Skip to content
Latchkey

GoReleaser "failed to build/push docker image" in CI

GoReleaser builds and pushes Docker images as part of the release. A push fails with a denied or unauthorized error when the runner is not logged in to the target registry, or the build fails when the Dockerfile context is wrong.

What this error means

GoReleaser fails at the docker step with "failed to push docker image" and "denied: requested access to the resource is denied" or "unauthorized: authentication required".

Terminal
  ⨯ docker build/push failed  error=failed to push acme/app:v1.2.3:
  denied: requested access to the resource is denied

Common causes

The runner is not logged in to the registry

Without a prior docker login (or docker/login-action), the push is unauthenticated and the registry denies it.

A wrong image name or build context

A mismatched repository name or a Dockerfile that cannot find the built binary fails the build or push.

How to fix it

Log in to the registry before GoReleaser

  1. Add a docker/login-action step for the target registry.
  2. Use a token or password from secrets, not a hardcoded credential.
  3. Run GoReleaser after login so the push is authenticated.
.github/workflows/release.yml
- uses: docker/login-action@v3
  with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ secrets.GITHUB_TOKEN }}

Verify the image reference and context

Ensure the docker config image template matches the registry namespace you are authorized to push to.

.goreleaser.yaml
dockers:
  - image_templates:
      - "ghcr.io/acme/app:{{ .Version }}"

How to prevent it

  • Log in to every target registry before running GoReleaser.
  • Keep registry credentials in secrets and inject at runtime.
  • Match image templates to registries you can push to.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →