-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
404 while listing Docker images with Renovate 32 and Sonatype NXRM 3 #15016
Comments
Can you try release 32.12.0 to check that it wasn't the changes in #14744? |
I commented on the other issue, but we started seeing 405 using gcr.io since 2 days, so this might be related as well |
|
On a private gcr.io registry we get the following curl -iL --get 'https://gcr.io/v2/datadog/cluster-agent/tags/list?n=10000'
HTTP/2 401
docker-distribution-api-version: registry/2.0
content-type: application/json
www-authenticate: Bearer realm="https://gcr.io/v2/token",service="gcr.io",scope="repository:datadog/cluster-agent:pull"
date: Fri, 08 Apr 2022 10:29:39 GMT
server: Docker Registry
cache-control: private
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
accept-ranges: none
vary: Accept-Encoding
HEAD seems not supported only for public gcr registry. |
I also have 405 on our private registries, presumably because the call is properly authentified, which the curl above is not ? |
If you don't explicitly give a token with the above curl there is no reason. May be something more related to the repo I checked. |
Looking at docker-cli; It seems they are using GET https://github.com/docker/cli/blob/master/cli/trust/trust.go#L139 |
That is the wrong function, it for Notary. |
It seems to do a |
OK, the daemon is doing the pull and is doing a get to |
I think this is now fixed by the revert PR: |
With
It does not occur under 32.12.0, but I do see it with 32.12.1, so this change/fix seems to be the one. |
How are you running Renovate?
Self-hosted
If you're self-hosting Renovate, tell us what version of Renovate you run.
32.14.1
Please select which platform you are using if self-hosting.
GitLab self-hosted
If you're self-hosting Renovate, tell us what version of the platform you run.
Gitlab EE
Was this something which used to work for you, and then stopped?
It used to work, and then stopped
Describe the bug
After upgrading from Renovate 27.31.10 to 32.14.1 (we were a little behind 🙈 ), I am seeing a 404 response from our private Nexus Repository Manager 3.38 server that I cannot reproduce locally.
From the job logs:
Run locally using the same
renovate
user/pass:My config is:
I tried
matchHost
with and without the protocol and trailing slash, that did not seem to make a difference. I'm not sure if the npm host needs both rc and pass, but that one still works with 32.x, this only seems to impact docker. I looked at #5263 and #8200, as well as https://issues.sonatype.org/browse/NEXUS-26313, but thewww-authenticate
header is present on the initial 401 response, and the URL would suggest the error is happening later in the process.This depends on my company's private Gitlab and Nexus, so I do not have a repro repo.
https://nexus.build.company.com
is running Sonatype Nexus Repository Manager PRO 3.38.0-01.Any idea what might have changed?
Relevant debug logs
Logs
Have you created a minimal reproduction repository?
No reproduction repository
The text was updated successfully, but these errors were encountered: