From a1f5be3e6853e558336702d21b71b16607a5ccd3 Mon Sep 17 00:00:00 2001 From: Cal Corum Date: Fri, 13 Feb 2026 15:09:47 -0600 Subject: [PATCH] store: Gitea Actions: Docker buildx cache auth requires login on all builds --- ...x-cache-auth-requires-login-on-all-77cf0f.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 graph/solutions/gitea-actions-docker-buildx-cache-auth-requires-login-on-all-77cf0f.md diff --git a/graph/solutions/gitea-actions-docker-buildx-cache-auth-requires-login-on-all-77cf0f.md b/graph/solutions/gitea-actions-docker-buildx-cache-auth-requires-login-on-all-77cf0f.md new file mode 100644 index 00000000000..699310445bd --- /dev/null +++ b/graph/solutions/gitea-actions-docker-buildx-cache-auth-requires-login-on-all-77cf0f.md @@ -0,0 +1,17 @@ +--- +id: 77cf0fb1-9a58-43d2-b1d2-6532bafa6204 +type: solution +title: "Gitea Actions: Docker buildx cache auth requires login on all builds" +tags: [gitea, docker, ci-cd, buildx, cache, fix] +importance: 0.7 +confidence: 0.8 +created: "2026-02-13T21:09:47.183681+00:00" +updated: "2026-02-13T21:09:47.183681+00:00" +--- + +When using Docker buildx with registry-based cache (cache-from/cache-to type=registry), the Docker Hub login step must run on ALL builds (both PR and main), not just main branch. Without login, PR builds fail on second run with 'push access denied' when trying to write cache layers. + +Fix: Remove 'if: github.ref == refs/heads/main' condition from Docker Hub login step in workflow template. The push flag on build-push-action still gates actual image publishing to main-only. + +Template: server-configs/gitea/workflow-templates/docker-build-template.yml +Error manifests on SECOND build because first build creates cache successfully, but subsequent builds fail when overwriting existing layers without auth.