺,但在使用 GitHub Action 时,推送失败并出现 403 Forbidden 错误响应。我怀疑这是因为 docker/build-push-action@v6 GitHub Action 没有利用为 AKS 集群配置的代理虚拟机。

我还尝试在 builds-args 上包含代理,但它仍然不起作用。

什么可能导致这种差异,如何解决?

name: poc
on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  build-and-push:
    runs-on: selfhosted-ubuntu-runners

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to selfhosted-registry.com
        uses: docker/login-action@v3
        with:
          registry: selfhosted-registry.com
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASS }}  

      - name: Build and Push Docker Image
        id: push-tag
        uses: docker/build-push-action@v6
        with:
          context: .  
          push: true
          tags: "selfhosted-registry.com/testrepo:01"
          build-args: |
            http_proxy=${{ secrets.http_proxy }}
            https_proxy=${{ secrets.https_proxy }}
proxy github-actions azure-aks github-actions-self-hosted-runners
1个回答
0
投票

使用 GitHub Action 时出现 403 Forbidden 错误响应是由于工作流权限所致。需要 

contents
权限为 
write

您必须配置存储库 - 设置 -> 操作 -> 常规 -> 工作流程权限并选择读取和写入权限。

要使用 

GitHub
添加对 GITHUB_TOKEN 内容的写入权限,请参阅此 SO

以下示例 GitHub Actions 工作流程如何为您的作业使用代理设置:


name: poc

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  build-and-push:
    runs-on: selfhosted-ubuntu-runners

    env:
      LOG_FILE: devproxy.log
      DEVPROXY_VERSION: v0.18.0
      # Proxy server configuration
      http_proxy: ${{ secrets.http_proxy }}
      https_proxy: ${{ secrets.https_proxy }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to selfhosted-registry.com
        uses: docker/login-action@v3
        with:
          registry: selfhosted-registry.com
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASS }}

      # Cache Dev Proxy
      - name: Cache Dev Proxy
        id: cache-devproxy
        uses: actions/cache@v4
        with:
          path: ./devproxy
          key: devproxy-ubuntu-${{ env.DEVPROXY_VERSION }}

      - name: Install Dev Proxy
        if: steps.cache-devproxy.outputs.cache-hit != 'true'
        run: bash -c "$(curl -sL https://aka.ms/devproxy/setup.sh)" -- ${{ env.DEVPROXY_VERSION }}

      - name: Run Dev Proxy
        run: /bin/bash run-dev-proxy.sh

      - name: Build and Push Docker Image
        id: push-tag
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: "selfhosted-registry.com/testrepo:01"
          build-args: |
            http_proxy=${{ secrets.http_proxy }}
            https_proxy=${{ secrets.https_proxy }}

      - name: Upload Dev Proxy logs
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.LOG_FILE }}
          path: ${{ env.LOG_FILE }}

      - name: Upload Dev Proxy reports
        uses: actions/upload-artifact@v4
        with:
          name: Reports
          path: ./*Reporter*

      - name: Write summary
        run: |
          cat SomePlugin_MarkdownReporter.md >> $GITHUB_STEP_SUMMARY

请参阅此 MSDOC 以将开发代理与 GitHub 一起使用 操作

我参考此 MSDOC 在 AKS 上部署自托管 GitHub Actions Runners。

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.