Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker Pull GCR Image command fails with unauthorized #22

Open
puneet2607 opened this issue Aug 9, 2022 · 3 comments
Open

Docker Pull GCR Image command fails with unauthorized #22

puneet2607 opened this issue Aug 9, 2022 · 3 comments
Assignees
@FrodoTheTrue
Labels
bug Something isn't working

Comments

@puneet2607
Copy link

TL;DR

Hi,
I am writing a Github workflow like below to pull and run a GCR private image on my GCP compute instance. GCP compute instance is not Container-Optimized OS, its self managed running Ubuntu 18.4 and Docker version 19.03.4. I configured all service account related stuff. I am getting unauthorized error when running docker pull gcr command through compute-ssh workflow, while it runs fine when I run directly on a compute instance SSH for the same user. Please suggest.

Expected behavior

As GCR image gets pull successfully when command gets executed directly on the instance SSH console that mean instance and user account has right privilege. Through GitHub workflow GCR image should also get pulled without an error.

Observed behavior

Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

Action YAML

name: GCP VM Connect Test
on:
  workflow_dispatch: # Put here!!
  push:
    branches: [ "my-branch" ]
  pull_request:
    branches: [ "my-branch" ]

jobs:
  gcp_ssh_test:
    runs-on: ubuntu-latest
    steps:
      - uses: 'actions/checkout@v3'

      - id: 'auth'
        uses: 'google-github-actions/auth@v0'
        with:
          credentials_json: '${{ secrets.GCLOUD_SERVICE_KEY }}'

      - id: 'compute-ssh'
        uses: 'google-github-actions/ssh-compute@v0'
        with:
          instance_name: 'puneet-githubactions-test-1'
          zone: 'us-central1-a'
          project_id: 'my-project-id'
          user: 'puneet_garg'
          ssh_private_key: '${{ secrets.GCP_SSH_PRIVATE_KEY }}'
          command: 'docker pull gcr.io/my-project-id'/image-name@image-sha'
          
      # Example of using the output
      - id: 'test'
        run: |-
          echo '${{ steps.compute-ssh.outputs.stdout }}'

