gitea/act_runner
61
106
Fork 79
Code Issues 137 Pull Requests 9 Actions Releases 21 Activity

docker/build-push-action can not work in latest version #119

New Issue
Closed
opened 2023-04-13 02:00:56 +00:00 by seepine · 8 comments
seepine commented 2023-04-13 02:00:56 +00:00
Contributor
Copy Link

build.yml

jobs:
  build-image:
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:act-latest
    steps:
      # ...
      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          platforms: |
            linux/amd64
            linux/arm64                        
          push: true
          tags: my/testapp:latest           
      # ...

Error log

Build and push
1 ::group::GitHub Actions runtime token access controls
2 ::endgroup::
3 ::error::Invalid token specified: Cannot read properties of undefined (reading 'replace')

image

### build.yml ```yml jobs: build-image: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: # ... - name: Build and push uses: docker/build-push-action@v4 with: platforms: | linux/amd64 linux/arm64 push: true tags: my/testapp:latest # ... ``` ### Error log ``` Build and push 1 ::group::GitHub Actions runtime token access controls 2 ::endgroup:: 3 ::error::Invalid token specified: Cannot read properties of undefined (reading 'replace') ``` ![image](/attachments/3af8bc17-27a9-4d9b-a6f0-154e3efa50c7)
image.png
9.4 KiB
image.png
24 KiB
image.png
Zettat123 commented 2023-04-13 04:20:00 +00:00
Member
Copy Link

Hmmm, it looks strange, I also meet the error when running with binary

Hmmm, it looks strange, I also meet the error when running with binary
seepine commented 2023-04-13 04:57:19 +00:00
Author
Contributor
Copy Link

It seems to be a ACTIONS_RUNTIME_TOKEN issue

It seems to be a ACTIONS_RUNTIME_TOKEN issue
Zettat123 commented 2023-04-13 06:27:41 +00:00
Member
Copy Link

It seems to be a ACTIONS_RUNTIME_TOKEN issue

I think so. I guess it might be related to

internal/app/run/runner.go Line 162 in a05c5ba3ad
r.envs["ACTIONS_RUNTIME_TOKEN"] = preset.Token
.

Could you please upgrade your binary runner to the latest version and test again?

> It seems to be a ACTIONS_RUNTIME_TOKEN issue I think so. I guess it might be related to https://gitea.com/gitea/act_runner/src/commit/a05c5ba3ad5bc8f3ed8f31707a6c83eba60354d9/internal/app/run/runner.go#L162 . Could you please upgrade your binary runner to the latest version and test again?
seepine commented 2023-04-13 07:43:44 +00:00
Author
Contributor
Copy Link

It seems to be a ACTIONS_RUNTIME_TOKEN issue

I think so. I guess it might be related to

internal/app/run/runner.go Line 162 in a05c5ba3ad
r.envs["ACTIONS_RUNTIME_TOKEN"] = preset.Token
.

Could you please upgrade your binary runner to the latest version and test again?

you are right, binary of the latest version not work also

> > It seems to be a ACTIONS_RUNTIME_TOKEN issue > > I think so. I guess it might be related to https://gitea.com/gitea/act_runner/src/commit/a05c5ba3ad5bc8f3ed8f31707a6c83eba60354d9/internal/app/run/runner.go#L162 . > > Could you please upgrade your binary runner to the latest version and test again? you are right, binary of the latest version not work also
seepine changed title from Run with docker image, can not build docker to docker/build-push-action can not work in latest version 2023-04-13 07:47:21 +00:00
wolfogre added the
kind
bug
related
workflow
 labels 2023-04-13 08:25:41 +00:00
Zettat123 commented 2023-04-13 08:49:35 +00:00
Member
Copy Link

In Gitea, ACTIONS_RUNTIME_TOKEN is a random string, not a JWT.
But the docker/build-push-action@v4 tries to parse the token as JWT and doesn't handle the error, so the job fails.

