前陣子在公司內部的GitHub Actions上寫了Teams Notification的Actions
而這個Actions必須用到一個有裝很多dependence的Image
比較安全的做法是把image push到內部的private registry上
等GitHub Actions用到Teams-notify Actions時再去pull下來
但
遇到了一個不可預期的Issue
當我們使用外部(自己repo以外的)actions時
都會用use:$owner/$repo帶入
跟Actions說:我要調用第三方Actionsㄛ!幫我去$owner底下的$repo看actions.yml 要怎麼操作
這時
actions的機制是
job起來時 會先預讀裡面有哪些use的image
第一步就是去pull所有action用到的images
但private registry會需要login後才能拉image
所以當我的actions是base on private image 就會fail
而後我發現這個”順序問題“
就發了GitHub官方的support case
跟support討論一陣子後得出了以下的workaround:
on: [push]jobs:
hello_world_job:
runs-on: ubuntu-latest
name: A job to say hello
steps:
- name: Login to Registry
uses: azure/docker-login@v1
with:
login-server: 'karthiks.azurecr.io' # default: index.docker.io
username: 'karthiks'
password: 'xxxxxxxx'- name: Pull image
run: docker pull karthiks.azurecr.io/alpine:v1- name: Checkout
uses: actions/checkout@v2
with: $owner/$repo- name: Loading local actions
uses: ./
id: hello
with:
who-to-greet: 'Mona the Octocat'
# Use the output from the `hello` step
- name: Get the output time
run: echo "The time was ${{ steps.hello.outputs.time }}"
In this case the custom action is created on the same repository where the workflow is configured. Step with name Loading local actions loads the custom action from the same repository itself and the repository visibility is private. The private action can only be used within the repository. And, we have added the step Pull image to retrieve the base image from private registry to the local registry of Docker host.
以上...第一次與GitHub Support交手紀錄XD
