From fa28ae36516767026e72719dd09ee7b39d9b5b75 Mon Sep 17 00:00:00 2001 From: Cal Corum Date: Fri, 13 Feb 2026 14:38:30 -0600 Subject: [PATCH] store: Gitea Actions: Docker buildx registry cache auth fix --- ...r-buildx-registry-cache-auth-fix-856511.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 graph/solutions/gitea-actions-docker-buildx-registry-cache-auth-fix-856511.md diff --git a/graph/solutions/gitea-actions-docker-buildx-registry-cache-auth-fix-856511.md b/graph/solutions/gitea-actions-docker-buildx-registry-cache-auth-fix-856511.md new file mode 100644 index 00000000000..32aaa395217 --- /dev/null +++ b/graph/solutions/gitea-actions-docker-buildx-registry-cache-auth-fix-856511.md @@ -0,0 +1,19 @@ +--- +id: 856511bd-a987-48cf-9dfe-ee069f32beea +type: solution +title: "Gitea Actions: Docker buildx registry cache auth fix" +tags: [gitea, docker, ci-cd, fix, buildx, cache] +importance: 0.7 +confidence: 0.8 +created: "2026-02-13T20:38:30.950917+00:00" +updated: "2026-02-13T20:38:30.950917+00:00" +--- + +When using Docker buildx with registry-based cache (cache-from/cache-to type=registry), the Docker Hub login step must run on ALL builds, not just main branch. Without login, PR builds fail on second run with 'push access denied, repository does not exist or may require authorization' when trying to write cache layers. + +Fix: Remove the 'if: github.ref == refs/heads/main' condition from the Docker Hub login step. The push flag on build-push-action still gates actual image publishing to main-only, so this is safe. + +Template location: server-configs/gitea/workflow-templates/docker-build-template.yml +Affected repos: major-domo-bot, major-domo-database, paper-dynasty, paper-dynasty-database + +The error manifests on the SECOND build because the first build creates cache layers successfully (fresh write), but subsequent builds fail when trying to overwrite existing layers without auth.