There are two workarounds:

  1. Set the ACTIONS_RUNTIME_TOKEN to empty manually, like:
- name: Build and push
  uses: docker/build-push-action@v4
  env:
    ACTIONS_RUNTIME_TOKEN: ''
  with:
...
  1. The bug has been fixed in a newer commit, but it has not been released. So you could use the latest version by specifying the branch name, like:
- name: Build and push
  uses: docker/build-push-action@master
  with:
...
In Gitea, `ACTIONS_RUNTIME_TOKEN` is a random string, not a JWT. But the `docker/build-push-action@v4` tries to parse the token as JWT and doesn't handle the error, so the job fails. There are two workarounds: 1. Set the `ACTIONS_RUNTIME_TOKEN` to empty manually, like: ``` yml - name: Build and push uses: docker/build-push-action@v4 env: ACTIONS_RUNTIME_TOKEN: '' with: ... ``` 2. The bug has been fixed in a newer [commit](https://gitea.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba?style=split&whitespace=show-all#diff-1af9a5bdf96ddff3a2f3427ed520b7005e9564ad), but it has not been released. So you could use the latest version by specifying the branch name, like: ``` yml - name: Build and push uses: docker/build-push-action@master with: ... ```
👍 3
Zettat123 commented 2023-04-13 08:56:08 +00:00
Member
Copy Link

The code related to parsing ACTIONS_RUNTIME_TOKEN as JWT in docker/build-push-action@v4:

  • src/main.ts Lines 18 to 25 in 3b5e8027fc
    await core.group(`GitHub Actions runtime token access controls`, async () => {
    const actionsRuntimeToken = process.env['ACTIONS_RUNTIME_TOKEN'];
    if (actionsRuntimeToken) {
    core.info(JSON.stringify(JSON.parse(github.parseRuntimeToken(actionsRuntimeToken).ac as string), undefined, 2));
    } else {
    core.info(`ACTIONS_RUNTIME_TOKEN not set`);
    }
    });
  • src/github.ts Lines 7 to 9 in 3b5e8027fc
    export const parseRuntimeToken = (token: string): Jwt => {
    return jwt_decode<Jwt>(token);
    };
The code related to parsing `ACTIONS_RUNTIME_TOKEN` as JWT in `docker/build-push-action@v4`: - https://gitea.com/docker/build-push-action/src/commit/3b5e8027fcad23fda98b2e3ac259d8d67585f671/src/main.ts#L18-L25 - https://gitea.com/docker/build-push-action/src/commit/3b5e8027fcad23fda98b2e3ac259d8d67585f671/src/github.ts#L7-L9
wolfogre commented 2023-05-11 03:16:50 +00:00
Owner
Copy Link

I think we could close this PR since it has been documented as a known issue.

And strictly speaking, it's not a bug of act runner.

I think we could close this PR since it has been documented as a known issue. And strictly speaking, it's not a bug of act runner.
marthasimons commented 2023-07-26 14:06:46 +00:00
Copy Link

Thanks for fix it 👍👍

Thanks for fix it [👍](https://trustanalytica.com/online/best-urgent-essay-writing-services)[👍](https://writemyessay.ca/)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
renovate/github.com-nektos-act-0.x
renovate/alpine-3.x
renovate/actions-setup-go-5.x
renovate/golang.org-x-term-0.x
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
kind
bug
Something is not working

  
kind
build

  
kind/compatible
  
kind
dependencies

  
kind
docs

  
kind
enhancement
New feature

  
kind
feature

  
kind
help wanted
Need some help

  
kind
proposal

  
kind
refactor

  
related
act
Related to act.

  
related
environment
Related to the environment.

  
related
exec

  
related
gitea
Related to Gitea.

  
related
workflow
Related to the workflow file or actions scripts.

  
reviewed
confirmed
confirmed issue

  
reviewed
duplicate
This issue or pull request already exists

  
reviewed
invalid
Something is wrong

  
reviewed
needs feedback

  
reviewed
wontfix
This won't be fixed

  
reviewed
workaround

No Label
kind
bug
kind
build
kind/compatible
kind
dependencies
kind
docs
kind
enhancement
kind
feature
kind
help wanted
kind
proposal
kind
refactor
related
act
related
environment
related
exec
related
gitea
related
workflow
reviewed
confirmed
reviewed
duplicate
reviewed
invalid
reviewed
needs feedback
reviewed
wontfix
reviewed
workaround
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/act_runner#119
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?