Hi there,
I have a strange problem authenticating to my gitea container registry when a service is present in a job.
Without that service, everything works just fine. After adding that service, the credentials for the main container are no longer being used, and thus authentication fails.
This works just fine. The image is pulled and authentication against gitea container registry is successful:
name: Build Project
on: [push]
jobs:
build_and_deploy:
runs-on: ubuntu-latest
container:
image: git.foobar.myhost.tld/foobar/foobar-dev:latest
credentials:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
steps:
- name: Nothing really
run: echo "Hello, world!"
I can see the credentials being used in the logs of the Set up job
step:
Start image=git.foobar.myhost.tld/foobar/foobar-dev:latest
docker pull image=git.foobar.myhost.tld/foobar/foobar-dev:latest platform= username=*** forcePull=true
docker pull git.foobar.myhost.tld/foobar/foobar-dev:latest
Now, after adding a service, the setup step fails:
name: Build Project
on: [push]
jobs:
build_and_deploy:
runs-on: ubuntu-latest
container:
image: git.foobar.myhost.tld/foobar/foobar-dev:latest
credentials:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
services:
db:
image: docker.io/library/postgres:16.4
shm_size: 128mb
environment:
POSTGRES_USER: foobar
POSTGRES_PASSWORD: foobar
POSTGRES_DB: foobar-dev
steps:
- name: Nothing really
run: echo "Hello, world!"
The logs show that the credentials are no longer being used:
Start image=git.foobar.myhost.tld/foobar/foobar-dev:latest
docker pull image=docker.io/library/postgres:16.4 platform= username= forcePull=true
docker pull docker.io/library/postgres:16.4
pulling image 'docker.io/library/postgres:16.4' ()
Pulling from library/postgres :: 16.4
Digest: sha256:59c554e6f26822fd489ebbdef431457db2debd0c5762b24f11f603db5b91dfcc ::
Status: Image is up to date for postgres:16.4 ::
docker pull image=git.foobar.myhost.tld/foobar/foobar-dev:latest platform= username= forcePull=true
docker pull git.foobar.myhost.tld/foobar/foobar-dev:latest
pulling image 'git.foobar.myhost.tld/foobar/foobar-dev:latest' ()
Error response from daemon: unauthorized: authentication required
Specifying a service (using an image from docker hub) seems to break authentication for the main container (which is from my private gitea registry).
Any idea what’s going on here?