#github-actions (2022-01)

Discussions related to GitHub Actions

2022-01-21

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

@Erik Osterman (Cloud Posse) https://github.blog/changelog/2022-01-21-share-github-actions-within-your-enterprise/

Is this what you wanted GitHub Actions to support?

Share GitHub Actions within your enterprise | GitHub Changelog attachment image

Share GitHub Actions within your enterprise

1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes!

Share GitHub Actions within your enterprise | GitHub Changelog attachment image

Share GitHub Actions within your enterprise

1

2022-01-18

Danish Kazi avatar
Danish Kazi
11:02:44 PM

@ has joined the channel

2022-01-14

steenhoven avatar
steenhoven

For anyone using Github Actions -> AWS role assumption & suddenly getting “OpenIDConnect provider’s HTTPS certificate doesn’t match configured thumbprint” - Github updated their certificate chain and the new thumbprint to use is 6938fd4d98bab03faadb97b34396831e3780aea1

2022-01-07

Saichovsky avatar
Saichovsky

Hey guys,

I have a containerized GitHub action that pulls helm packages from a ghcr.io> using helm dependency update and gets a 401 error. If I replicate the same environment on my laptop, I get a HTTP 200 and my container is able to retrieve the packages from <oci://ghcr.io/

It appears like GitHub has put in place restrictions which prevent containers running in GH action runners from pulling oci objects from the ghcr.io package repository. Has anyone else ever encountered this challenge and how did you go about it?

Thanks

Saichovsky avatar
Saichovsky

Below are the outputs of the http response when helm dep up runs in debug mode

# Response headers when helm runs locally
response.header.content-type=application/vnd.oci.image.manifest.v1+json
response.header.date="Fri, 07 Jan 2022 10:43:46 GMT"
response.header.docker-content-digest="sha256:828e53a69882805b8009241b182ec521b931285826c2e01e81828582e6991ba0"
response.header.docker-distribution-api-version=registry/2.0
response.header.etag="\"sha256:828e53a69882805b8009241b182ec521b931285826c2e01e81828582e6991ba0\""
response.header.x-github-request-id="0100:5A5A:6C6C6C:44444:111111"
response.status="200 OK" url="<https://ghcr.io/v2/myorg/my-repo/autoscaler/manifests/1.2.0>"


# Response headers when helm runs in a containerized GH action
response.header.content-type=application/json
response.header.date="Fri, 07 Jan 2022 08:18:47 GMT"
response.header.docker-distribution-api-version=registry/2.0
response.header.www-authenticate="***"ghcr.io\",scope=\"repository:myorg/my-repo/autoscaler:pull\""
response.header.x-github-request-id="0100:5A5A:6C6C6C:44444:000000"
response.status="401 Unauthorized" url="<https://ghcr.io/v2/myorg/my-repo/autoscaler/manifests/1.2.0>"
    keyboard_arrow_up