Github action: Build and push docker image fails. server message: insufficient_scope: authorization failed

Question

I'm using the GitHub action "Build and push Docker images" as it's from Docker and a top rated verified action.

The relevant snippet of my YAML file is as follows

  - name: Set up QEMU
    uses: docker/setup-qemu-action@v1
  - name: Set up Docker Buildx
    uses: docker/setup-buildx-action@v1
  - name: Login to DockerHub
    uses: docker/login-action@v1
    with:
      username: ${{ secrets.DOCKERHUB_USERNAME }}
      password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
  - name: Build and push
    id: docker_build
    uses: docker/build-push-action@v2
    with:
      push: true
      tags: user/app:latest
  - name: Image digest
    run: echo ${{ steps.docker_build.outputs.digest }}

Just as it was shown in the example. When the workflow runs, I consistently see the error

10 [stage-1 2/2] COPY --from=build /workspace/target/*.jar app.jar
#10 DONE 0.9s

#12 exporting to image
#12 exporting layers
#12 exporting layers 4.3s done
#12 exporting manifest sha256:dafb0869387b325491aed0cdc10c2d0206aca28006b300554f48e4c389fc3bf1 done
#12 exporting config sha256:f64316c3b529b43a6cfcc933656c77e556fea8e5600b6d0cce8dc09f775cf107 done
#12 pushing layers
#12 pushing layers 0.8s done
#12 ERROR: server message: insufficient_scope: authorization failed
------
 > exporting to image:
------
failed to solve: rpc error: code = Unknown desc = server message: insufficient_scope: authorization failed
Error: The process '/usr/bin/docker' failed with exit code 1

The contents of my Dockerfile for a standard spring-boot application is as shown below

FROM maven:3.6.3-jdk-11-slim AS build
RUN mkdir -p /workspace
WORKDIR /workspace
COPY pom.xml /workspace
COPY src /workspace/src
RUN mvn -B -f pom.xml clean package -DskipTests

FROM openjdk:11-jdk-slim
COPY --from=build /workspace/target/*.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java","-jar","app.jar"]

Any clue how this can be fixed?

I'm able to publish to docker-hub when using a different GitHub action as shown below

  - name: Build and push docker image
    uses: elgohr/Publish-Docker-Github-Action@master
    with:
      name: bloque/sales-lead-management
      username: ${{ secrets.DOCKERHUB_USERNAME }}
      password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}

Answer 1

You need to set a path context while using the Docker's build-push-action. It should look something like this:

 - name: Build and push
   id: docker_build
   uses: docker/build-push-action@v2
   with:
     context: .
     file: Dockerfile
     push: true
     tags: user/app:latest

The file option is entirely optional, but if left out it will find the Dockerfile inside the root directory.

It's also recommended to use the metadata action that provides more relevant metadata and tags for your Docker image.

Here is an example of how I did it for Spring Boot apps in few of my projects: https://github.com/moja-global/FLINT.Reporting/blob/d7504909f8f101054e503a2993f4f70ca92c2577/.github/workflows/docker.yml#L153