I trigger the build process by pushing code to specific branch, and it failed at the clone step with 403 access denied, could anyone tell me what’s going on?
It’s hard to know what the problem here is without more info.
Which git provider are you using?
If I were to guess, a 403 suggests that the git details you set up drone with doesn’t have the all right permissions or the user you have logged in with doesn’t have all the right permissions
Sorry for the lack of info, I’m running drone with Github provider, I set up an oauth app in the github org, and my github account is the owner of that github org, so it’s confusing that the 403 error occurred.
Besides, I’m working with private Github repositories.
Is there anything missing?
can you provide the env variables you set up drone with? and the drone yaml?
feel free to obfuscate anything secret
version: '3.9' networks: drone-net: name: drone-net driver: bridge services: db: image: postgres:15.1-bullseye container_name: drone-db restart: always networks: - drone-net ports: - '5432:5432' environment: - POSTGRES_USER=drone - POSTGRES_PASSWORD=drone - POSTGRES_DB=drone volumes: - /data/drone/postgres:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U drone"] interval: 5s timeout: 5s retries: 5 server: image: drone/drone:latest container_name: drone-server restart: always networks: - drone-net ports: - '80:80' environment: - DRONE_LOGS_DEBUG=true - DRONE_LOGS_TRACE=true - DRONE_GITHUB_CLIENT_ID=xxx - DRONE_GITHUB_CLIENT_SECRET=xxx - DRONE_SERVER_HOST=drone.domain.com - DRONE_SERVER_PROTO=https - DRONE_RPC_SECRET=xxx - DRONE_USER_FILTER=aaa,bbb,ccc - DRONE_USER_CREATE=username:xxx,admin:true - DRONE_DATABASE_DRIVER=postgres - DRONE_DATABASE_DATASOURCE=postgres://drone:[email protected]/drone?sslmode=disable - AWS_ACCESS_KEY_ID=xxx - AWS_SECRET_ACCESS_KEY=xxx - AWS_DEFAULT_REGION=us-east-1 - AWS_REGION=us-east-1 - DRONE_S3_BUCKET=xxx volumes: - /var/lib/drone:/data - /var/run/docker.sock:/var/run/docker.sock depends_on: - db runner: image: drone/drone-runner-docker:latest container_name: drone-runner restart: always networks: - drone-net ports: - '3000:3000' environment: - DRONE_LOGS_DEBUG=true - DRONE_LOGS_TRACE=true - DRONE_RPC_DUMP_HTTP=true - DRONE_RPC_DUMP_HTTP_BODY=true - DRONE_RUNNER_NAME=docker-runner - DRONE_RUNNER_CAPACITY=10 - DRONE_RPC_PROTO=https - DRONE_RPC_HOST=drone.domain.com - DRONE_RPC_SECRET=xxx - DRONE_UI_USERNAME=aaa - DRONE_UI_PASSWORD=bbb volumes: - '/var/run/docker.sock:/var/run/docker.sock' depends_on: - server
I just replied to you with my yaml info, but Akismet hid my reply…
hmm I will reach out to the team that manage this discourse to figure out what is going on
in the meantime it may be best to join our community slack and I can have a look - Slack
Hey @panjf2000 - I will respond here so it is easier to archive this answer
that error doesn’t actually look like a github 403 - it looks like an AWS 403
based on the env vars you shared in slack it looks like you are uploading logs to s3 - I think there is an error with your creds and the error is bubbling up in the wrong place.
Hope this helps
Thanks a lot, Dan.
This response could really be a life saving, I’ve been fighting with Github Oauth for a couple of days and got no clue about it, I’ve remove the S3 configurations and the error went away.
Glad I could help!
Sorry to bother you again, but I want to resolve the 403 issue of AWS S3, I’ve re-check the access key of S3 over and over again, I think the permissions are sufficient for drone, but still, drone kept report 403 access denied, so could you please tell me how I need to generate AWS S3 access key to suit drone.
Hi @panjf2000 the error coming back is directly from the AWS API saying that they are denying access - it is unlikely a drone side issue
besides the access key and secret - is the region and bucket info correct?
have you tried these keys outside of drone - perhaps an AWS API - if they don’t work outside drone that would be the problem