Log output

2022-08-08T22:47:03.6634294Z Requested labels: ubuntu-latest
2022-08-08T22:47:03.6634333Z Job defined at: org/repo/.github/workflows/GCP-VM.yml@refs/heads/instance-name
2022-08-08T22:47:03.6634348Z Waiting for a runner to pick up this job...
2022-08-08T22:47:04.0468298Z Job is waiting for a hosted runner to come online.
2022-08-08T22:47:09.3145944Z Job is about to start running on the hosted runner: GitHub Actions 3 (hosted)
2022-08-08T22:47:12.6528888Z Current runner version: '2.294.0'
2022-08-08T22:47:12.6564285Z ##[group]Operating System
2022-08-08T22:47:12.6565447Z Ubuntu
2022-08-08T22:47:12.6566299Z 20.04.4
2022-08-08T22:47:12.6567127Z LTS
2022-08-08T22:47:12.6567957Z ##[endgroup]
2022-08-08T22:47:12.6568870Z ##[group]Virtual Environment
2022-08-08T22:47:12.6569887Z Environment: ubuntu-20.04
2022-08-08T22:47:12.6570779Z Version: 20220729.1
2022-08-08T22:47:12.6572067Z Included Software: https://github.com/actions/virtual-environments/blob/ubuntu20/20220729.1/images/linux/Ubuntu2004-Readme.md
2022-08-08T22:47:12.6573594Z Image Release: https://github.com/actions/virtual-environments/releases/tag/ubuntu20%2F20220729.1
2022-08-08T22:47:12.6574777Z ##[endgroup]
2022-08-08T22:47:12.6576130Z ##[group]Virtual Environment Provisioner
2022-08-08T22:47:12.6577158Z 1.0.0.0-main-20220725-1
2022-08-08T22:47:12.6578041Z ##[endgroup]
2022-08-08T22:47:12.6580491Z ##[group]GITHUB_TOKEN Permissions
2022-08-08T22:47:12.6581845Z Actions: write
2022-08-08T22:47:12.6582967Z Checks: write
2022-08-08T22:47:12.6583888Z Contents: write
2022-08-08T22:47:12.6584789Z Deployments: write
2022-08-08T22:47:12.6585688Z Discussions: write
2022-08-08T22:47:12.6586532Z Issues: write
2022-08-08T22:47:12.6587400Z Metadata: read
2022-08-08T22:47:12.6588268Z Packages: write
2022-08-08T22:47:12.6589196Z Pages: write
2022-08-08T22:47:12.6590064Z PullRequests: write
2022-08-08T22:47:12.6590972Z RepositoryProjects: write
2022-08-08T22:47:12.6591916Z SecurityEvents: write
2022-08-08T22:47:12.6592798Z Statuses: write
2022-08-08T22:47:12.6593682Z ##[endgroup]
2022-08-08T22:47:12.6598731Z Secret source: Actions
2022-08-08T22:47:12.6599911Z Prepare workflow directory
2022-08-08T22:47:12.7598658Z Prepare all required actions
2022-08-08T22:47:12.7820998Z Getting action download info
2022-08-08T22:47:13.1437633Z Download action repository 'actions/checkout@v3' (SHA:2541b1294d2704b0964813337f33b291d3f8596b)
2022-08-08T22:47:13.4951026Z Download action repository 'google-github-actions/auth@v0' (SHA:ceee102ec2387dd9e844e01b530ccd4ec87ce955)
2022-08-08T22:47:13.6288739Z Download action repository 'google-github-actions/ssh-compute@v0' (SHA:5ca0d009de50ecc7cc476be6ea4bc1265e6080f3)
2022-08-08T22:47:14.1912300Z ##[group]Run actions/checkout@v3
2022-08-08T22:47:14.1913344Z with:
2022-08-08T22:47:14.1914193Z   repository: org/image-name
2022-08-08T22:47:14.1915392Z   token: ***
2022-08-08T22:47:14.1916220Z   ssh-strict: true
2022-08-08T22:47:14.1917071Z   persist-credentials: true
2022-08-08T22:47:14.1917848Z   clean: true
2022-08-08T22:47:14.1918624Z   fetch-depth: 1
2022-08-08T22:47:14.1919396Z   lfs: false
2022-08-08T22:47:14.1920123Z   submodules: false
2022-08-08T22:47:14.1920987Z   set-safe-directory: true
2022-08-08T22:47:14.1921810Z ##[endgroup]
2022-08-08T22:47:14.5639487Z Syncing repository: org/image-name
2022-08-08T22:47:14.5643667Z ##[group]Getting Git version info
2022-08-08T22:47:14.5644922Z Working directory is '/home/runner/work/image-name/image-name'
2022-08-08T22:47:14.5646575Z [command]/usr/bin/git version
2022-08-08T22:47:14.5917833Z git version 2.37.1
2022-08-08T22:47:14.5920839Z ##[endgroup]
2022-08-08T22:47:14.5939243Z Temporarily overriding HOME='/home/runner/work/_temp/57943409-4a7c-4193-8a51-4bcef4ab17d0' before making global git config changes
2022-08-08T22:47:14.5940604Z Adding repository directory to the temporary git global config as a safe directory
2022-08-08T22:47:14.5943036Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/image-name/image-name
2022-08-08T22:47:14.5991676Z Deleting the contents of '/home/runner/work/image-name/image-name'
