Publishing docker image fails

Question

Publishing docker image fails

Opened this issue 5 months ago · 4 comments

Tested creating a new docker image with buildpack in the release pipeline on my fork and there it worked.
Seems like something is not right with the docker credentials here maybe?

Fork log

b9bc32c3aad3: Pull complete
606ef55ec79b: Pull complete
41457d29d84e: Pull complete
ebc971911162: Pull complete
4f4fb700ef54: Pull complete
Digest: sha[256](https://github.com/Ch4s3r/mergeable/actions/runs/10151535169/job/28071001796#step:6:257):32ec910b697adf953b9d47a6dde2266a85a13d3d0aebc2b2ef537c949338dd99
Status: Downloaded newer image for paketobuildpacks/builder-jammy-tiny:latest
===> ANALYZING
Restoring data for SBOM from previous image
===> DETECTING
target distro name/version labels not found, reading /etc/os-release file
target distro name/version labels not found, reading /etc/os-release file
======== Output: paketo-buildpacks/node-run-script@1.0.19 ========
could not find script(s) [build] in package.json
err:  paketo-buildpacks/node-run-script@1.0.19 (1)
======== Output: paketo-buildpacks/node-run-script@1.0.19 ========
could not find script(s) [build] in package.json
err:  paketo-buildpacks/node-run-script@1.0.19 (1)
5 of 11 buildpacks participating
paketo-buildpacks/ca-certificates 3.8.3
paketo-buildpacks/node-engine     4.1.1
paketo-buildpacks/npm-install     1.4.3
paketo-buildpacks/node-start      2.0.1
paketo-buildpacks/npm-start       2.0.1
===> RESTORING
Restoring metadata for "paketo-buildpacks/ca-certificates:helper" from app image
Restoring metadata for "paketo-buildpacks/npm-install:launch-modules" from app image
===> BUILDING

Link to release log

This projects release log

41457d29d84e: Pull complete
ebc971911162: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:32ec910b697adf953b9d47a6dde2266a85a13d3d0aebc2b2ef537c949338dd99
Status: Downloaded newer image for paketobuildpacks/builder-jammy-tiny:latest
===> ANALYZING
ERROR: failed to initialize analyzer: validating registry write access: failed to ensure registry read/write access to mergeability/mergeable: POST https://index.docker.io/v2/mergeability/mergeable/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:mergeability/mergeable Type:repository] map[Action:push Class: Name:mergeability/mergeable Type:repository]]
ERROR: failed to build: executing lifecycle: failed with status code: 1
Error: Process completed with exit code 1.

Link to release log

I have these secrets configured:

DOCKERHUB_TOKEN
DOCKERHUB_USERNAME
NPM_TOKEN

My DOCKER_TOKEN secret has this format: dckr_pat_....

Not really sure what causes this, as the docker login succeeds but the buildpack analyzer fails to authenticate, but it should use the same credentials as the docker login.

Answer 1 · 2024-07-29T20:55:02.000Z

@shine2lay could you double check this please?

Answer 2 · 2024-07-29T21:30:30.000Z

@Ch4s3r the all those secrets have been set long time ago, I double checked. I wasn't able to identify if it starts with dckr_pat.... these tokens have been set years ago

Answer 3 · 2024-07-30T05:23:42.000Z

@shine2lay Is there a chance that we could renew them somehow?
Testing this is really hard as I can't reproduce the issue on my side ^^

Answer 4 · 2024-08-06T20:59:08.000Z

Do we know who set them up?
Maybe we could try to push the image after the creation with pack manually as the docker login seems to work, but that is also no guarantee that pushing works.