Dependabot docker failing with public ghcr.io image

Hello,

I recently started seeing dependabot failing to pull from ghcr.io for a public image. This used to work but seems to have stopped working recently. Package it’s trying to check https://github.com/users/devpow112/packages/container/package/base-ubuntu. The repository trying to run dependabot is private but it should be able to check if it needs updates for a public image. See below log snippet from dependabot logs.

  proxy | 2020/10/05 03:19:40 [017] GET https://ghcr.io:443/v2/devpow112/base-ubuntu/tags/list
  proxy | 2020/10/05 03:19:40 [017] 401 https://ghcr.io:443/v2/devpow112/base-ubuntu/tags/list
  proxy | 2020/10/05 03:19:40 [019] GET https://ghcr.io:443/token?scope=repository%3Auser%2Fimage%3Apull
  proxy | 2020/10/05 03:19:40 [019] 403 https://ghcr.io:443/token?scope=repository%3Auser%2Fimage%3Apull
updater | INFO <job_64590950> Handled error whilst updating devpow112/base-ubuntu: private_source_authentication_failure {:source=>"ghcr.io"}
updater | INFO <job_64590950> Finished job processing
updater | time="2020-10-05T03:19:41Z" level=info msg="task complete" container_id=job-64590950-updater exit_code=0 job_id=64590950 step=updater

Any help would be appreciated

This is still occurring, wonder if anyone has any ideas

updater | INFO <job_102764568> Checking if devpow112/base-ubuntu focal-20210326 needs updating
  proxy | 2021/03/28 22:59:58 [012] GET https://ghcr.io:443/v2/devpow112/base-ubuntu/tags/list
  proxy | 2021/03/28 22:59:58 [012] 401 https://ghcr.io:443/v2/devpow112/base-ubuntu/tags/list
  proxy | 2021/03/28 22:59:58 [014] GET https://ghcr.io:443/token?service=ghcr.io&scope=repository%3Auser%2Fimage%3Apull
  proxy | 2021/03/28 22:59:58 [014] 403 https://ghcr.io:443/token?service=ghcr.io&scope=repository%3Auser%2Fimage%3Apull
updater | INFO <job_102764568> Handled error whilst updating devpow112/base-ubuntu: private_source_authentication_failure 

Hi @devpow112,

I think this might be the issue described here:

Could you let me know if this is related?

Hey @jcansdale,

I don’t think so. The logs I’ve listed are directly from the Dependabot logs not from a GitHub Actions run. It’s also not trying to pull a private image. The docker image devpow112/base-ubuntu is a public image from the GitHub Container Registry. There are no secrets involved since it’s a public image from the public repository. The funny thing is that the GitHub Action workflows that try to grab the devpow112/base-ubuntu as part of a docker build work fine even without logging into ghcr.io. Only dependabot fails to check for updates with the log messages above.

Lol, well as of last night this resolved itself without any changes on my side. Hopefully it stays fixed.

Very strange. Please let me know if it starts happening again!