Log in to Docker right before pushing

...to reduce the likelihood of racing with other jobs that also log in using their own tokens.
celerity · Dec 11, 2023 · 6f9e599 · 6f9e599
1 parent 4e159fa
commit 6f9e599
Showing 1 changed file with 11 additions and 8 deletions.
diff --git a/.github/workflows/build_images.yml b/.github/workflows/build_images.yml
@@ -58,18 +58,20 @@ jobs:
             packages: write
         steps:
             - uses: actions/checkout@v2
-            - name: Log into Container registry
-              uses: docker/login-action@v3
-              with:
-                registry: ghcr.io
-                username: ${{ github.actor }}
-                password: ${{ secrets.GITHUB_TOKEN }}
             - name: Build Docker container for ${{ matrix.sycl }} ${{ matrix.sycl-version }} on ${{ matrix.ubuntu-version }}
               run: bash ./build.sh ${{ matrix.ubuntu-version }} ${{ matrix.sycl }} ${{ matrix.sycl-version }}
               if: ${{ github.event_name == 'schedule' }}
             - name: Force-build Docker container for ${{ matrix.sycl }} ${{ matrix.sycl-version }} on ${{ matrix.ubuntu-version }}
               run: bash ./build.sh -f ${{ matrix.ubuntu-version }} ${{ matrix.sycl }} ${{ matrix.sycl-version }}
               if: ${{ github.event_name != 'schedule' }}
+            # NOTE: Since `docker login` is stateful, we race with other jobs that run concurrently on the same machine, which may
+            #       result in spurious authentication failures. We reduce the likelihood of this by logging in right before pushing.
+            - name: Log into Container registry
+              uses: docker/login-action@v3
+              with:
+                registry: ghcr.io
+                username: ${{ github.actor }}
+                password: ${{ secrets.GITHUB_TOKEN }}
             - name: Push Docker container for ${{ matrix.sycl }} ${{ matrix.sycl-version }} on ${{ matrix.ubuntu-version }}
               run: |
                 IMAGE="celerity-build/${{ matrix.sycl }}:ubuntu${{ matrix.ubuntu-version }}-${{ matrix.sycl-version }}"
@@ -82,14 +84,15 @@ jobs:
             packages: write
         steps:
             - uses: actions/checkout@v2
+            - name: Build Celerity linting container
+              run: bash ./build-lint.sh
+            # Same concurrency concerns as above.
             - name: Log into Container registry
               uses: docker/login-action@v3
               with:
                 registry: ghcr.io
                 username: ${{ github.actor }}
                 password: ${{ secrets.GITHUB_TOKEN }}
-            - name: Build Celerity linting container
-              run: bash ./build-lint.sh
             - name: Push Celerity linting container
               run: |
                 docker tag celerity-lint:latest ghcr.io/celerity/celerity-lint:latest