Bake fails to push to actions cache, signature not valid in the specified time frame #312
Description
Contributing guidelines
- I've read the contributing guidelines and wholeheartedly agree
I've found a bug, and:
- The documentation does not mention anything about my problem
- There are no open or closed issues that are related to my problem
Description
There seems to have been a change potentially to how action cache works; I'm not sure if there are some new authorization logic downstream users (such as bake-action) need to use. Regardless, I've found that our release procedure that includes a number a number of push targets (some of the target images are quick to build ~1min, others take a while ~20min) is consistently failing saying that "Signature not valid in the specified time frame".
failed to push ghcr.io/deephaven/server-pytorch:latest: failed to copy: GET https://productionresultssa1.blob.core.windows.net/actions-cache/d9f-106297259
--------------------------------------------------------------------------------
RESPONSE 403: 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
ERROR CODE: AuthenticationFailed
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:3cabb36f-801e-00f1-3f77-9a81a9000000
Time:2025-03-21T15:42:10.5564029Z</Message><AuthenticationErrorDetail>Signature not valid in the specified time frame: Start [Fri, 21 Mar 2025 15:25:47 GMT] - Expiry [Fri, 21 Mar 2025 15:35:52 GMT] - Current [Fri, 21 Mar 2025 15:42:10 GMT]</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
I was able to work around this my removing the slow images from the targets list for now, but that won't be a long-term solution.
Expected behaviour
bake-action to succeed, regardless of the potential timing difference in target build times
Actual behaviour
Fails with "Signature not valid in the specified time frame".
Repository URL
https://github.com/deephaven/deephaven-server-docker
Workflow run URL
https://github.com/deephaven/deephaven-server-docker/actions/runs/13985467643
YAML workflow
name: Release CI
on:
pull_request:
branches: [main]
push:
branches: ["main", "release/v*"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-24.04-4-16
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:qemu-v7.0.0-28@sha256:66e11bea77a5ea9d6f0fe79b57cd2b189b5d15b93a2bdb925be22949232e4e55
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Bake
uses: docker/[email protected]
with:
targets: server,server-slim,server-all-ai,server-nltk,server-pytorch,server-sklearn,server-tensorflow
files: server.hcl,server-slim.hcl
pull: true
env:
MULTI_ARCH: true
RELEASE: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
REPO_PREFIX: ghcr.io/${{ github.repository_owner }}/Workflow logs
Can provide if requested.
BuildKit logs
Additional info
No response