What is skaffold doing after skaffold build pushed successfully - github-actions

When I run skaffold in a github workflow like this
skaffold build
it calls the gradle jib correctly, creates an image and pushes it to the ghcr successfully. Grdale finishes successfully as can be seen in the log. Nevertheless, something happens afterwards that fails. It seems someone tries to access the just built image but is not authorized. This does not happen, if I execute it locally. And it does not fail in the github workflow if I call gradlew jib directly without skaffold being involved.
Built and pushed image as ghcr.io/tobias-neubert/motd-service:453f4c4-dirty
BUILD SUCCESSFUL in 11s
4 actionable tasks: 4 executed
time="2023-02-15T12:07:09Z" level=error msg="No matching credentials were found for \"ghcr.io\""
time="2023-02-15T12:07:09Z" level=error msg="No matching credentials were found for \"ghcr.io\""
getting image: GET https://ghcr.io/token?scope=repository%3Atobias-neubert%2Fmotd-service%3Apull&service=ghcr.io: UNAUTHORIZED: authentication required
Error: Process completed with exit code 1.
The github workflow:
name: Build and push motd-service
on:
push:
permissions:
packages: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout#v3
- name: Set up Java
uses: actions/setup-java#v2
with:
java-version: 17
distribution: temurin
- name: Setup Gradle
uses: gradle/gradle-build-action#v2
- name: Make gradlew executable
run: chmod +x ./gradlew
- name: Install skaffold
run: |
curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \
sudo install skaffold /usr/local/bin/
- name: Deactivate collecting skaffold metrics
run: skaffold config set --global collect-metrics false
- name: Build the motd image
env:
GH_PASSWORD: '${{ secrets.GITHUB_TOKEN }}'
run: skaffold build
Does anybody know what happens here?

It tries to fetch the digest of the new image, which it needs to render the k8s resources. Pushing the image was made by gradle. The jib plugin is configured to use environment variables for authenticating against ghcr.io. But skaffold does not know about those. So it fails to authenticate. A docker login does the trick, although it is not safe in a CI. So now I have to search for a better way to tell skaffold to authenticate against the registry

Related

Backstage Unable to use mkdocs to create Tech Docs for an existing component

I have enabled Github actions to create Tech docs after a commit. Below is the workflow file written to create Md files. But "techdocs-cli generate --no-docker --verbose" command fails with the below error. Can someone please help with the issue?
Failed to generate docs from /home/runner/work/myapp3/myapp3 into /home/runner/work/myapp3/myapp3/site; caused by unknown error 'Command mkdocs failed, exit code: 1'
workflow file:
name: Publish TechDocs Site
on:
push:
branches: master
jobs:
publish-techdocs-site:
runs-on: ubuntu-latest
env:
TECHDOCS_S3_BUCKET_NAME: XXX
AWS_ACCESS_KEY_ID: XXX
AWS_SECRET_ACCESS_KEY: XXX
AWS_REGION: XXX
ENTITY_NAMESPACE: 'default'
ENTITY_KIND: 'Component'
ENTITY_NAME: ‘XXX’
steps:
- name: Checkout code
uses: actions/checkout#v2
- uses: actions/setup-node#v2
- uses: actions/setup-python#v2
- name: Install techdocs-cli
run: sudo npm install -g #techdocs/cli
- name: Install mkdocs and mkdocs plugins
run: python -m pip install mkdocs-techdocs-core==1.*
- name: Generate docs site
run: techdocs-cli generate --no-docker --verbose
- name: Publish docs site
run: techdocs-cli publish --publisher-type awsS3 --storage-name $TECHDOCS_S3_BUCKET_NAME --entity $ENTITY_NAMESPACE/$ENTITY_KIND/$ENTITY_NAME
I had the same issue and it was resolved once you had the right folder structure where you have the mkdocs.yml file.
As long as you have a docs folder in the same root structure with the .md file that needs to be published.
The same .md file needs to be configured in the navigation section of the mkdocs.yml file as well

