Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

GHCR support

See original GitHub issue

As GitHub docs say:

The GitHub Packages Docker registry will be superseded by GitHub Container Registry.

There is migration guide.

I tried to add registry: ghcr.io in Docker Hub config but got:

Error response from daemon: Get https://ghcr.io/v2/: denied

It would be great to find out what migration steps for build-push-action are too!

Issue Analytics

State:
Created 3 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

3reactions

zoredcommented, Sep 2, 2020

Thank you!

Here is my working sample of Github Actions build-and-push.yaml for GHCR that is based on WIP branch and works smoothly.

name: ci
on: push
jobs:
  build:
    name: ci
    runs-on: ubuntu-latest
    steps:
      - id: prep
        if: "startsWith(github.ref, 'refs/tags/v')"
        run: |
          echo ::set-output name=tags::ghcr.io/zored/sample:${GITHUB_REF#refs/tags/v}
      - uses: docker/setup-qemu-action@master
        if: "startsWith(github.ref, 'refs/tags/v')"
        with:
          platforms: all
      - id: buildx
        uses: docker/setup-buildx-action@master
        with:
          install: true
      - uses: docker/login-action@v1
        if: "startsWith(github.ref, 'refs/tags/v')"
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.CR_PAT }} # - must be in GitHub Secrets!
      - uses: docker/build-push-action@v2-build-push
        if: "startsWith(github.ref, 'refs/tags/v')"
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./docker/image/app/Dockerfile
          tags: ${{ steps.prep.outputs.tags }}
          push: ${{ github.event_name != 'pull_request' }}
          platforms: linux/amd64,linux/arm64,linux/386
          secrets: |
            GIT_AUTH_TOKEN=${{ github.token }}

Looking forward for stable v2!

3reactions

bonifaidocommented, Sep 2, 2020

I made it work according to the GHCR migration guide https://docs.github.com/en/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#updating-your-github-actions-workflow

The useful part is, that GITHUB_TOKEN doesn’t work with ghcr.io, you have to use a Personal Access Token with registry scope:

Add your new container registry authentication personal access token (PAT) as a GitHub Actions secret. GitHub Container Registry does not support using GITHUB_TOKEN for your PAT so you must use a different custom variable, such as CR_PAT. For more information, see “Creating and storing encrypted secrets.”

Top Results From Across the Web

Working with the Container registry - GitHub Docs

To authenticate to the Container registry ( ghcr.io ) within a GitHub Actions workflow, ... Some GitHub Packages registries support granular permissions.

Docker Support for the New GitHub Container Registry

Found at ghcr.io , the new GitHub registry adds support for anonymous pulls and decouples git repositories permissions from container ...

GitHub Packages Container registry is generally available

Clean starter workflows to publish directly to Container registry at ghcr.io. A new home for your Docker containers. As a part of Container ......

Checking in on GitHub Container Registry - Atomist Blog

GitHub recently transitioned its support for container images from its original offering called Docker registry to a new one called GitHub ...

The Ultimate Manual for GitHub Container Registry - Nira

Using the CLI for your container type, sign in to the Container registry service at ghcr.io. $ echo $CR_PAT | docker login ghcr.io...