Docker registry authentication failure

What this failure means

CI could not authenticate to the container registry before an image pull or push.

Symptoms

Faultline looks for one or more of these log fragments:

pull access denied
requested access to the resource is denied
unauthorized: authentication required
no basic auth credentials
denied: requested access to the resource is denied
may require 'docker login'
Error response from daemon: Get https://mcr.microsoft.com/v2/: Forbidden

Diagnosis

Docker reached the registry, but the credentials used by CI were missing, expired, or scoped incorrectly for the target image.

Typical causes:

• the login step never ran
• the secret value rotated without the workflow updating
• the token can read one repo but not the image path being used

Fix steps

1. Verify the registry username, token, or password configured in CI secrets.

2. Ensure the registry login step runs before any docker pull or docker push command.

3. Confirm the token has the correct repository scope for the image being accessed.

4. Validate the same credential locally:

   docker login <registry>
   

Validation

• Re-run the registry login step.
• Confirm the pull or push completes without authentication required.
• If you changed secret wiring, run one full CI job after rotating the credential.

Why it matters

Registry auth failures block both build-time pulls and deploy-time pushes, so one bad credential can stop the whole pipeline.

Try it locally

docker login <registry>
docker login <registry>

How Faultline detects it

Use faultline explain docker-auth to see the full playbook.

faultline analyze build.log
faultline explain docker-auth

Generated from playbooks/bundled/log/auth/docker-auth.yaml. Do not edit directly.