Skip to content

chore: add missing write permission to push built Docker images #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 16, 2025
Merged

chore: add missing write permission to push built Docker images #38

merged 2 commits into from
Jun 16, 2025

Conversation

kou
Copy link
Member

@kou kou commented Jun 16, 2025

What's Changed

Override permission in the docker job.

Closes #37.

raulcd
raulcd reviewed Jun 16, 2025
View reviewed changes
Copy link
Member

@raulcd raulcd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this be because it's the first time? We don't seem to have write permissions on others, like:
https://github.com/apache/arrow/blob/a974df4f2f11cf404c88df083d74a71aa463cfb9/.github/workflows/cpp.yml#L147-L152

@kou
Copy link
Member Author

kou commented Jun 16, 2025

apache/arrow uses Docker Hub not ghcr.io and Docker Hub user account is here: https://github.com/apache/arrow/blob/a974df4f2f11cf404c88df083d74a71aa463cfb9/.github/workflows/cpp.yml#L154-L155

assignUser
assignUser reviewed Jun 16, 2025
View reviewed changes
Copy link
Member

@assignUser assignUser left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If just updating the permission doesn't work it's probably the user name.
github.actor afaik would be kou (for this PR) but the required login would be apache which you can get through github.repository_owner

@assignUser
Copy link
Member

Alternatively we might need to ask infra to enable the package permissions for this repo? But I feel like that defaults to enabled.

@kou @assignUser
Fix category
f5822e9 
Co-authored-by: Jacob Wujciak-Jens <jacob@wujciak.de>
@kou
Copy link
Member Author

kou commented Jun 16, 2025

github.actor afaik would be kou (for this PR) but the required login would be apache which you can get through github.repository_owner

Hmm. Auto-generated GitHub Token may be for github.actor not github.repository.

FYI: ADBC uses github.actor and it works:

https://github.com/apache/arrow-adbc/blob/24950853d2398fd75601656fbf2bc2ddeff7d87c/.github/workflows/packaging.yml#L360-L365

https://github.com/apache/arrow-adbc/actions/runs/15668872626/job/44136690901#step:8:1

Run docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
  with:
    registry: ghcr.io
    username: lidavidm
    password: ***
    ecr: auto
    logout: true

@kou
Copy link
Member Author

kou commented Jun 16, 2025

Alternatively we might need to ask infra to enable the package permissions for this repo? But I feel like that defaults to enabled.

apache/arrow-java#476 may be related but let's try with this. If we can't push, let's ask INFRA.

@assignUser
Copy link
Member

Ah, ok! Then it's probably just the missing scope :)

@assignUser assignUser merged commit 466da39 into apache:main Jun 16, 2025
2 checks passed
@kou kou deleted the ci-push branch June 17, 2025 01:11
@kou
Copy link
Member Author

kou commented Jun 17, 2025

Worked: https://github.com/apache/arrow-swift/actions/runs/15693333885/job/44213242144#step:9:849

 Pushing ghcr.io/apache/arrow-swift-dev:amd64-ubuntu-noble: c8ed27d1ec99 Pushed

@kou
Copy link
Member Author

kou commented Jun 17, 2025

https://github.com/apache/arrow-swift/pkgs/container/arrow-swift-dev is public. It must be available from forks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raulcd raulcd raulcd left review comments

@assignUser assignUser assignUser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Need write permission for caching Docker image for CI
3 participants
@kou @assignUser @raulcd