What would you like added?
When the ARC executes a job when using the kubernetes job mode, it should check if the pod fails with a ImagePullBackOff, fail the run and write a appropriate error message.
And especially in the case of a image on ghcr.io and the ImagePullBackOff happening because of a 403 error, it should provide a hint to the user to make sure his workflows have the appropriate permissions to access the image.
Why is this needed?
When using images hosted on ghcr.io in your own org, you need to have appropriate permissions to access them.
This means both configuring the repo hosting the image with the proper visibility/permissions. This needs to be done once.
More importantly any workflows using these images (i.e. packages) as the container for a build step, need to have the package: read permission. This is probably not obvious to every user and while it is enabled by default for most cases, if you specify any permissions for the job manually, none of the defaults apply anymore and they would have to be added manually to your specified permissions.
With the current implementation, the user will not get any useful error message and instead the job will keep waiting for 10 minutes before failing without a useful error message.
What would you like added?
When the ARC executes a job when using the kubernetes job mode, it should check if the pod fails with a ImagePullBackOff, fail the run and write a appropriate error message.
And especially in the case of a image on ghcr.io and the ImagePullBackOff happening because of a 403 error, it should provide a hint to the user to make sure his workflows have the appropriate permissions to access the image.
Why is this needed?
When using images hosted on ghcr.io in your own org, you need to have appropriate permissions to access them.
This means both configuring the repo hosting the image with the proper visibility/permissions. This needs to be done once.
More importantly any workflows using these images (i.e. packages) as the container for a build step, need to have the
package: readpermission. This is probably not obvious to every user and while it is enabled by default for most cases, if you specify any permissions for the job manually, none of the defaults apply anymore and they would have to be added manually to your specified permissions.With the current implementation, the user will not get any useful error message and instead the job will keep waiting for 10 minutes before failing without a useful error message.
