36 lines
1.6 KiB
Markdown
36 lines
1.6 KiB
Markdown
---
|
|
id: 856511bd-a987-48cf-9dfe-ee069f32beea
|
|
type: solution
|
|
title: "Gitea Actions: Docker buildx registry cache auth fix"
|
|
tags: [gitea, docker, ci-cd, fix, buildx, cache]
|
|
importance: 0.7
|
|
confidence: 0.8
|
|
created: "2026-02-13T20:38:30.950917+00:00"
|
|
updated: "2026-03-05T03:31:28.917178+00:00"
|
|
relations:
|
|
- target: 77cf0fb1-9a58-43d2-b1d2-6532bafa6204
|
|
type: BUILDS_ON
|
|
direction: incoming
|
|
strength: 0.9
|
|
edge_id: cd4fb377-d051-457b-8521-89aa39496ec7
|
|
- target: f6751853-4ca9-4c82-a767-3348ad6275a7
|
|
type: BUILDS_ON
|
|
direction: incoming
|
|
strength: 0.77
|
|
edge_id: 1ebef1c0-1513-4d6c-a67d-0db8b0878e40
|
|
- target: 8a1ffc11-7ad8-44d1-9cf3-47e886891ff1
|
|
type: RELATED_TO
|
|
direction: incoming
|
|
strength: 0.79
|
|
edge_id: 4b6f7aba-c75d-412c-b284-d54fdb5258cf
|
|
---
|
|
|
|
When using Docker buildx with registry-based cache (cache-from/cache-to type=registry), the Docker Hub login step must run on ALL builds, not just main branch. Without login, PR builds fail on second run with 'push access denied, repository does not exist or may require authorization' when trying to write cache layers.
|
|
|
|
Fix: Remove the 'if: github.ref == refs/heads/main' condition from the Docker Hub login step. The push flag on build-push-action still gates actual image publishing to main-only, so this is safe.
|
|
|
|
Template location: server-configs/gitea/workflow-templates/docker-build-template.yml
|
|
Affected repos: major-domo-bot, major-domo-database, paper-dynasty, paper-dynasty-database
|
|
|
|
The error manifests on the SECOND build because the first build creates cache layers successfully (fresh write), but subsequent builds fail when trying to overwrite existing layers without auth.
|