Push to docker.pkg.github.com fails with code = Unknown desc = unexpected status: 403 Forbidden

Buildx is still failing with:

Error: buildx call failed with: failed to solve: rpc error: code = Unknown desc = unexpected status: 403 Forbidden
    name: Publish Image
    runs-on: ubuntu-latest
    - uses: actions/checkout@v2
    - name: Preparation
      id: prep
      run: |
        IMAGE="${REGISTRY}/${{ github.repository }}/${{ github.event.repository.name }}"
        TAGS="${IMAGE}:${{ github.sha }}"
        if [[ $GITHUB_REF == ref/head/master ]]; then
        echo ::set-output name=tags::${TAGS}
    - name: Docker Buildx setup
      uses: docker/setup-buildx-action@v1
    - name: Login in to registry
      uses: docker/login-action@v1
        registry: docker.pkg.github.com
        username: ${{ github.actor }}
        password: ${{ github.token }}
    - name: Push to registry
      uses: docker/build-push-action@v2
        push: true
        file: src/Dockerfile
        tags: ${{ steps.prep.outputs.tags }}


Run docker/login-action@v1
🔑 Logging into docker.pkg.github.com...
🎉 Login Succeeded!
# --------------------
Run docker/build-push-action@v2
📣 Buildx version: 0.4.2
🏃 Starting build...
/usr/bin/docker buildx build --build-arg NPM_PACKAGE_TOKEN_d1b7="***" --tag docker.pkg.github.com/example-org/my-app/my-app:c7c6023ea9af524234444387000a2553aa20a7f6 --iidfile /tmp/docker-build-push-8RVwsf/iidfile --secret id=GIT_AUTH_TOKEN,src=/tmp/docker-build-push-8RVwsf/tmp-3034-k9IcoU4X5lva --file src/Dockerfile --push https://github.com/example-org/my-app.git#heads/deploy-den-gh-actions
time="2020-10-26T08:08:24Z" level=warning msg="invalid non-bool value for BUILDX_NO_DEFAULT_LOAD: "
#1 [internal] load git source https://github.com/example-org...
#1 0.034 Initialized empty Git repository in /var/lib/buildkit/runc-overlayfs/snapshots/snapshots/1/fs/
#1 0.229 c7c6023ea9af524234444387000a2553aa20a7f6	refs/heads/deploy-den-gh-actions
#1 0.484 From https://github.com/example-org/my-app
#1 0.484  * [new branch]      deploy-den-gh-actions -> heads/deploy-den-gh-actions
#1 0.484  * [new branch]      deploy-den-gh-actions -> origin/deploy-den-gh-actions
#1 DONE 0.5s

#3 [internal] load metadata for docker.io/library/node:12-alpine
#3 ...
# usual build
#18 exporting to image
#18 exporting layers
#18 exporting layers 1.0s done
#18 exporting manifest sha256:65a39d9de33f06b9b0bfcc4a1d263b35c11f65619c2d4b8af4253e8620a01b45 done
#18 exporting config sha256:c14e402195f459fe81fa566401906e32668263bc838fe0bcf2ab7c5ed635ce27 done
#18 pushing layers
#18 pushing layers 0.9s done
#18 ERROR: unexpected status: 403 Forbidden
 > exporting to image:
failed to solve: rpc error: code = Unknown desc = unexpected status: 403 Forbidden
Error: buildx call failed with: failed to solve: rpc error: code = Unknown desc = unexpected status: 403 Forbidden

I don’t have full root privileges on that repo. But I definitely can write to that repo. Docs state that everyone with write permissions can push packages.
push to ghcr.io is working. But since ghcr.io packages are not visible in project’s packages - we have to stick with docker.pkg.github.com for now.

Referenced docs


You can try directly executing the docker commands in your workflow to login, build, tag and push the images. You can reference to this example.

If the docker commands can work fine, there may be some issues occurs on the actions (docker/login-action and docker/build-push-action) you are using for Docker. If so, I recommend you directly report an issue to the appropriate engineering team for further investigation and evaluation on the action repository.