[BUG] ghcr.io public images return 401

Question

[BUG] ghcr.io public images return 401

Closed this issue a month ago · 1 comments

Describe the bug
When checking for public images hosted on ghcr.io, version checker return an error "401 Bad Credentials" when no token is defined, and no metric is produced for them.
After a while, it hits the rate limit and it becomes a 403, but I don't think this is related.

To Reproduce
Steps to reproduce the behavior:

Deploy version-checker without a ghcr token configured (helm value ghcr.token not set)
Deploy container with image ghcr.io/stakater/reloader (or any other public ghcr.io image)
Check version-checker logs
See error

Expected behavior
version-checker should not return an error and produce a metric for ghcr.io images

Logs

time="2024-07-08T11:56:18Z" level=error msg="error syncing 'reloader-reloader-86786d55d9-ljdxd/infra': failed to sync pod infra/reloader-reloader-86786d55d9-ljdxd: failed to check container image \"reloader-reloader\": failed to get tags from remote registry for \"ghcr.io/stakater/reloader\": fetching owner type: fetching user: GET https://api.github.com/users/stakater: 401 Bad credentials [], requeuing" module=controller

Environment (please complete the following information):

Version-Checker: 0.7.0
Kubernetes: v1.19.2
Grafana: 10.1.5
Prometheus: v2.47.1

Additional context
Add any other context about the problem here.

Answer 1 · 2024-07-08T15:00:04.000Z

Hey @erwanval Thanks for raising this issue, it looks like this could be a regression from when we migrated to use GitHub Packages from Releases.

I've raised PR #227 that will resolve this, where if you don't provide version-checker a GitHub Token, then we'll fall back to our traditional/standard OCI Repository version discovery.