"installation not allowed to Create organization package" when in an organization #57724
-
Select Topic AreaBug BodyHi there, This is probably a permission bug somewhere that I just cannot seem to solve. I've been trying variations of the settings for hours now, to no avail. In short: I cannot push a docker container to the github registry of the organization in which I'm the admin (and sole team member). There are a few issues on the docker/build-push-action repo. The troubleshooting page recommends setting the build to create an image and later push it with containerd. This eventually shows "installation not allowed to Create organization package" as the final step. A roadblock to any progress on this issue quite frankly. First error in logs: https://github.com/nyx-space/nyx/actions/runs/5233821095/jobs/9449603475
Final error:
From the referenced issues, I've checked multiple times that my permissions are set to be as free as possible, both in the repo and in the organization: I also have no package on the repo, so I cannot set specific permissions for the package Here is my yaml if that's of any help: packaging:
permissions: write-all
runs-on: ubuntu-latest
# needs: [linux] # Don't package if the tests fail.
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build development image
run: docker build -f Dockerfile.dev -t nyx-build .
- name: Run development container and build the package
run: docker run --name nyx-builder nyx-build maturin build -F python --release
- name: Copy built package from container to host
run: docker cp nyx-builder:/app/target/wheels ./dist
- name: Get short SHA
id: short-sha
run: echo "::set-output name=sha::$(echo ${GITHUB_SHA::8})"
- name: Get the version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image with built package
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: false
tags: |
ghcr.io/nyx-space/nyx-fds:${{ steps.short-sha.outputs.sha }}
ghcr.io/nyx-space/nyx-fds:${{ github.ref == 'refs/heads/master' && 'latest' || steps.short-sha.outputs.sha }}
ghcr.io/nyx-space/nyx-fds:${{ startsWith(github.ref, 'refs/tags/') && steps.get_version.outputs.VERSION || steps.short-sha.outputs.sha }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
outputs: type=oci,dest=/tmp/image.tar
-
name: Import image in containerd
run: |
sudo ctr i import --base-name ghcr.io/nyx-space/nyx-fds:${{ steps.short-sha.outputs.sha }} --digests --all-platforms /tmp/image.tar
-
name: Push image with containerd
run: |
sudo ctr --debug i push --user "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" ghcr.io/nyx-space/nyx-fds:${{ steps.short-sha.outputs.sha }}
At this stage, any hint whatsoever would be helpful. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 4 replies
-
I was seeing the same error. This solved it for me: Just gave write permission to actions |
Beta Was this translation helpful? Give feedback.
-
To follow-up, the issue I had was that I had to add |
Beta Was this translation helpful? Give feedback.
-
I tried permission: write-all, not working for me. But my case I'm using a token generated from Github App, still not able to find the way to add the permission. Please help.
|
Beta Was this translation helpful? Give feedback.
-
IMO ...
permissions:
packages: write
... |
Beta Was this translation helpful? Give feedback.
To follow-up, the issue I had was that I had to add
permissions: write-all
to the job! When I was having the issue with all of the screenshots, I hadn't placedpermissions: write-all
, but running the job exactly as I posted it above solved the issue. I'd been struggling with the problem for hours and didn't expect that to help.