I trigger the build process by pushing code to specific branch, and it failed at the clone step with 403 access denied, could anyone tell me what’s going on?
It’s hard to know what the problem here is without more info.
Which git provider are you using?
If I were to guess, a 403 suggests that the git details you set up drone with doesn’t have the all right permissions or the user you have logged in with doesn’t have all the right permissions
Sorry for the lack of info, I’m running drone with Github provider, I set up an oauth app in the github org, and my github account is the owner of that github org, so it’s confusing that the 403 error occurred.
Besides, I’m working with private Github repositories.
Is there anything missing?
can you provide the env variables you set up drone with? and the drone yaml?
feel free to obfuscate anything secret
docker-compose.yaml
version: '3.9'
networks:
drone-net:
name: drone-net
driver: bridge
services:
db:
image: postgres:15.1-bullseye
container_name: drone-db
restart: always
networks:
- drone-net
ports:
- '5432:5432'
environment:
- POSTGRES_USER=drone
- POSTGRES_PASSWORD=drone
- POSTGRES_DB=drone
volumes:
- /data/drone/postgres:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U drone"]
interval: 5s
timeout: 5s
retries: 5
server:
image: drone/drone:latest
container_name: drone-server
restart: always
networks:
- drone-net
ports:
- '80:80'
environment:
- DRONE_LOGS_DEBUG=true
- DRONE_LOGS_TRACE=true
- DRONE_GITHUB_CLIENT_ID=xxx
- DRONE_GITHUB_CLIENT_SECRET=xxx
- DRONE_SERVER_HOST=drone.domain.com
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=xxx
- DRONE_USER_FILTER=aaa,bbb,ccc
- DRONE_USER_CREATE=username:xxx,admin:true
- DRONE_DATABASE_DRIVER=postgres
- DRONE_DATABASE_DATASOURCE=postgres://drone:drone@db/drone?sslmode=disable
- AWS_ACCESS_KEY_ID=xxx
- AWS_SECRET_ACCESS_KEY=xxx
- AWS_DEFAULT_REGION=us-east-1
- AWS_REGION=us-east-1
- DRONE_S3_BUCKET=xxx
volumes:
- /var/lib/drone:/data
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- db
runner:
image: drone/drone-runner-docker:latest
container_name: drone-runner
restart: always
networks:
- drone-net
ports:
- '3000:3000'
environment:
- DRONE_LOGS_DEBUG=true
- DRONE_LOGS_TRACE=true
- DRONE_RPC_DUMP_HTTP=true
- DRONE_RPC_DUMP_HTTP_BODY=true
- DRONE_RUNNER_NAME=docker-runner
- DRONE_RUNNER_CAPACITY=10
- DRONE_RPC_PROTO=https
- DRONE_RPC_HOST=drone.domain.com
- DRONE_RPC_SECRET=xxx
- DRONE_UI_USERNAME=aaa
- DRONE_UI_PASSWORD=bbb
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
depends_on:
- server
I just replied to you with my yaml info, but Akismet hid my reply…
hmm I will reach out to the team that manage this discourse to figure out what is going on
in the meantime it may be best to join our community slack and I can have a look - Slack
Hey @panjf2000 - I will respond here so it is easier to archive this answer
that error doesn’t actually look like a github 403 - it looks like an AWS 403
based on the env vars you shared in slack it looks like you are uploading logs to s3 - I think there is an error with your creds and the error is bubbling up in the wrong place.
Hope this helps 
Thanks a lot, Dan.
This response could really be a life saving, I’ve been fighting with Github Oauth for a couple of days and got no clue about it, I’ve remove the S3 configurations and the error went away.
2 Likes
Glad I could help!
Hi Dan,
Sorry to bother you again, but I want to resolve the 403 issue of AWS S3, I’ve re-check the access key of S3 over and over again, I think the permissions are sufficient for drone, but still, drone kept report 403 access denied, so could you please tell me how I need to generate AWS S3 access key to suit drone.
Hi @panjf2000 the error coming back is directly from the AWS API saying that they are denying access - it is unlikely a drone side issue
besides the access key and secret - is the region and bucket info correct?
have you tried these keys outside of drone - perhaps an AWS API - if they don’t work outside drone that would be the problem