Version 4.2.0 messed up with the json from the metadata action

[mamutmk5]

Contributing guidelines

• I've read the contributing guidelines and wholeheartedly agree

I've found a bug, and:

• The documentation does not mention anything about my problem
• There are no open or closed issues that are related to my problem

Description

After the version 4.2.0 came out our pipeliens fail if we use docker/build-push-action@v4 so we had to pin it to version 4.1.1.
There is some issue with interprate the jsons given by the docker/metadata-action@v4

Expected behaviour

The action works with the medata generated by docker/metadata-action@v4

Actual behaviour

If we use it with the we get
Run docker/build-push-action@v4 GitHub Actions runtime token ACs Docker info Error: Unexpected token { in JSON at position 253

Repository URL

https://github.com/hpi-schul-cloud/schulcloud-server

Workflow run URL

https://github.com/hpi-schul-cloud/schulcloud-server/actions/runs/6120036347/job/16611111071

YAML workflow

---
name: push workflow

on:
  push:
    branches-ignore:
      - dependabot/**
  pull_request:
    types: [labeled]

permissions:
  contents: read

jobs:
  build_and_push:
    # this basically means do not execute it as dependabot unless it is labeled as ready-for-ci
    # because automated processes and pr from forks are dangerous, therefore those prs won't have access to secrets, labeling them acts like allow-listing them
    # more details here https://docs.github.com/en/rest/dependabot/secrets?apiVersion=2022-11-28
    # even when re-running an action manually the actor stays the same as of mid 2022, details here https://github.blog/changelog/2022-07-19-differentiating-triggering-actor-from-executing-actor/

    #https://github.com/actions/runner/issues/1173#issuecomment-1354501147 when false equals true, you have to come up with something ...
    if: |
      (github.actor == 'dependabot[bot]' &&
      contains(github.event.issue.labels.*.name, 'ready-for-ci') == 'true') ||
      github.actor != 'dependabot[bot]'
    runs-on: ubuntu-latest
    needs:
      - branch_meta
    permissions:
      packages: write
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Login to registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Docker meta Service Name
        id: docker_meta_img
        uses: docker/metadata-action@v4
        with:
          images: ghcr.io/${{ github.repository }}
          tags: |
            type=ref,event=branch,enable=false,priority=600
            type=sha,enable=true,priority=600,prefix=
      - name: test image exists
        run: |
          mkdir -p ~/.docker 
          echo '{"experimental": "enabled"}' >> ~/.docker/config.json
          echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
      - name: Set up Docker Buildx
        if: ${{ env.IMAGE_EXISTS == 0 }}
        uses: docker/setup-buildx-action@v2

      - name: Build and push ${{ github.repository }}
        if: ${{ env.IMAGE_EXISTS == 0 }}
        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}
          labels: ${{ steps.docker_meta_img.outputs.labels }}

Workflow logs

log.txt

BuildKit logs

No response

Additional info

No response

[crazy-max]

It seems linked to #872 where your docker config in ~/.docker/config.json is not a valid json.

You altered the content of the config in test image exists step and more precisely:

echo '{"experimental": "enabled"}' >> ~/.docker/config.json

You append {"experimental": "enabled"} to it which would break the configuration if file already exists and has an existing configuration.

Also experimental is not supported anymore in the cli configuration iirc (cc @thaJeztah) so you can just remove this line in your workflow imo.

About the error message, I will make some changes to make it clear it's an issue parsing the configuration and also warn if there is an issue instead.

[mamutmk5]

Thank you it's very interesting to read, we will fix it at our side and remove {"experimental": "enabled"} in this step.
But i wonder why it's work with the version 4.1.1 of this action and with version 4.2.0 not more.

[crazy-max]

But i wonder why it's work with the version 4.1.1 of this action and with version 4.2.0 not more.

With #872 we now display the proxy configuration which is read from ~/.docker/config.json. I will make some changes so it will warn instead of failing.

[mamutmk5]

Thank you :)

[crazy-max]

Should be fixed in both v4.2.1 and v4 with a warning message if config is malformed: