我目前正在创建一个复合 GitHub Actions,它使用 JIB 从 Java 项目构建一个容器,并将其自动发布到 GitHub Packages 和 Maven Central。
但是当我尝试运行它时出现此错误:
[INFO]
[INFO] Containerizing application to gcr.io/mathieusoysal/codingame-puzzles-stats-saver:v1.0.2.5...
Warning: Base image 'eclipse-temurin:17-jre' does not use a specific image digest - build may not be reproducible
[INFO] Using credentials from <to><auth> for gcr.io/mathieusoysal/codingame-puzzles-stats-saver:v1.0.2.5
[INFO] Getting manifest for base image eclipse-temurin:17-jre...
[INFO] Building dependencies layer...
[INFO] Building resources layer...
[INFO] Building classes layer...
[INFO] Building jvm arg files layer...
[INFO] The base image requires auth. Trying again for eclipse-temurin:17-jre...
[INFO] Using credentials from Docker config (/home/runner/.docker/config.json) for eclipse-temurin:17-jre
[INFO] Using base image with digest: sha256:e7a4a45b88525250e668cc6149b95b3952a8e9cba8c341b70c4d34c4e4d5eed5
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10.272 s
[INFO] Finished at: 2022-02-09T00:37:22Z
[INFO] ------------------------------------------------------------------------
Error: Failed to execute goal com.google.cloud.tools:jib-maven-plugin:3.2.0:build (default-cli) on project codingame-puzzles-stats-saver: Build image failed, perhaps you should make sure your credentials for 'gcr.io/mathieusoysal/codingame-puzzles-stats-saver' are set up correctly. See https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#what-should-i-do-when-the-registry-responds-with-unauthorized for help: Unauthorized for gcr.io/mathieusoysal/codingame-puzzles-stats-saver: 401 Unauthorized
Error: {"errors":[{"code":"UNAUTHORIZED","message":"Not Authorized."}]}
Error: -> [Help 1]
Error:
Error: To see the full stack trace of the errors, re-run Maven with the -e switch.
Error: Re-run Maven using the -X switch to enable full debug logging.
Error:
Error: For more information about the errors and possible solutions, please read the following articles:
Error: [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Error: Process completed with exit code 1.
name: JIB container publish
description: "Build automatically container with JIB and publish it to GitHub Packages."
branding:
icon: "package"
color: "gray-dark"
inputs:
# Use docker.io for Docker Hub if empty
REGISTRY:
description: "Registry of the image to publish"
required: true
default: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME:
description: "Name of the image to publish"
required: true
default: ${{ github.repository }}
# Username to login to registry
USERNAME:
description: "Username to login to registry"
required: true
default: ${{ github.actor }}
# Password to login to registry
PASSWORD:
description: "Password to login to registry"
required: true
# Name of the tag to publish
tag-name:
description: "Tag name of the image to publish"
required: true
default: "latest"
# Java version to use
java-version:
description: "Java version to use"
required: true
default: "17"
runs:
using: "composite"
steps:
- id: downcase
uses: ASzc/change-string-case-action@v2
with:
string: ${{ inputs.IMAGE_NAME }}
- uses: actions/checkout@v2
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
distribution: "adopt"
java-version: ${{ inputs.java-version }}
- name: Buil JIB container and publish to GitHub Packages
run: |
mvn compile com.google.cloud.tools:jib-maven-plugin:3.2.0:build \
-Djib.to.image=${{ inputs.REGISTRY }}/${{ steps.downcase.outputs.lowercase }}:${{ inputs.tag-name }} \
-Djib.to.auth.username=${{ inputs.USERNAME }} \
-Djib.to.auth.password=${{ inputs.PASSWORD }}
shell: bash
name: Deploy Javadoc
on:
name: JIB container publish
on:
release:
types: [created]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: JIB container build and publish
uses: MathieuSoysal/[email protected]
with:
# Use docker.io for Docker Hub if empty
REGISTRY: gcr.io
# github.repository as <your-account>/<your-repo>
IMAGE_NAME: ${{ github.repository }}
# Tag name of the image to publish
tag-name: ${{ github.event.release.tag_name }}
# Username to login to registry
USERNAME: ${{ github.actor }}
# Password to login to registry
PASSWORD: ${{ secrets.GITHUB_TOKEN }}
java-version: 17
有人有办法解决这个问题吗?
仓库链接:https://github.com/MathieuSoysal/jib-container-publish.yml
一切看起来都不错。 Jib 从
-Dto.auth.{username|password}Using credentials from <to><auth> for gcr.io/mathieusoysal/codingame-puzzles-stats-saver:v1.0.2.5
我怀疑您只是没有为
gcr.ioghcr.io注意: 这种身份验证方法只能作为最后的手段使用,因为以纯文本形式显示密码是不安全的。请注意,云注册表(例如 Google GCR、Amazon ECR 和 Azure ACR)通常不接受“用户凭据”(例如 Gmail 帐户名和密码),但需要不同形式的凭据。例如,您可以使用
或oauth2accesstoken作为 GCR 的用户名,使用_json_key作为 ECR 的用户名。对于ACR,您可以使用服务原则。AWS
AFAICT,对于 GCR,
to.auth.usernameoath2accesstoken_json_key${{ github.actor }}此外,为了安全起见,您应该确保在命令行上传递的身份验证参数不会被记录或显示。看一下这个 Stack Overflow 答案 以了解一般注册表身份验证。
此外,通常您需要对“来自”图像和“到”图像进行身份验证。
Basta 排除了 arquivo docker-config 的专有信用存储。您可以使用 config.json 来更改初始目录。 O caminho é: $USER/.docker/config.json