2022-08-08T22:47:14.5996942Z ##[group]Initializing the repository
2022-08-08T22:47:14.6000880Z [command]/usr/bin/git init /home/runner/work/image-name/image-name
2022-08-08T22:47:14.6208343Z hint: Using 'master' as the name for the initial branch. This default branch name
2022-08-08T22:47:14.6210142Z hint: is subject to change. To configure the initial branch name to use in all
2022-08-08T22:47:14.6211954Z hint: of your new repositories, which will suppress this warning, call:
2022-08-08T22:47:14.6213925Z hint: 
2022-08-08T22:47:14.6215107Z hint: 	git config --global init.defaultBranch <name>
2022-08-08T22:47:14.6345499Z hint: 
2022-08-08T22:47:14.6346701Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2022-08-08T22:47:14.6347739Z hint: 'development'. The just-created branch can be renamed via this command:
2022-08-08T22:47:14.6348489Z hint: 
2022-08-08T22:47:14.6349095Z hint: 	git branch -m <name>
2022-08-08T22:47:14.6349978Z Initialized empty Git repository in /home/runner/work/image-name/image-name/.git/
2022-08-08T22:47:14.6351090Z [command]/usr/bin/git remote add origin https://github.com/org/image-name
2022-08-08T22:47:14.6395400Z ##[endgroup]
2022-08-08T22:47:14.6398112Z ##[group]Disabling automatic garbage collection
2022-08-08T22:47:14.6399873Z [command]/usr/bin/git config --local gc.auto 0
2022-08-08T22:47:14.6401168Z ##[endgroup]
2022-08-08T22:47:14.6402616Z ##[group]Setting up auth
2022-08-08T22:47:14.6403810Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2022-08-08T22:47:14.6405819Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :
2022-08-08T22:47:14.6836541Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2022-08-08T22:47:14.6876816Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :
2022-08-08T22:47:14.7159021Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2022-08-08T22:47:14.7197958Z ##[endgroup]
2022-08-08T22:47:14.7199445Z ##[group]Fetching the repository
2022-08-08T22:47:14.7209135Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +3895c8542a97953415d1217b7c5b2a468ae2fdb0:refs/remotes/origin/instance-name
2022-08-08T22:47:15.0292708Z remote: Enumerating objects: 69, done.        
2022-08-08T22:47:15.0293696Z remote: Counting objects:   1% (1/69)        
2022-08-08T22:47:15.0294502Z remote: Counting objects:   2% (2/69)        
2022-08-08T22:47:15.0295606Z remote: Counting objects:   4% (3/69)        
2022-08-08T22:47:15.0296405Z remote: Counting objects:   5% (4/69)        
2022-08-08T22:47:15.0297180Z remote: Counting objects:   7% (5/69)        
2022-08-08T22:47:15.0297957Z remote: Counting objects:   8% (6/69)        
2022-08-08T22:47:15.0298728Z remote: Counting objects:  10% (7/69)        
2022-08-08T22:47:15.0299485Z remote: Counting objects:  11% (8/69)        
2022-08-08T22:47:15.0300260Z remote: Counting objects:  13% (9/69)        
2022-08-08T22:47:15.0301038Z remote: Counting objects:  14% (10/69)        
2022-08-08T22:47:15.0301820Z remote: Counting objects:  15% (11/69)        
2022-08-08T22:47:15.0302628Z remote: Counting objects:  17% (12/69)        
2022-08-08T22:47:15.0303397Z remote: Counting objects:  18% (13/69)        
2022-08-08T22:47:15.0304175Z remote: Counting objects:  20% (14/69)        
2022-08-08T22:47:15.0304946Z remote: Counting objects:  21% (15/69)        
2022-08-08T22:47:15.0305723Z remote: Counting objects:  23% (16/69)        
2022-08-08T22:47:15.0306488Z remote: Counting objects:  24% (17/69)        
2022-08-08T22:47:15.0307254Z remote: Counting objects:  26% (18/69)        
2022-08-08T22:47:15.0308029Z remote: Counting objects:  27% (19/69)        
2022-08-08T22:47:15.0308791Z remote: Counting objects:  28% (20/69)        
2022-08-08T22:47:15.0310065Z remote: Counting objects:  30% (21/69)        
2022-08-08T22:47:15.0310846Z remote: Counting objects:  31% (22/69)        
2022-08-08T22:47:15.0311632Z remote: Counting objects:  33% (23/69)        
2022-08-08T22:47:15.0312395Z remote: Counting objects:  34% (24/69)        
2022-08-08T22:47:15.0313412Z remote: Counting objects:  36% (25/69)        
2022-08-08T22:47:15.0314176Z remote: Counting objects:  37% (26/69)        
2022-08-08T22:47:15.0314951Z remote: Counting objects:  39% (27/69)        