GitHubActions Runner Error: Command failed: go env GOPATH

We have GitHubActions and we run it in an Centos Server. We have set the root's .bashrc as export GOROOT=/opt/go export PATH=$PATH:$GOROOT/bin
In the Github Actions we have the file:
setup:
needs: cleanup
name: Setup
runs-on: [self-hosted, Linux, X64, CentOS-Linux-7.9]
services:
postgres:
image: postgres:latest
- name: Set up Go 1.17
uses: actions/setup-go#v2
with:
go-version: 1.17
# id: Go
- run: go version
- name: Checkout code into go module directory
uses: actions/checkout#v2
When Github Actions runs this , it throws the error:
0s
Run actions/setup-go#v2
with:
go-version: 1.17
stable: true
token: ***
...
Setup go stable version spec 1.17
Found in cache # /opt/actions-runner/_work/_tool/go/1.17.11/x64
Added go to the path
missing $GOPATH
Error: Command failed: go env GOPATH
missing $GOPATH
Can someone please help with this error?
The Go installation is working and on the Linux box as root 'go version' works.
That looks like actions/setup-go issue 116 which includes:
I believe the reason of issue is missing $HOME variable on the self-hosted runners.
The missing HOME variable makes it so that Go is not able to make default folders for GOPATH and GOCACHE and such.
So double-check what echo $HOME displays in your runner.
The OP AwsGeek confirms in the comments:
First as suggested I did an echo $HOME and it was empty and under the env: I added the value for home env: HOME: "/home/xxxx-account"

facing a permission issue when build react app in GitHub actions

This is my GitHub Actions script to build a react project:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: 14
- name: Install yarn
uses: borales/actions-yarn#v2.1.0
- name: Build React App
run: |
sudo rm -rf node_modules
yarn
umi build
when I run this project in GitHub actions, shows error:
warning "umi-serve > #babel/preset-typescript#7.3.3" has unmet peer dependency "#babel/core#^7.0.0-0".
warning "umi-serve > #babel/register#7.4.4" has unmet peer dependency "#babel/core#^7.0.0-0".
warning Workspaces can only be enabled in private projects.
warning Workspaces can only be enabled in private projects.
[5/5] Building fresh packages...
error An unexpected error occurred: "EACCES: permission denied, open '/home/runner/work/admin/admin/yarn.lock'".
info If you think this is a bug, please open a bug report with the information provided in "/home/runner/work/admin/admin/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
Error: Process completed with exit code 1.
why could not access the project yarn.lock when using yarn command? why facing the permission issue in GitHub Actions? what should I do to fix this problem?
I also facing the similar issue with it, you should tried to use actions/setup-node like this to fix it:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: 16
- run: npm install yarn -g
- name: Build React App
run: |
yarn
yarn global add umi
umi build

Github Actions Error: No such file or directory

Trying to troubleshoot my terraform init step, but I'm getting Error: No such file or directory
Even if I add the pwd as step 2 shown below, still getting Error: No such file or directory. This is working in other pipelines, but none of the new pipelines are working with the same commands.
Was there an update to GHA? I know they updated Helm, but did something else change that would adjust the behavior?
update-terraform-env:
name: "Create or Update Terraform Environment"
needs: build
runs-on: ubuntu-latest
defaults:
run:
working-directory: ${{ env.TERRAFORM_WORKING_DIR }}
steps:
- name: Checkout Source
uses: actions/checkout#v2
- name: Get directory
run: pwd
- name: Setup Terraform
uses: hashicorp/setup-terraform#v1.2.1
with:
terraform_version: 0.13.0
- name: Terraform Init
id: tf-init
run: terraform init
The env.TERRAFORM_WORKING_DIR was initialized to a path that didn't exist. (development which didn't exist, instead of develop which did).
The error of Error: No such file or directory was misleading as it seemed that the step command is failing, when it's actually the working directory for the entire job.

Tagging, and building and uploading a python library

I have a github action that runs when a branch is merged into master. It should tag the repo with a version number that it obtains from setup.py, and then push the tag. It should then build the package and upload it to a package repository.
Progress so far: Building and uploading works, tagging does not
name: Deploy Library
on [push]
jobs:
build:
runs-on: ubuntu latest
steps:
- uses: actions/checkout#master
- name: Set up Python env
uses: actions/setup-python#v1
with:
python-version: '3.6'
- name: Install Deps
run: |
python -m pip install --upgrade pip
pip install wheel
pip install twine
- name: Build
run: |
python setup.py build bdist_wheel
- name: Tag
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION=*sed magic on setup.py*
git tag v$VERSION
git push origin v$VERSION
Everything works except for the git push at the end. The logs complain about the need for a username and password (I only have the GITHUB_TOKEN), and anyway, actions/checkout didn't complain...
I've checked the github actions page, and I can't find one relating to tagging.
The actions/checkout#v1 action leaves the git repository in a detached HEAD state. So in order to push back to the repository there are a few steps required.
Set git config for the user you want to be the commit author:
git config --global user.name 'My User'
git config --global user.email 'myuser#example.com'
Set the remote:
git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}#github.com/username/repository
You may also need to checkout. You can extract the branch name from the GITHUB_REF:
git checkout "${GITHUB_REF:11}"
Related questions and answers:
Push to origin from GitHub action
Unable to commit and push back changes made by github action (invalid user)