Login/Register
GitHub: denied: permission_denied: write_package
Asked Answered
Solved dockergithubgithub-actions
G

7

29

I am currently trying to run a docker GitHub Action which builds and pushes a docker image to the GitHub Packages but I am receiving an error which I have never seen. For some reason it fails to push the docker image because write_permission is denied but I have a token allowing me to write so I don't understand what the problem is.

This is my action file:

name: Docker Image CI

on:
  workflow_dispatch:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 16
      uses: actions/setup-java@v1
      with:
        java-version: 16
    - name: Build with Maven
      run: mvn -f ACS/pom.xml clean install dependency:copy-dependencies
    - name: Login to GitHub Package Registry
      run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${{ github.repository }} --password-stdin
    - name: Build the Docker image
      run: docker build -t image:latest .
    - name: Tag the Docker image
      run: docker tag image:latest docker.pkg.github.com/organization/repository/image:latest
    - name: Push the Docker image to the registry
      run:  docker push docker.pkg.github.com/organization/repository/image:latest

This is my error:

Run docker push docker.pkg.github.com/organization/repository/image:latest The push refers to repository [docker.pkg.github.com/organization/repository/image] f0eaf014e806: Preparing 7d0bad636b3f: Preparing aa0870e7c621: Preparing 36d2f9f005e6: Preparing 22bb3686ee25: Preparing 05e198868a20: Preparing b5cea4a3dd43: Preparing 93c7a8a0e1f4: Preparing 7f4b55b885b0: Preparing 05e198868a20: Waiting b5cea4a3dd43: Waiting 93c7a8a0e1f4: Waiting 7f4b55b885b0: Waiting denied: permission_denied: write_package

Grose answered 1/9, 2021 at 13:31 Comment(1)
See https://mcmap.net/q/501228/-github_token-permission-denied-write-package-when-build-and-push-docker-in-github-workflows - it makes a difference if the first image is pushed locally with PAT, or from workflow with GITHUB_TOKEN.Auer
G
4

For those interested, I managed to solve my issue although not quite sure how or more precisely which of the steps that I used, did help me solve the issue.

So basically, I first revoked my tokens and made a new one. Then I logged in to docker like this docker login -u USERNAME -p TOKEN ghcr.io while before I would use docker.pkg.github.com and then managed to push my docker image manually to GitHub Package Registry which then made the GitHub Action flow works as well, although I did change nothing there.

I hope that helps people who have the same issue.

Grose answered 3/9, 2021 at 7:16 Comment(0)
W
69

I was facing the same issue. To resolve this

  • Go to USER/ORG home page and click on Packages tab

  • Click on the package for which you are getting the permission_denied error

  • On the bottom of right sidebar click on Package settings option enter image description here

  • On the Manage Actions access change the package role to write enter image description here

  • Done. Now rerun the the action and you will find the problem is resolved.

Westhead answered 11/6, 2022 at 16:8 Comment(1)
Thank you! I've been struggling with this for three straight days. My issue was with a npm package initially published from my machine to npm.pkg.github.com, with a PAT. Subsequent workflow runs just threw 403 errors on publish. Had no idea we could control access to individual packages.Pruitt
B
18

The solution presented did not work for me, I had to add my repository to the package settings as documented in the issue https://github.community/t/unable-to-push-to-ghcr-io-from-github-actions/191761/3

Go to Package settings (to the right / bottom) of the package

And configure "Manage Actions access" section to allow the git repository in question write permissions on this package/docker repository - so making sure to also select "Write" when adding the repository.

Brion answered 4/2, 2022 at 19:49 Comment(1)
You may not have access and then you will not see the original package on the list. In this case make sure asking administrator for correct permissions.Atlanta
M
4

Try adding login step to your job:

- name: Login to GitHub Container Registry
  uses: docker/login-action@v1
  with:
    registry: ghcr.io
    username: ${{github.actor}}
    password: ${{secrets.GITHUB_TOKEN}}
Min answered 2/9, 2021 at 5:37 Comment(4)
I already do that though. Also tried your code but nothing changed.Grose
Yeah, I see you are using the old registry docker.pkg.github.com. My example with GITHUB_TOKEN works only for the new ghcr.io one.Min
Do you know if this change has had impact on how docker.pkg.github.com works?Grose
@AngelHadzhiev In my experience, I had to update the domain from that old host to ghcr.io/... for this to work. In addition, my old method against the old domain (on this new private repo) did not work.Clara
G
4

For those interested, I managed to solve my issue although not quite sure how or more precisely which of the steps that I used, did help me solve the issue.

So basically, I first revoked my tokens and made a new one. Then I logged in to docker like this docker login -u USERNAME -p TOKEN ghcr.io while before I would use docker.pkg.github.com and then managed to push my docker image manually to GitHub Package Registry which then made the GitHub Action flow works as well, although I did change nothing there.

I hope that helps people who have the same issue.

Grose answered 3/9, 2021 at 7:16 Comment(0)
T
3

I just wanted to add an alternative solution for people who are running into this error and finding this page from Google results.

If you've created a package previously from a forked repo, and then forked a different repo with the same package name, Github actions will fail like this. Go into your package settings and delete the package, and it should succeed again.

Tamekia answered 30/12, 2022 at 1:36 Comment(1)
Thanks for the solution. I had really hard time figuring this out.Miscellany
P
0

Thanks to https://stackoverflow.com/users/814548/vivek! In my case, I still needed to have the code in place to get working, as follows:

permissions:
  contents: read
  packages: write
Panther answered 10/3 at 1:18 Comment(0)
D
-3

currently you precise your github token but not the secrets for DOCKERHUB_USERNAME and DOCKERHUB_TOKEN. You need define in your repositories a new secrets DOCKERHUB_USERNAME and DOCKERHUB_TOKEN as indicated in https://docs.github.com/en/actions/reference/encrypted-secrets.

You must also create a dockerhub token on dockerhub website portal.

You also need to add this sample code before build and push action.

        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
Dogtired answered 1/9, 2021 at 13:40 Comment(3)
I don't need dockerhub.Grose
Whether it is DOCKERHUB or another container registry (like Azure ACR or a personal container registry) you necessarily need a container registry to be able to push a container image.Dogtired
In your code you need a secret for docker.pkg.github.comDogtired

© 2022 - 2024 — McMap. All rights reserved.