2022-08-08T22:47:15.0315727Z remote: Counting objects:  40% (28/69)        
2022-08-08T22:47:15.0316547Z remote: Counting objects:  42% (29/69)        
2022-08-08T22:47:15.0317317Z remote: Counting objects:  43% (30/69)        
2022-08-08T22:47:15.0318086Z remote: Counting objects:  44% (31/69)        
2022-08-08T22:47:15.0318858Z remote: Counting objects:  46% (32/69)        
2022-08-08T22:47:15.0319619Z remote: Counting objects:  47% (33/69)        
2022-08-08T22:47:15.0320378Z remote: Counting objects:  49% (34/69)        
2022-08-08T22:47:15.0321135Z remote: Counting objects:  50% (35/69)        
2022-08-08T22:47:15.0321899Z remote: Counting objects:  52% (36/69)        
2022-08-08T22:47:15.0322675Z remote: Counting objects:  53% (37/69)        
2022-08-08T22:47:15.0323435Z remote: Counting objects:  55% (38/69)        
2022-08-08T22:47:15.0324200Z remote: Counting objects:  56% (39/69)        
2022-08-08T22:47:15.0324960Z remote: Counting objects:  57% (40/69)        
2022-08-08T22:47:15.0325732Z remote: Counting objects:  59% (41/69)        
2022-08-08T22:47:15.0326559Z remote: Counting objects:  60% (42/69)        
2022-08-08T22:47:15.0327324Z remote: Counting objects:  62% (43/69)        
2022-08-08T22:47:15.0328087Z remote: Counting objects:  63% (44/69)        
2022-08-08T22:47:15.0328851Z remote: Counting objects:  65% (45/69)        
2022-08-08T22:47:15.0329631Z remote: Counting objects:  66% (46/69)        
2022-08-08T22:47:15.0330428Z remote: Counting objects:  68% (47/69)        
2022-08-08T22:47:15.0331189Z remote: Counting objects:  69% (48/69)        
2022-08-08T22:47:15.0331952Z remote: Counting objects:  71% (49/69)        
2022-08-08T22:47:15.0332730Z remote: Counting objects:  72% (50/69)        
2022-08-08T22:47:15.0333497Z remote: Counting objects:  73% (51/69)        
2022-08-08T22:47:15.0334326Z remote: Counting objects:  75% (52/69)        
2022-08-08T22:47:15.0335090Z remote: Counting objects:  76% (53/69)        
2022-08-08T22:47:15.0336176Z remote: Counting objects:  78% (54/69)        
2022-08-08T22:47:15.0336982Z remote: Counting objects:  79% (55/69)        
2022-08-08T22:47:15.0337739Z remote: Counting objects:  81% (56/69)        
2022-08-08T22:47:15.0338503Z remote: Counting objects:  82% (57/69)        
2022-08-08T22:47:15.0339268Z remote: Counting objects:  84% (58/69)        
2022-08-08T22:47:15.0340052Z remote: Counting objects:  85% (59/69)        
2022-08-08T22:47:15.0340811Z remote: Counting objects:  86% (60/69)        
2022-08-08T22:47:15.0341571Z remote: Counting objects:  88% (61/69)        
2022-08-08T22:47:15.0342478Z remote: Counting objects:  89% (62/69)        
2022-08-08T22:47:15.0343254Z remote: Counting objects:  91% (63/69)        
2022-08-08T22:47:15.0344027Z remote: Counting objects:  92% (64/69)        
2022-08-08T22:47:15.0344794Z remote: Counting objects:  94% (65/69)        
2022-08-08T22:47:15.0345555Z remote: Counting objects:  95% (66/69)        
2022-08-08T22:47:15.0346530Z remote: Counting objects:  97% (67/69)        
2022-08-08T22:47:15.0347304Z remote: Counting objects:  98% (68/69)        
2022-08-08T22:47:15.0348074Z remote: Counting objects: 100% (69/69)        
2022-08-08T22:47:15.0348868Z remote: Counting objects: 100% (69/69), done.        
2022-08-08T22:47:15.0349698Z remote: Compressing objects:   1% (1/64)        
2022-08-08T22:47:15.0350517Z remote: Compressing objects:   3% (2/64)        
2022-08-08T22:47:15.0352913Z remote: Compressing objects:   4% (3/64)        
2022-08-08T22:47:15.0354501Z remote: Compressing objects:   6% (4/64)        
2022-08-08T22:47:15.0355196Z remote: Compressing objects:   7% (5/64)        
2022-08-08T22:47:15.0355869Z remote: Compressing objects:   9% (6/64)        
2022-08-08T22:47:15.0356638Z remote: Compressing objects:  10% (7/64)        
2022-08-08T22:47:15.0357320Z remote: Compressing objects:  12% (8/64)        
2022-08-08T22:47:15.0358195Z remote: Compressing objects:  14% (9/64)        
2022-08-08T22:47:15.0358887Z remote: Compressing objects:  15% (10/64)        
2022-08-08T22:47:15.0359587Z remote: Compressing objects:  17% (11/64)        
