node.jsyamlgithub-actionsdockerhubdocker-pull

Pulling dockerhub image in github action failing


I am trying to host a node application using aws ec2 instance. and I am using Docker hub so that i can use GitHub to push the changes. I have created a free tier account in Docker hub and created a repository. and created a cicd.yml file inside .github/workflows. the yml file looks like this

name: Deploy Node Application

on: 
  push:
    branches:
      - mern-ec2-docker

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Source
        uses: actions/checkout@v4
      - name: Login to docker hub
        run: docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build Docker Image
        run: docker build -t ziendocker/zien-backend  .
      - name: Publish Image to docker hub
        run: docker push ziendocker/zien-backend:latest 
 
  deploy:
    needs: build
    runs-on: self-hosted 
    steps:
      - name: Pull image from docker hub
        run: docker pull ziendocker/zien-backend 
      - name: Delete old container
        run: docker rm -f nodejs-app-container  
      - name: Run Docker Container
        run: docker run -d -p 4000:4000 --name nodejs-app-container -e MONGO_PASSWORD='${{ secrets.MONGO_PASSWORD }}' ziendocker/zien-backend

The Dockerfile created along looks like this

FROM node:alpine3.18
WORKDIR /app
COPY package.json ./
RUN npm install
COPY . .
EXPOSE 5000
CMD [ "npm","run","start"]

the build job runs successfully, login successfully and the image has been pushed to the Docker hub. But when running the job deploy in Pull image from docker hub results an in an error

Run docker pull ziendocker/zien-backend

docker pull ziendocker/zien-backend shell: /usr/bin/bash -e {0} Using default tag: latest Error response from daemon: pull access denied for ziendocker/zien-backend, repository does not exist or may require 'docker login': denied: requested access to the resource is denied Error: Process completed with exit code 1.

since the image is already published to the docker hub the access credentials are correct.where did i go wrong?

i tried docker pull ziendocker/zien-backend:latest resulted in same error .changed the initial login to

- name: Login to Docker Hub
  uses: docker/login-action@v3
  with:
    username: ${{ secrets.DOCKERHUB_USERNAME }}
    password: ${{ secrets.DOCKERHUB_TOKEN }}

it resulted in

Run docker/login-action@v3
  with:
    password: ***
    ecr: auto
    logout: true
Error: Username and password required

tried a new access token from docker. same error on deploy


Solution

  • Explanation

    Both approaches should work, but you are using two different secret variable names (DOCKER_USERNAME vs DOCKERHUB_USERNAME). Which one is correct, and are you sure they are configured to secrets and not variables?

            run: docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
    
        username: ${{ secrets.DOCKERHUB_USERNAME }}
    

    Anyway, the real problem is here:

      build:
        runs-on: ubuntu-latest
        steps:
          - name: Checkout Source
            uses: actions/checkout@v4
          - name: Login to docker hub
            run: docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
         ...
      deploy:
        needs: build
        runs-on: self-hosted
        steps:
          - name: Pull image from docker hub
            run: docker pull ziendocker/zien-backend
        ...
    

    You have two different jobs, the first one does the pushing and the other one the pulling. First of all, the login does not persist between jobs. Neither does the runner, each job spins up a fresh one. And that does not apply here anyway since your runners are anyway configured as different.

    It's the same if you logged in on your desktop first and expected the pull to work on your brand new laptop next.

    Solution

    So, what you need to do is to just add the login also to the second job:

        steps:
          - name: Login to docker hub
            run: docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
          - name: Pull image from docker hub
            run: docker pull ziendocker/zien-backend 
          ...
    

    and it should work just by doing that.