Doesn't work with Docker Hub access tokens

[gotson]

Hello,

i tried using this with the recently introduced DockerHub access tokens, but it doesn't work. I swapped my credentials for my own Docker Hub and it works again.

If i check the Docker Hub access tokens page, i see that the access token was never used.

When using the access token i get an error 403 on the PATCH request.

[peter-evans]

Yes, unfortunately, DockerHub don't support access tokens for this API at the moment. There is a note about this in the readme.

Note: Docker Hub Personal Access Tokens cannot be used as they are not supported by the API. See here and here for further details. Unfortunately, this means that enabling the new 2FA feature on Docker Hub will prevent the action from working.

https://github.com/peter-evans/dockerhub-description/blob/master/README.md#required-environment-variables

[gotson]

My bad, i didn't read the documentation since they introduced the access tokens. Thanks!

[peter-evans]

No worries. I hope they open up the API for use with tokens at some point!

[cooperlees]

O damn, I've hit this. Has anyone found somewhere we can request support for this?

[peter-evans]

@cooperlees This is the issue tracking the roadmap feature to allow tokens to be used. docker/roadmap#115

[cooperlees]

Could we possibly leave this open so people see it's a known issue? It will possibly help stop duplicate issues being logged.

[LongLiveCHIEF]

It's not like the tokens are any different than passwords anyways. Tokens have absolutely no scope attached to them. Docker has needed to step up their game with this stuff for years.

[peter-evans]

Thanks for confirming! I think we can close this now.

[fauust]

Hi!
Good that this is now working and that we can finally activate 2FA 👍

FYI, I did not manage to make this work with a read/write token, I had to generate a read/write/delete token, not sure why since we just need to update the README.md file?

[jaydrogers]

I hate to wake this old thread up, but I figured it was the best place to keep this discussion organized. Today I am running into this error. No changes were made on my end and it just started to appear this morning (I have a job run every Tuesday to automatically update).

Error Message

Error: Bad Request

Full screenshot

Attempted fix (same failing result)

• Delete my PAT
• Re-create it with read, write, delete
• Re-run the job

Possible error to help debug?

Run peter-evans/dockerhub-description@v3
  with:
    username: ***
    password: ***
    repository: serversideup/php
    short-description: Production-ready Docker images for PHP. Optimized for Laravel, WordPress, and more!
##[debug]Inputs: {
##[debug]  username: '***',
##[debug]  password: '***',
##[debug]  repository: 'serversideup/php',
##[debug]  shortDescription: 'Production-ready Docker images for PHP. Optimized for Laravel, WordPress, and more!',
##[debug]  readmeFilepath: './README.md'
##[debug]}
Acquiring token
::add-mask::***
Sending PATCH request
##[debug]Error: Bad Request
##[debug]    at /home/runner/work/_actions/peter-evans/dockerhub-description/v3/dist/index.js:79:23
##[debug]    at processTicksAndRejections (node:internal/process/task_queues:96:5)
Error: Bad Request
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: push README to Dockerhub

My source code

https://github.com/serversideup/docker-php/blob/649c0e215a82512554ce7e4f616f099dd2af8b3c/.github/workflows/publish_docker-images-production.yml#L59-L65

Other notes & thanks

• I have another repository running the same syntax and it seems to be fine 🤷‍♂️

I'm very grateful for this project! Thank you for putting this together. If anyone has any ideas, it would be very appreciated 🙌

[simmel]

@jaydrogers I just tried to update and it worked see https://github.com/simmel/vanilla-imap-baby/actions/runs/4177535798/jobs/7235219564#step:8:1

Try again? Might have just been Docker Hubs API that had an issue?

[jaydrogers]

Thanks @simmel!

I just tried it again, and I am getting the same results. I can move this into a new issue if it's more appropriate 😃

[jonasbn]

Hi @jaydrogers

Here are my 2 cents.

The error hints at a bad HTTP request (400), ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400

• Is there anyway to get to see the original request and response?
• Evaluating what the variable parts are - does the username or password contain anything that could render the request invalid?
• Are there other variable parameters
• Are the credentials the same as for the other repository where it works?

[jonasbn]

Hi @jaydrogers

And 2 cents more

Just a last thing, have you tried the running the Docker image outside of the context of GHA, as outlined in the README?

[jaydrogers]

Thanks @jonasbn! Brilliant method with the Docker testing. 👍

I attempted to run what was in the README and I am just getting nothing in return. I had some warnings running with my M1 Mac, so I modified the command to see if that would help. I also tried to set environment variables to put Node into a debug mode to see if I can see the request.

Command I am running

I am running this in the directory of my README file on my Mac.

docker run --platform linux/amd64 -v $(pwd):/workspace \
  -e DOCKERHUB_USERNAME='mydockerhubusername' \
  -e DOCKERHUB_PASSWORD='mysupersecretpat' \
  -e DOCKERHUB_REPOSITORY='serversideup/php' \
  -e README_FILEPATH='/workspace/README.md' \
  -e NODE_ENV=dev \
  -e DEBUG=* \
  peterevans/dockerhub-description:3

My results after running command above

The command runs and returns no output. When I run echo $?, it returns a 1 -- hinting there is an error. It's challenging to know what that is since there isn't any output being displayed.

Things I have checked

• ✅ Reset PAT
• ✅ GitHub Actions secrets are reset and named correctly

Thanks for your help everyone! 🙌

[peter-evans]

@jaydrogers It's possible that DockerHub doesn't like the content of your readme. Could you try a test where the README.md file just contains something very simple.

[jaydrogers]

Yup! That's definitely it. Sorry for the confusion! I thought it had something to do with my PAT.

Weird thing is, if I copy and paste it into hub.docker.com, it works no problem.

I even tried pasting it into hub.docker.com then copying that into my README and it still would not take it.

If there are any quick thoughts to trace the down the culprit, I am open ears -- but I am working on a documentation site anyways so it will greatly simplify my README in the future anyways.

I can open another issue on it in the future if I run into problems.

Thanks for your help 🙌

[simmel]

Report this to Docker Hub (somehow). It's their API saying "nah, user input is wrong". Good job finding the problem!

…

On Wed, 2023-02-15 at 08:10:49 -0800, Jay Rogers wrote: Yup! That's definitely it. Sorry for the confusion! I thought it had something to do with my PAT. Weird thing is, if I copy and paste it into hub.docker.com, it works no problem. I even tried pasting it into hub.docker.com then copying that into my README and it still would not take it. If there are any quick thoughts to trace the down the culprit, I am open ears -- but I am working on a documentation site anyways so it will greatly simplify my README in the future anyways. I can open another issue on it in the future if I run into problems. Thanks for your help 🙌 -- Reply to this email directly or view it on GitHub: #10 (comment) You are receiving this because you were mentioned. Message ID: ***@***.***>

[christian-korneck]

If there are any quick thoughts to trace the down the culprit, I am open ears

@jaydrogers do you get the same error when you try to upload your repo description using this tool?

[LeviPesin]

I'm still getting the "Forbidden" error on the PATCH request. I triple-checked all repository names and even tried running exactly the same API requests in Python -- but no matter what I keep getting 403 {'message': 'insufficient scope', 'errinfo': {}} errors.
You can see the job failing here.

[peter-evans]

@LeviPesin As the error message suggests, the problem is likely to be insufficient scopes. It requires read/write/delete scopes (Admin level) to update the Docker Hub repo description. This is mentioned in the readme here.

[LeviPesin]

Ah, sorry, indeed!! My token only had read/write permissions. Thank you!