I'm trying to run a self-hosted runner on Windows for my private GitHub repository. My goal is to have the runner builds a Docker image, then push it to GHCR.
The runner is working properly, it is able to log into GHCR and build the image. But it fails on the last step, which is pushing the built image to GHCR.
This is my YAML file:
name: action demo
on:
push:
branches:
- "master"
pull_request:
paths:
- ".github/workflows/autobuild.yml"
jobs:
main:
runs-on: self-hosted
steps:
-
name: Checkout
uses: actions/checkout@v1
with:
fetch-depth: 1
lfs: false
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to ghcr
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v3
with:
context: .
push: true
file: docker/Dockerfile
target: main
tags: ghcr.io/<name>/<image-name>:latest
cache-from: type=registry,ref=ghcr.io/<name>/<image-name>:latest
cache-to: type=inline
Here are the logs on GiThub action:
Run docker/login-action@v1
...
Logging into ghcr.io...
Login Succeeded!
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile:
#1 transferring dockerfile: 251B done
#1 DONE 0.1s
...
#11 DONE 0.1s
#12 preparing layers for inline cache
#12 DONE 1.4s
#13 exporting to image
#13 exporting layers done
#13 exporting manifest sha256:21d34f713eb0c277b3b7838e23eb04e3aeacbbdd47bf3f27deb3b8b1572ebd9f 0.0s done
#13 exporting config sha256:902211fc6bbef98d00cd98156ac4c14a84e85e907c346ac4208bca7df8275e7e
#13 exporting config sha256:902211fc6bbef98d00cd98156ac4c14a84e85e907c346ac4208bca7df8275e7e 0.0s done
#13 pushing layers 0.1s done
#13 ERROR: failed to push ghcr.io/<name>/<image-name>latest: failed to do request: Head "https://ghcr.io/v2/<name>/<image-name>/blobs/sha256:2f5143c663bfdb04d3096047f28c19025a8f8c9f9dbf01d497836ebe6cac197a": x509: certificate signed by unknown authority
------
> importing cache manifest from ghcr.io/<name>/<image-name>:latest:
------
------
> exporting to image:
------
error: failed to solve: failed to push ghcr.io/<name>/<image-name>:latest: failed to do request: Head "https://ghcr.io/v2/<name>/<image-name>/blobs/sha256:2f5143c663bfdb04d3096047f28c19025a8f8c9f9dbf01d497836ebe6cac197a": x509: certificate signed by unknown authority
Error: buildx failed with: error: failed to solve: failed to push ghcr.io/<name>/<image-name>:latest: failed to do request: Head "https://ghcr.io/v2/<name>/<image-name>/blobs/sha256:2f5143c663bfdb04d3096047f28c19025a8f8c9f9dbf01d497836ebe6cac197a": x509: certificate signed by unknown authority
I checked the authentication on my hosted machine. And I'm able to both push and pull from GHCR.
GitHub had an issue with their certificates yesterday (separate from rotating the SSH keys). You should rerun your job to verify that's not the issue.
Otherwise, you'll need to update the root CA certificates on your runner.