2022-08-08T22:47:15.0360291Z remote: Compressing objects:  18% (12/64)        
2022-08-08T22:47:15.0361591Z remote: Compressing objects:  20% (13/64)        
2022-08-08T22:47:15.0362709Z remote: Compressing objects:  21% (14/64)        
2022-08-08T22:47:15.0363841Z remote: Compressing objects:  23% (15/64)        
2022-08-08T22:47:15.0364539Z remote: Compressing objects:  25% (16/64)        
2022-08-08T22:47:15.0365219Z remote: Compressing objects:  26% (17/64)        
2022-08-08T22:47:15.0365923Z remote: Compressing objects:  28% (18/64)        
2022-08-08T22:47:15.0366934Z remote: Compressing objects:  29% (19/64)        
2022-08-08T22:47:15.0367998Z remote: Compressing objects:  31% (20/64)        
2022-08-08T22:47:15.0368688Z remote: Compressing objects:  32% (21/64)        
2022-08-08T22:47:15.0369377Z remote: Compressing objects:  34% (22/64)        
2022-08-08T22:47:15.0370636Z remote: Compressing objects:  35% (23/64)        
2022-08-08T22:47:15.0371673Z remote: Compressing objects:  37% (24/64)        
2022-08-08T22:47:15.0372394Z remote: Compressing objects:  39% (25/64)        
2022-08-08T22:47:15.0373063Z remote: Compressing objects:  40% (26/64)        
2022-08-08T22:47:15.0373735Z remote: Compressing objects:  42% (27/64)        
2022-08-08T22:47:15.0374400Z remote: Compressing objects:  43% (28/64)        
2022-08-08T22:47:15.0375096Z remote: Compressing objects:  45% (29/64)        
2022-08-08T22:47:15.0376026Z remote: Compressing objects:  46% (30/64)        
2022-08-08T22:47:15.0376710Z remote: Compressing objects:  48% (31/64)        
2022-08-08T22:47:15.0377391Z remote: Compressing objects:  50% (32/64)        
2022-08-08T22:47:15.0378065Z remote: Compressing objects:  51% (33/64)        
2022-08-08T22:47:15.0378739Z remote: Compressing objects:  53% (34/64)        
2022-08-08T22:47:15.0383330Z remote: Compressing objects:  54% (35/64)        
2022-08-08T22:47:15.0384217Z remote: Compressing objects:  56% (36/64)        
2022-08-08T22:47:15.0384922Z remote: Compressing objects:  57% (37/64)        
2022-08-08T22:47:15.0385598Z remote: Compressing objects:  59% (38/64)        
2022-08-08T22:47:15.0386569Z remote: Compressing objects:  60% (39/64)        
2022-08-08T22:47:15.0387277Z remote: Compressing objects:  62% (40/64)        
2022-08-08T22:47:15.0387963Z remote: Compressing objects:  64% (41/64)        
2022-08-08T22:47:15.0388646Z remote: Compressing objects:  65% (42/64)        
2022-08-08T22:47:15.0389320Z remote: Compressing objects:  67% (43/64)        
2022-08-08T22:47:15.0390110Z remote: Compressing objects:  68% (44/64)        
2022-08-08T22:47:15.0390842Z remote: Compressing objects:  70% (45/64)        
2022-08-08T22:47:15.0391528Z remote: Compressing objects:  71% (46/64)        
2022-08-08T22:47:15.0392204Z remote: Compressing objects:  73% (47/64)        
2022-08-08T22:47:15.0392886Z remote: Compressing objects:  75% (48/64)        
2022-08-08T22:47:15.0393570Z remote: Compressing objects:  76% (49/64)        
2022-08-08T22:47:15.0394241Z remote: Compressing objects:  78% (50/64)        
2022-08-08T22:47:15.0394930Z remote: Compressing objects:  79% (51/64)        
2022-08-08T22:47:15.0395607Z remote: Compressing objects:  81% (52/64)        
2022-08-08T22:47:15.0396336Z remote: Compressing objects:  82% (53/64)        
2022-08-08T22:47:15.0397008Z remote: Compressing objects:  84% (54/64)        
2022-08-08T22:47:15.0397688Z remote: Compressing objects:  85% (55/64)        
2022-08-08T22:47:15.0398396Z remote: Compressing objects:  87% (56/64)        
2022-08-08T22:47:15.0399088Z remote: Compressing objects:  89% (57/64)        
2022-08-08T22:47:15.0399764Z remote: Compressing objects:  90% (58/64)        
2022-08-08T22:47:15.0400436Z remote: Compressing objects:  92% (59/64)        
2022-08-08T22:47:15.0401241Z remote: Compressing objects:  93% (60/64)        
2022-08-08T22:47:15.0401918Z remote: Compressing objects:  95% (61/64)        
2022-08-08T22:47:15.0402594Z remote: Compressing objects:  96% (62/64)        
2022-08-08T22:47:15.0403331Z remote: Compressing objects:  98% (63/64)        
