Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no basic auth credentials on push_image step #335

Closed
hylaride opened this issue Mar 6, 2024 · 4 comments
Closed

no basic auth credentials on push_image step #335

hylaride opened this issue Mar 6, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@hylaride
Copy link

hylaride commented Mar 6, 2024
edited
Loading

Orb version

9.0.4 (Though this broke for me in 9.0.3 - 9.0.2 functions properly)

What happened

push_image now fails on docker push to ECR with the following error:

a9db2aea91b3: Preparing 
2cea05c6512a: Preparing 
5498e8c22f69: Waiting 
no basic auth credentials

Exited with code exit status 1

Expected behavior

Docker login should happen as before. This is our orb instantiation:

  steps:
    - setup_remote_docker
    - run:
        name: Get 7 digit git sha1
        command: |
          echo 'export SMALL_SHA="${CIRCLE_SHA1:0:7}"' >> "$BASH_ENV"
    - aws-ecr/build_and_push_image:
        auth:
          - aws-cli/setup:
              role_arn: $ECR_OID_ACCESS_ARN
              role_session_name: ecr-login
              profile_name: << parameters.repo >>-ecr-login
        profile_name: << parameters.repo >>-ecr-login
        account_id: "$AWS_ECR_REGISTRY_ID"
        no_output_timeout: << parameters.no-output-timeout >>
        region: << parameters.region >>
        repo: << parameters.repo >>
        skip_when_tags_exist: << parameters.skip-when-tags-exist >>
        tag: ${SMALL_SHA}
        path: << parameters.path >>
        push_image: false
    - aws-ecr/push_image:
        region: << parameters.region >>
        account_id: "$AWS_ECR_REGISTRY_ID"
        repo: << parameters.repo >>
        tag: ${SMALL_SHA}

I suspect this pull request is the culprit. is there anything I need to change on my end to get the aws-ecr/push_image step to work?
@hylaride hylaride added the bug Something isn't working label Mar 6, 2024
@hylaride
Copy link
Author

I should also add that the reason we're doing the 2nd push_image step is because we're hitting this issue, too.

@hylaride hylaride mentioned this issue Mar 11, 2024
Closed
@hylaride
Copy link
Author

FYI, this also breaks pushing on build_and_push_image

#9 ERROR: failed to push ********************************************/REMOVED:06a8046: unexpected status from HEAD request to https://********************************************/v2/REMOVED/blobs/sha256:REMOVED: 401 Unauthorized
------
 > exporting to image:
------
ERROR: failed to solve: failed to push ********************************************/REMOVED:06a8046: unexpected status from HEAD request to https://********************************************/v2/REMOVED/blobs/sha256:REMOVED: 401 Unauthorized

@moosilauke18-reify
Copy link

I believe it has to do with OIDC not working correctly with amazon-ecr-credential-helper. awslabs/amazon-ecr-credential-helper#581

@marboledacci
Copy link
Contributor

I have been trying to replicate the issue with many configurations, and haven't been able to get it. As a workaround, the version 9.3.0 allows you to specify the parameter use_credentials_helper in the job to use the credentials helper, or the old method with docker login.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hylaride @moosilauke18-reify @marboledacci