Login/Register
Error: buildx failed with: ERROR: failed to solve: failed to push ghcr.io/: unexpected status: 403 Forbidden
Asked Answered
dockergithubgitlabcontinuous-integrationgithub-actions
A

2

7

I am using GitHub Actions, for building and pushing a simple docker image to GitHub Container registry. My repository is inside an organization and I have configured secrets on organization level.

The job succeeds in logging in to ghcr, but when it tries to push it to ghcr it end with the following error:

Error: buildx failed with: ERROR: failed to solve: failed to push ghcr.io/: unexpected status: 403 Forbidden.

github-actions.yml

name: Build and Push Freeradius proxy
on:
  push:
    branches:
      - '*'
jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      packages: write
    steps:
      - name: Checkout Code
        uses: actions/checkout@v2
        with:
          token: ${{ secrets.GCR_TOKEN}}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
      - name: Login to GHCR
        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
        with:
          registry: ghcr.io
          username: ${{ secrets.REPO_OWNER }}
          password: ${{ secrets.GCR_TOKEN }}
      - name: Build and Push Docker Image
        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
        with:
          context: .
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}

I tried using different versions of docker/setup-buildx-action but it didn't worked!

Animator answered 31/3, 2023 at 9:50 Comment(1)
Your workflow looks okay. Have you verified your PAT has the right permissions for this? This looks like a incorrect permissions issue. See github.com/docker/login-action#github-container-registry.Hartfield
M
5

Maybe your repository action is not setting in read and write permissions enter image description here

Misanthropy answered 22/5, 2023 at 5:52 Comment(0)
K
3

There is another common reason for these sorts of errors.

E.g if you see an error like even after enabling the write permission:

19 ERROR: failed to push ghcr.io/yourimage:main: unexpected status from HEAD request to https://ghcr.io/v2/yourimage/blobs/sha256:67637066b227a8aca5be71d152770eb1ccefea19f3fccb400b67650b6bf63368: 400 Bad Request

There might be a mismatch between your image name and your repo name. When using magical gchr.io authorisation the image name must match your repo name.

Usually the image name is set in the metadata step, but it you override/rename it, the image will later fail to push to ghcr.io

      - name: Read metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.REGISTRY }}/${{ github.repository }}
Kazue answered 10/6, 2024 at 11:19 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.