2022-08-08T22:47:15.0404051Z remote: Compressing objects: 100% (64/64)        
2022-08-08T22:47:15.0404753Z remote: Compressing objects: 100% (64/64), done.        
2022-08-08T22:47:15.0647287Z remote: Total 69 (delta 1), reused 50 (delta 0), pack-reused 0        
2022-08-08T22:47:15.0915107Z From https://github.com/org/image-name
2022-08-08T22:47:15.0930937Z  * [new ref]         3895c8542a97953415d1217b7c5b2a468ae2fdb0 -> origin/instance-name
2022-08-08T22:47:15.0972287Z ##[endgroup]
2022-08-08T22:47:15.0973790Z ##[group]Determining the checkout info
2022-08-08T22:47:15.0976297Z ##[endgroup]
2022-08-08T22:47:15.0977245Z ##[group]Checking out the ref
2022-08-08T22:47:15.0980605Z [command]/usr/bin/git checkout --progress --force -B instance-name refs/remotes/origin/instance-name
2022-08-08T22:47:15.1133885Z Switched to a new branch 'instance-name'
2022-08-08T22:47:15.1135788Z branch 'instance-name' set up to track 'origin/instance-name'.
2022-08-08T22:47:15.1144530Z ##[endgroup]
2022-08-08T22:47:15.1200101Z [command]/usr/bin/git log -1 --format='%H'
2022-08-08T22:47:15.1245902Z '3895c8542a97953415d1217b7c5b2a468ae2fdb0'
2022-08-08T22:47:15.1657613Z ##[group]Run google-github-actions/auth@v0
2022-08-08T22:47:15.1658298Z with:
2022-08-08T22:47:15.1666950Z   credentials_json: ***
2022-08-08T22:47:15.1667572Z   create_credentials_file: true
2022-08-08T22:47:15.1668197Z   export_environment_variables: true
2022-08-08T22:47:15.1668822Z   cleanup_credentials: true
2022-08-08T22:47:15.1669406Z   access_token_lifetime: 3600s
2022-08-08T22:47:15.1670132Z   access_token_scopes: https://www.googleapis.com/auth/cloud-platform
2022-08-08T22:47:15.1670858Z   retries: 0
2022-08-08T22:47:15.1671501Z   id_token_include_email: false
2022-08-08T22:47:15.1672071Z ##[endgroup]
2022-08-08T22:47:15.2506303Z Created credentials file at "/home/runner/work/image-name/image-name/gha-creds-653f4574405d6801.json"
2022-08-08T22:47:15.2507159Z 
2022-08-08T22:47:15.2540643Z 
2022-08-08T22:47:15.2676415Z ##[group]Run google-github-actions/ssh-compute@v0
2022-08-08T22:47:15.2677102Z with:
2022-08-08T22:47:15.2677709Z   instance_name: instance-name
2022-08-08T22:47:15.2678364Z   zone: us-central1-a
2022-08-08T22:47:15.2678977Z   project_id: project-id
2022-08-08T22:47:15.2679588Z   user: puneet_garg
2022-08-08T22:47:15.2686028Z   ssh_private_key: ***
2022-08-08T22:47:15.2686892Z   command: docker pull gcr.io/project-id/image-name@sha256:sha
2022-08-08T22:47:15.2688045Z env:
2022-08-08T22:47:15.2688881Z   CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/image-name/image-name/gha-creds-653f4574405d6801.json
2022-08-08T22:47:15.2690046Z   GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/image-name/image-name/gha-creds-653f4574405d6801.json
2022-08-08T22:47:15.2691126Z   GOOGLE_GHA_CREDS_PATH: /home/runner/work/image-name/image-name/gha-creds-653f4574405d6801.json
2022-08-08T22:47:15.2692028Z   CLOUDSDK_CORE_PROJECT: project-id
2022-08-08T22:47:15.2692730Z   CLOUDSDK_PROJECT: project-id
2022-08-08T22:47:15.2693397Z   GCLOUD_PROJECT: project-id
2022-08-08T22:47:15.2694051Z   GCP_PROJECT: project-id
2022-08-08T22:47:15.2694743Z   GOOGLE_CLOUD_PROJECT: project-id
2022-08-08T22:47:15.2695770Z ##[endgroup]
2022-08-08T22:47:16.2706305Z [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/1fcc21ef-7475-4efc-973a-fe7b9fdcf3d2 -f /home/runner/work/_temp/bca10141-47f0-41e5-a49e-4a797e73610e
2022-08-08T22:47:33.4414254Z Running: gcloud compute ssh puneet_garg@instance-name --zone us-central1-a --ssh-key-file /tmp/370468b917507eeaf92cd5d1/google_compute_engine --quiet --tunnel-through-iap --project project-id --command docker pull gcr.io/project-id/image-name@sha256:sha
2022-08-08T22:47:37.6045475Z 
2022-08-08T22:47:37.6049064Z 
2022-08-08T22:47:37.6085184Z ##[error]google-github-actions/ssh-compute failed with: failed to execute gcloud command `gcloud compute ssh puneet_garg@instance-name --zone us-central1-a --ssh-key-file /tmp/370468b917507eeaf92cd5d1/google_compute_engine --quiet --tunnel-through-iap --project project-id --command docker pull gcr.io/project-id/image-name@sha256:sha`: WARNING: 

