403 error on container registry push from GitHub Action

I’m building an image for multiple architectures like this:

name: Build Docker image

on:
  workflow_dispatch:
  release:
    types: [published]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: docker/setup-qemu-action@v1
      - uses: docker/setup-buildx-action@v1
      - uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/build-push-action@v2
        with:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ghcr.io/${{ github.repository }}:latest

The workflow fails near the end of the docker/build-push-action step, when pushing to the container registry:

#13 ERROR: unexpected status: 403 Forbidden
------
 > exporting to image:
------
error: failed to solve: rpc error: code = Unknown desc = unexpected status: 403 Forbidden
Error: buildx call failed with: error: failed to solve: rpc error: code = Unknown desc = unexpected status: 403 Forbidden

If I look in the repository’s packages, I can see one of the images and no manifest.

Sometimes, when the workflow is re-run, it completes successfully and publishes everything to the container registry - I haven’t been able to detect a pattern to when it succeeds.

3 Likes

I’ve been running into this too now. It worked for a while and then suddenly stopped working at all

1 Like

Hello, i think i have similar issue. I also get 403 while trying to push/export image to ghcr.io via GitHub Action. Below is the link to my logs:

What’s weird for me is that i can log to ghcr.io via docker login ghcr.io from the terminal on my local environment as well as using tmate session on GH Action workflow. Therefore i am confused why i receive 403, because i theoretically am able to log in to that service.

I have enabled “Improved container support” feature on my GH profile.

I managed to publish the package via command docker push ghcr.io/[owner]/[repository]:latest from terminal on local environment, which i suppose means that there is something wrong with GitHub Action itself. The disadvantage i noticed is that package is private by default, so i had to make it public from GitHub visibility settings. There probably might be a way to do it from CLI as well.

I’m seeing the exact same thing (login works, push fails) and, just to highlight this, I’ve already modified by package image repository settings to grant Write permissions to the github actions running in the github repository that houses my application’s source code.