Sometimes I get unauthorized error for pulling private images from GCR

Very weird let’s say around 1 out of 4 times I get this error message:

build_dev: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

Anyone having this problem or know how to fix?

my drone pipeline:

---
kind: pipeline
name: pre_checks

steps:
  - name: linting
    image: eu.gcr.io/sapient-tracer-<CODE>/code-scanners/python/flake8
    commands:
      - flake8 -j4 --ignore W503,E501,E203,W605 $POD

image_pull_secrets:
  - dockerconfigjson

I created the dockerconfigjson secret via:

drone secret add --repository <REPO> --name dockerconfigjson  --data @./config.json

and ./config.json is:

{
	"auths": {
		"eu.gcr.io": {
			"auth": "<BASE64>"
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/18.09.5-ce (linux)"
	},
	"credHelpers": {
		"eu.gcr.io": "gcloud"
	}
}

I noticed you did not create your secrets with --pull-request which means the secret is not available to pull requests. Have you considered this as a possible root cause for the error?

I have the same issue with GCR repo. It is happening time to time, roughly 50/50. Maybe You have resolved the issue? Please, let to now

@BigVOVA please see the following thread which discusses the root cause and workaround to resolve:

Thank you! But in my case I have only one eu.gcr.io entry in config.json:

{
	"auths": {
		"eu.gcr.io": {
			"auth": "<my key>"
		}
	}
}

Sorry, I am only aware of three possible root causes for failing to pull an image:

1. missing or invalid secret
2. secret not available to pull request events
3. dockerconfig.json file has multiple gcr entries and one is invalid

I recommend making sure you are running the latest version of Drone server (drone/drone:1.8.0) and the latest version of the Docker runner (drone/drone-runner-docker:1.3.0).