To increase the performance of the tunnel, consider installing NumPy. For instructions,
please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the_tcp_upload_bandwidth

Warning: Permanently added 'compute.5394523985438097724' (ECDSA) to the list of known hosts.
Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
2022-08-08T22:47:37.6254209Z Post job cleanup.
2022-08-08T22:47:37.7209230Z Post job cleanup.
2022-08-08T22:47:37.8060059Z Removed exported credentials at "/home/runner/work/image-name/image-name/gha-creds-653f4574405d6801.json".
2022-08-08T22:47:37.8178916Z Post job cleanup.
2022-08-08T22:47:37.9663404Z [command]/usr/bin/git version
2022-08-08T22:47:37.9720325Z git version 2.37.1
2022-08-08T22:47:37.9788575Z Temporarily overriding HOME='/home/runner/work/_temp/50e1efd2-6793-4e66-b33e-fb0496f874e8' before making global git config changes
2022-08-08T22:47:37.9790083Z Adding repository directory to the temporary git global config as a safe directory
2022-08-08T22:47:37.9792023Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/image-name/image-name
2022-08-08T22:47:37.9837755Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2022-08-08T22:47:37.9885996Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :
2022-08-08T22:47:38.0205560Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2022-08-08T22:47:38.0237912Z http.https://github.com/.extraheader
2022-08-08T22:47:38.0261685Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2022-08-08T22:47:38.0314023Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :
2022-08-08T22:47:38.0965951Z Cleaning up orphan processes

Additional information

Direct SSH Run Detail

puneet_garg@instance:~/.ssh$ docker pull gcr.io/project-id/image-name@sha
sha: Pulling from neo4j-solutions-demos/movies-demo
530afca65e2e: Pull complete
323a7915bc04: Pull complete
b5b558620e40: Pull complete
b37be0d2bf3c: Pull complete
ba036c7f95ec: Pull complete
a46fd6a16a7c: Pull complete
7b72cae89631: Pull complete
216cf4da2568: Pull complete
Digest: sha
Status: Downloaded newer image for gcr.io/project-id/image-name@sha
gcr.io/project-id/image-name@sha

Configuration Articles Followed

https://cloud.google.com/container-registry/docs/access-control#vm-push
@puneet2607 puneet2607 added the bug Something isn't working label Aug 9, 2022
@FrodoTheTrue FrodoTheTrue self-assigned this Aug 11, 2022
@FrodoTheTrue
Copy link
Contributor

Hi @puneet2607, thanks for raising the issue!

I see instance_name: instance-name as an input param in the log you presented, is that correct instance name param?

@puneet2607
Copy link
Author

Hi @FrodoTheTrue, I just replaced the actual values for the security reasons. Hope that helps.
To add little more context to the issue, after ssh-compute to the instance I want to run docker pull from gcr and gsutil command to perform some deployment activities. For the gsutil I am getting "bash: gsutil: command not found" and for docker getting unauthorized. When running my deployment script by ssh into instance directly not through GitHub actions all goes well.
which local user context this ssh-compute gets? or under which user context specified command gets run?

Thanks.

@miguelsmuller
Copy link

Hi there! I'm encountering a similar issue. I noticed your previous post about it. Were you able to resolve the problem? I'd appreciate any insights or solutions you might have. Thanks in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FrodoTheTrue FrodoTheTrue

Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
3 participants
@miguelsmuller @FrodoTheTrue @puneet2607